Secure user verification at the service desk
Contact UsEmployee password resets continue to drive a big volume of the service desk tickets. Aside from draining IT resources, they also introduce a security vulnerability to your business. Can your service desk verify that a user is really who they say they are before resetting their password, and granting them access to an account?
User verification at the service desk primarily relies on knowledge-based questions using static Active Directory information, with “what is your employee ID?” as the most common verification question. Unfortunately, this form of user verification does very little to validate the user. Without the tools in place to enforce and track user verification at the service desk, your business could face non-compliance.
Specops Secure Service Desk increases security with stronger authentication methods that minimize the risk for user impersonation. Identity verification options range from mobile or email verification codes, to commercial authentication providers such as Duo Security, Okta, Symantec VIP, PingID and YubiKey. All of the supported identity services go beyond the knowledge-based “something you know” method by requiring “something you have” such as the possession of a device.
Features
Duo Security Helpdesk Push | Specops Secure Service Desk | |
---|---|---|
Service desk interface for user verification | Yes (Duo Push) | Yes (multiple authentication options, including Duo Security, Okta, PingID and Yubikey) |
Service desk assisted password resets | No | Yes |
User verification enforcement | No | Yes |
User verification tracking | Yes (push verification approved, or push verification failed) | Yes (details who was verified, for what use case, and by who) |
How does it work?
Specops Secure Service Desk is natively integrated with Active Directory. Configuration of the system is done using Group Policy, without introducing added complexity to your environment. This means that no external database is required to store password related information. User data is stored directly in Group Policy user objects, minimizing security risk while ensuring inherent real-time password provisioning.
What does it look like?
The solution interface allows service desk agents to view user details and perform the following actions:
- Manage user enrollments
- Reset Active Directory passwords
- Recovery encryption keys for lockouts triggered by BitLocker or Symantec Endpoint Encryption.
The above actions can be secured by enabling user verification enforcement. When this feature is turned on, the agent will need to successfully verify the user’s identity before being able to complete any of these high-risk actions.
User verification can be tracked within the solution via detailed audit logs.
The solution also provides a reporting dashboard that reflects verification data across multiple uses cases. This data can also be exported to JSON or XSLX for further processing.
Why customers choose Specops
Delivers on its promise
“Specops Secure Service Desk delivers on its promise. It helps organizations enforce secure user verification through stronger authentication methods.”
– Techgenix review by Nuno Mota, Microsoft Exchange, MVP
Exponentially more difficult for an attacker
“It provides the means for service desk technicians to effectively verify the identity of a supposed end user who requests a password reset. This should make it exponentially more difficult for an attacker looking to perform a social engineering or other type of attack to steal credentials.”
– 4sysops review by Brandon Lee, Senior Editor at Virtualizationhowto.com
Get a Demo of Specops Secure Service Desk
Interested in seeing how Specops Secure Service Desk can work in your environment? Click here to set up a demo or trial today.