Home/Products/IVM

Identity Verification Manager

Every auth strategy
has exceptions.
That's where attackers live.

Passwords. Passkeys. Passwordless. MFA. No matter how advanced your authentication strategy, someone will call your helpdesk — locked out, lost device, new phone. At that moment, how do you know who's really on the line? IVM builds the mutual trust that makes every exception secure.

Book a Demo Get in Touch
$100M+
MGM breach cost via helpdesk social engineering
50%
Faster verification than manual methods
100%
Calls logged with full audit trail
1 day
Time to PoC deployment

The Exception Problem

Your auth strategy is only as strong as its weakest exception

Every modern authentication method is strong — until it isn't. Every one of them produces exceptions. And every exception ends up at the same place: your helpdesk.

Passwords + MFA
Standard. Widely deployed. Enforced.
Lost phone. New device. Authenticator app deleted.
Passwordless
No password to steal. Phishing resistant.
Device lost. Certificate expired. Enrolment failed.
Passkeys
FIDO2. Biometric. Hardware-bound.
New phone. Hardware damaged. No backup device.
SSO / Federation
Single sign-on. Centralised identity.
Federation down. Root account locked. Break-glass needed.
All exceptions land at: your helpdesk
The human gap. Your firewalls, MFA, and zero-trust infrastructure all stop at the phone call. The moment a user says "I can't log in" to a helpdesk agent, your entire tech stack is bypassed. An attacker only needs to sound convincing for 90 seconds.

Mutual Trust

Trust goes both ways on a helpdesk call

IVM isn't just about the agent trusting the caller. A good verification system also gives the caller confidence that their identity is being handled fairly, consistently, and securely.

Agent trusts the caller
Is this really who they say they are?
  • Dynamic, multi-factor verification removes the judgment call from the agent
  • Contextual signals flag anomalies the agent would never catch
  • Live OTP or push challenge proves device ownership in real time
  • Corporate data cross-check confirms organisational identity
  • Suspicious patterns trigger automatic escalation
IVM
Mutual
Trust
Caller trusts the process
Will I be treated fairly and consistently?
  • Same structured process every time — no agent discretion, no shortcuts
  • Clear steps the user can anticipate and prepare for
  • Verification is fast when legitimate — no unnecessary friction
  • Every interaction logged — full recourse if something goes wrong
  • No personal data shared with the agent beyond what's needed

How It Works

IVM controls the process.
The agent just follows it.

The critical shift: IVM doesn't help agents decide how to verify callers. It controls the entire verification workflow. The agent assists IVM — not the other way around. Judgment is removed from the equation.

Call Arrives
IVM launches automatically inside the ITSM interface based on ticket category
Risk Check
System checks contextual signals — location, device, login patterns, time anomalies
Verification Steps
Agent is guided through required steps. Points accumulate per successful factor
Threshold Met
System releases the permitted action only when the point threshold is reached
Auto-Logged
Complete verification trail written to the ITSM ticket automatically — no agent action needed

Verification Methods

Layers an attacker can't fake in combination

Each method alone can be researched, stolen, or guessed. Combined and configured per user group, they become practically impossible to defeat simultaneously.

Personal

Personal Identity Verification

Employee ID, date of birth, national ID, badge number, or custom fields from HR or AD. An attacker might know the user's name. They probably don't know their payroll number and hire date simultaneously.

Organisational

Company Data Verification

Manager name, department, cost centre, office location — pulled from your own systems. Validates insider knowledge consistent with the claimed identity within your specific organisation.

Contextual

Contextual Signal Verification

Last known workstation, typical login times, device identity, location patterns. Flags anomalies instantly. Calling from a different city than yesterday? IVM notices. The agent wouldn't.

Dynamic

Live Challenge Verification

OTP push, SMS code, MFA integration (Microsoft Authenticator, Okta, Duo, RSA). Even an attacker with all of the caller's personal details cannot intercept a live challenge sent to the real user's device.

Point-accumulation model. IVM doesn't pass or fail on a single factor. Each successful verification step adds points toward a configurable threshold. The action is only released when the threshold is met — giving flexibility without compromising security. Miss one step? Add another..

Configurable Assurance

Different users. Different risk. Different verification.

