Verify helpdesk caller identity

This topic describes how to mitigate user identity fraud for helpdesk interactions using a one-time passcode (OTP) verification process, thus adding an extra layer of identity security. The verification process requires the helpdesk to send an SMS message with an OTP to an end user's mobile phone. If the OTP that the helpdesk sent matches the one from the end user, then the verification process is successful.

For example, if a user calls the helpdesk with a problem, the helpdesk sends an SMS with an OTP to the mobile phone on record in the Identity Administration portal for that user. The user then repeats the OTP back to the helpdesk for verification. If the OTP from the user matches the one sent, verifying the user's identity, the helpdesk can proceed with helping the user.

The following diagram shows the general workflow between the end user and the helpdesk.

Prerequisites

Verify that you have the following prerequisites before performing the user verification process:

  • A valid mobile phone number entered into the Identity Administration portal end user data.

    The mobile phone number is configured in the Identity Administration portal > Core Services > Users.

  • Admin user in a role with the Identity Verification Administrative Right (see Create roles).

    The end user/caller also needs to have the mobile phone on record in the Identity Administration portal to receive the SMS message for caller verification.

Send a one-time passcode to verify caller identity

Before performing the user verification process, make sure you are added to a role that has the Identity Verification Administrative right.

To verify caller identity using a one-time passcode

  1. Log in to Identity Administration portal and click Core Services > Users.

  2. Select the user and then select Identity Verification from the Actions menu.

  3. At the message, Send a One Time Passcode to user, click Yes.

  4. Once the caller receives the text message on their mobile phone, ask the user for the OTP and enter it in the text box provided, and then click Verify.

  5. Review the results. The following results are possible:

    OTP verification result

    Description
    OTP is correct User verification is successful.
    OTP expired Repeat the user verification process.
    OTP from user doesn't match User verification failed.

Create a CyberArk Cloud Directory user

Identity Administration portal administrative rights