Home/Products/Helpdesk Module

Helpdesk Module

Internal support teams.
Fast resets. No AD access.
Full audit trail.

The MyPass Helpdesk Module is built for internal quick-support scenarios — IT teams, school teachers, departmental administrators — anyone who needs to reset a password or unlock an account without direct access to Active Directory. One central, audited tool that abstracts the account from the underlying system.

Book a Demo External callers? Use IVM →
69%
of IT departments report vishing attempts targeting the helpdesk
$9.4M
Average US data breach cost — many start at the service desk
$0.50
Per user/month — cost of structured verification vs. breach exposure
0
AD access required for support agents using the Helpdesk Module

Two Scenarios. Two Tools.

Know which solution fits your use case

MyPass has two distinct tools for helpdesk identity scenarios. The Helpdesk Module is for internal quick-support. For inbound external callers and full ITSM-embedded verification, IVM is the right choice.

This page · Internal Support
Helpdesk Module
For internal support teams who need to reset passwords and unlock accounts without touching AD directly. Teachers resetting a student account. IT team unlocking a colleague. Departmental admins supporting their floor. Fast, abstracted, audited.
  • No AD access required for support staff
  • Centralised, audited reset console
  • Role-based access — only accounts in scope visible
  • Works across AD, SAP, Oracle, IBM and more
External Callers · ITSM-Integrated
Identity Verification Manager (IVM)
For inbound calls from external users or employees calling the service desk. IVM embeds structured verification directly in ServiceNow, Jira, Zendesk, and other ITSM tools — guided workflow, MFA-backed verification, automatic ticket enrichment.
  • Embedded in 7 ITSM platforms
  • Multi-factor verification — blocks social engineering
  • Automatic audit trail written to ticket
  • Agent cannot bypass — system controls the workflow
Explore IVM →

The Security Problem

The helpdesk is the easiest way into your organisation

Attackers don't need to crack your firewall. They call your helpdesk. They have a name, a manager's name, a recent ticket number — harvested from LinkedIn, data leaks, and org charts. They sound stressed. They sound convincing. Your agent is under queue pressure and wants to help.

69% of IT departments report vishing attempts — voice-based social engineering specifically targeting service desk staff. Traditional verification methods — static security questions, caller ID checks, agent judgment — were not designed to resist this. They fail because agents are human.

The Helpdesk Module removes the dependency on agent judgment. The system controls what can and cannot happen. The agent follows a defined process — and the log shows they did exactly that.

"A hacker calls your service desk. They know your manager's name. They have a recent ticket number. They sound exactly like a frustrated employee. How confident are you in your agent's next decision?"

— FastPassCorp security research

Inbound call analysis
Caller claim
"John Smith, account locked"
Verification result
Employee number not found
OTP challenge failed
Access decisionBLOCKED

What It Does

Account management without AD access

The Helpdesk Module gives support staff a controlled, role-scoped interface to manage accounts and credentials — with no direct directory access and a complete audit trail on every action.

🔑
Password Reset & Unlock

Reset passwords and unlock accounts across AD, SAP, Oracle, IBM, and connected systems — without the support agent needing any directory permissions. MyPass handles the underlying operation centrally.

🎯
Role-Scoped Access

Each support role only sees the accounts within their scope. A teacher sees their class. A floor admin sees their department. IT sees their tier. No access creep. No accidental exposure.

📋
Full Audit Trail

Every reset, every unlock, every action — logged with who, when, what, and why. Tamper-evident records support POPIA compliance, internal audit, and incident investigation.

🏢
Multi-System Coverage

One console covers Active Directory, SAP, Oracle, IBM, and every other connected system configured via Password Sync — the agent never needs to know which underlying system they're working with.

🏫
Education & Distributed Teams

Purpose-built for scenarios where non-IT staff support accounts — teachers in schools, team leaders in call centres, departmental coordinators in large enterprises. No AD training required.

🔒
No Agent-Held Credentials

Agents never see or hold credentials. The system performs the reset and delivers access back to the user directly. Separation of duties enforced by architecture, not policy.

Why Traditional Verification Fails

Security questions are not security

Discoverable
Static security questions answered by publicly available data — LinkedIn, social media, data breach dumps
Spoofable
Caller ID and email headers can be manipulated to appear legitimate — surface-level checks provide false confidence
Inconsistent
Agent judgment varies under pressure. Distributed teams across regions apply different standards — attackers find the weakest link

What Good Looks Like

System-driven. Non-bypassable. Documented.

Effective helpdesk security requires that the workflow — not the agent — controls what happens. NIST, ISO/IEC 27001, PCI DSS, and CISA guidance all point to the same principle: separation of duties means the system issues credentials, not the human handling the call.

  • Enforced workflows — agents cannot skip steps or override verification gates
  • Dynamic validation — real-time checks against live directory data, not static answers
  • Audit-grade logging — structured, timestamped records of every step; supports SOC 2, POPIA
  • Credential separation — agent authorises the action; system executes it; user receives access
System-driven bypass flow
1User self-verifies via MyPass portal
2System validates against AD / HR
3Password reset — no agent involved
Full audit log written automatically

Integrations

Works in the tools your team already uses

The Helpdesk Module integrates with your existing ITSM and directory environment — no new tooling required for agents.

ServiceNow Zendesk Jira Service Management ManageEngine ServiceDesk Plus Ivanti TOPdesk HaloITSM Remedy (BMC)

Need structured caller verification with full ITSM ticket enrichment and MFA-backed workflows?

That's IVM — explore it here →

Audit & Compliance

Every action documented. Every agent covered.

When an incident is investigated, the log shows exactly what happened — who initiated the reset, which verification was completed, what action was taken, and when. The record protects your organisation and protects your support staff.

📊
Full Action Log

Every reset and unlock logged — who, when, which account, which system, what outcome. Tamper-evident and always available for audit.

Exception Alerting

Supervisor alerts on any out-of-scope action or policy deviation. Real-time escalation before problems compound.

📋
Compliance Reports

Exportable reports for POPIA, internal audit, and ISO 27001 controls. Demonstrate a consistent, documented support process across every interaction.

FAQ

Common questions

The Helpdesk Module is for internal quick-support — teachers, IT admins, departmental coordinators who need to reset or unlock accounts without AD access. IVM is for inbound caller verification — embedded in your ITSM tool, with MFA-backed verification workflows and automatic ticket enrichment. If you have external callers or a formal service desk, use IVM.
No. That's the point. The Helpdesk Module abstracts the account from the underlying directory. Agents perform resets and unlocks through MyPass — the system handles the AD operation. Agents never need AD credentials or access.
Yes. Role-based scoping lets you limit each support role to only the accounts relevant to them — a teacher sees their class, a floor admin sees their department. No accidental exposure to accounts outside their remit.
Yes. Any system connected via Password Sync is manageable through the Helpdesk Module. The agent doesn't need to know which underlying system they're working with — one action in the console propagates across all connected platforms.
Yes — education is a primary use case. Teachers can reset student accounts without any IT involvement. The role-scoped design means a teacher only sees their own students. MyPass is used in some of the largest school groups in South Africa.
Every action is logged with a complete, tamper-evident audit trail. You can demonstrate who had access to which accounts, what actions were taken, and when — supporting POPIA accountability requirements and any internal or external audit.

Internal support without AD permissions.

Give your support teams a fast, scoped, fully audited way to manage accounts — without touching Active Directory. Book a demo or explore IVM for your service desk caller verification needs.

Book a Demo Explore IVM →