A standard employee unlocking their AD account does not require the same level of proof as an IT admin recovering a privileged SAP credential. IVM lets you define exactly what each scenario demands.

Ships with three pre-built templates — basic, standard, and high-security. Customise from there per department, role, request type, or risk signal. Unlimited workflow variations.

  • Per-group configuration — Different requirements for Finance, IT, HR, Operations
  • Per-request-type rules — Account unlock vs. password reset vs. privileged access recovery
  • Fallback flows — Secure path when standard MFA is unavailable (lost device, new phone)
  • Risk-based escalation — Anomalous signals automatically trigger higher assurance requirements
  • Manager approval workflows — Route sensitive requests for managerial sign-off before action is taken
Assurance tier selector
BasicPIN · Security Q&A
ACTIVE
StandardOTP · ID lookup
High SecurityBiometric · Smart card

ITSM Integration

Embedded in every tool your agents already use

IVM surfaces inside your existing ITSM platform — no context switching, no second screen. The agent never leaves their queue. Verification launches automatically when a ticket is opened, runs within the interface, and logs to the ticket on completion.

  • ServiceNow — Certified, in the ServiceNow Store. Embedded in incident and service request workflows
  • HaloITSM — IVM creates custom buttons and business logic for seamless integration
  • Jira Service Management — IVM injects directly into the ticket details
  • ManageEngine, Zendesk, TOPdesk, Ivanti, BMC Remedy, etc. — Supported via standard API connectors
ServiceNow · INC0042891
Caller
Thabo Nkosi · IT Support
Identity verification
Employee ID matched
OTP verified via mobile
StatusVERIFIED

Audit & Compliance

Every call. Every step. Unalterable record.

IVM maintains a complete, tamper-evident log of every verification interaction — who called, what was verified, which agent handled it, what signals were present, and what action was taken - and updates that detail into each ticket/incident/service request.

📊
Verification Analytics
Track pass rates, failure points, friction by step, and agent override frequency — to tune your assurance configuration without guessing.
📋
Compliance Reporting
Export detailed verification logs for NIS2, SOC 2, HIPAA, ISO 27001, and POPIA. Demonstrate that every helpdesk interaction follows a documented, auditable identity process.
🔧
Suspicious Call Alerts
Automatically flag calls with multiple failed steps, unusual contextual signals, or agent process overrides — before they become incidents.

FAQ

Common questions

Because exceptions still happen. A user loses their hardware key, gets a new phone, has a damaged fingerprint sensor, or is onboarding a new device. In every case, they call the helpdesk. That call is your exposure — regardless of how strong your primary auth method is. IVM secures the exception path that every auth strategy produces.
Training teaches agents what to do. IVM removes the choice. A trained agent under pressure, with a queue of calls and an urgent caller, may still skip a step. IVM controls the process — the agent cannot proceed without completing each required step. The action is only released by the system, not by the agent's judgment.
IVM supports configurable fallback flows for exactly this scenario. When standard MFA is unavailable, the system can route through alternative paths — corporate data verification, manager approval, in-person validation, or a temporary access pass with elevated audit logging. The user gets access. The process remains controlled and documented.
Yes. IVM supports unlimited workflow variations. A standard account unlock for a general staff member can require one or two factors. An IT admin recovering a privileged credential can require multi-factor + manager approval + anomaly check. Three pre-built templates (basic, standard, high-security) ship out of the box — customise from there per group, role, or request type.
No. IVM integrates into your existing ITSM platform — ServiceNow, Jira, ManageEngine, Zendesk, or others. Agents work in the same interface they always have. IVM is embedded within it, triggering automatically and logging results back to the ticket without any additional steps from the agent.
IVM supports a wide range of factors — push and one-time codes via Microsoft, Okta, Duo, RSA, and other MFA providers, plus email, SMS, challenge-response questions, smart cards, TOTP, and temporary access tokens. Different user groups can be given different verification requirements, and both incoming and outgoing caller identity can be verified.

Close the human gap.

Every auth strategy has exceptions. Every exception is a potential attack. Book a demo and see how IVM builds mutual trust on every helpdesk call — regardless of how your organisation authenticates.

Book a Demo Contact Sales