New · Entra Verified ID + Face Check
The next enterprise breach
starts with a phone call.
Fctr verifies callers both ways—before anyone acts.
Helpdesks verify employee callers before resets and other sensitive actions. Employees verify callers claiming to be IT support. Both use factors already enrolled in Entra ID or Okta. Verification does not depend on what the caller says or sounds like—even during vishing or AI-cloned voice attacks.
Voice phishing is now the #2 observed initial intrusion vector.
ShinyHunters campaigns use social engineering to impersonate both sides of support: employees calling helpdesks and IT calling employees.
Entra ID and Okta secure application access. Fctr secures sensitive support actions.
Before an agent resets a password, unlocks an account, or starts recovery, Fctr verifies the employee using an enrolled factor, then allows the agent to proceed only with actions permitted by role and policy. It complements the identity provider without another authenticator or a separate workforce directory.
-
01
Directory lookupAUTHORITATIVE DIRECTORY
Confirm an active employee record and display live profile details.
-
02
Factor verificationORGANIZATION-MANAGED FACTOR
Verify the caller through an enrolled factor managed by the organization.
-
03
Action authorizationONE TARGET · ONE ACTION
Allow only actions permitted by policy and the agent’s assigned role.
-
04
Audit recordAUDIT-READY EVIDENCE
Record a PII-masked audit trail of the verification, authorized action, and outcome.
Verify callers with the factors your workforce already uses.
Fctr verifies the caller using an existing Entra ID or Okta enrollment, then returns the result directly to the support workflow.
Microsoft Authenticator
Uses the employee’s current Entra enrollment
Okta Identity CloudOkta Verify
Uses the employee’s current Okta enrollment
Verified ID + Face Check
Applied when organizational policy requires it
Is this really IT?
Your support agent is ready to verify this call before it continues.
04Verification, both ways
Vishing works both ways. Verification should too.
Attackers call helpdesks pretending to be employees—and call employees pretending to be IT. Fctr lets employees require an IT caller to complete an organization-managed enrolled-factor challenge before the support conversation continues.
- 01IT starts verification from the active support session.
- 02The IT caller completes a challenge through their enrolled factor.
- 03Both sides see the result before the call continues.
No workforce PII persisted. Every decision connected.
Fctr retrieves only what the active support session needs and does not persist customer workforce PII or identity profiles. PII-masked audit evidence connects the actor, factor, policy, action, and outcome. Review the public assurance overview.
Pricing for the way your team works.
Simple, predictable pricing for Fctr Portal, Fctr Verify, or both.
- ✓Enrolled-factor caller verification
- ✓Live identity data, groups, apps & devices
- ✓Account actions — reset, unlock, suspend
- ✓5-tier RBAC, PII shielding & audit evidence
- +Add Fctr Verify — $10,000/year per integration
- ✓Sandbox environment for setup and integration testing
- ✓Enrolled-factor verification in an existing support workflow
- ✓Predictable annual pricing—not user-based or per-verification
- +Additional integrations — $10,000/year each
For larger deployments or advanced compliance needs.
- ✓Custom connectors and implementation support
- ✓Dedicated deployment options
- ✓Premium support and SLA options
- ✓Complex multi-environment planning
Common questions
The answers buyers need before a pilot.
We already use Okta or Microsoft Entra ID. Why do we need Fctr?
Entra ID and Okta secure application access. Fctr adds enrolled-factor verification and policy enforcement before sensitive support actions. Agents work in Fctr Portal or use Fctr Verify through customer-deployed integrations—without returning to the provider’s admin console for each workflow.
Why does Microsoft Authenticator Push support matter?
Fctr supports Microsoft Authenticator Push and TOTP for Entra ID users, so helpdesks can verify employees with a factor they already use without introducing another application or enrollment campaign.
What data does Fctr access from our identity provider?
Fctr uses scoped API access to retrieve the identity context needed for an active support session. It avoids building a persistent identity directory, keeps operational records minimized, and masks personal data in audit evidence. Every session is authenticated through the organization’s identity provider.
How is Fctr deployed and integrated?
Organizations can connect a pilot to Okta or Entra ID with scoped tokens or OAuth 2.0, then use the browser-based, cloud-hosted Fctr Portal or Fctr Verify through a customer-deployed integration or the External Verification API. A pilot can begin in hours; rollout timing depends on integration, policy, and change-management requirements.
How are Fctr Portal and Fctr Verify priced?
Fctr Portal starts at $200 per agent per month with a five-agent minimum. Fctr Portal customers add Fctr Verify integrations for $10,000 per year each. Teams without Portal can license Fctr Verify for $25,000 per year with one integration included; additional integrations are $10,000 per year each. Fctr Verify uses predictable annual pricing rather than user-based or per-verification pricing.
Does Fctr detect AI voice cloning or deepfakes?
Fctr does not attempt to classify a voice as human or synthetic. It requires organization-managed enrolled-factor verification before a sensitive support action, so the decision is based on factor evidence and policy rather than voice authenticity alone.
How do employees verify callers claiming to be IT support?
IT starts verification from the active support session. The IT caller completes a challenge through their enrolled factor, and both sides receive the result before the conversation continues or any sensitive action is taken.
Close the helpdesk path to account takeover.
Replace security questions with enrolled-factor verification before sensitive support actions—without giving helpdesk agents standing admin rights.
Free 60-day pilot available after the demo · No credit card required

