Secure user verification at the service deskContact Us
Employee password resets continue to drive a big volume of the service desk tickets. Aside from draining IT resources, they also introduce a security vulnerability to your business. Can your service desk verify that a user is really who they say they are before resetting their password, and granting them access to an account?
User verification at the service desk primarily relies on knowledge-based questions using static Active Directory information, with the most common question being ‘what is your employee ID?’. Unfortunately, this form of user verification does very little to validate the user. Without the tools in place to enforce and track user verification at the service desk your business could face non-compliance.
Specops Secure Service Desk increases security with stronger authentication methods that minimize the risk for user impersonation. Identity verification options range from mobile or email verification codes, to commercial providers such as Duo Security or Okta Verify. All of the supported identity services go beyond the knowledge-based “something you know” method by requiring “something you have” such as the possession of a device.
|Duo Security Helpdesk Push||Specops Secure Service Desk|
|Service desk interface for user verification||Yes (Duo Push)||Yes (Multiple authentication options, including Duo Security, and Okta Verify)|
|Service desk assisted password resets||No||Yes|
|User verification enforcement||No||Yes|
|User verification tracking||Yes (push verification approved, or push verification failed)||Yes (details who was verified, for what use case, and by who)|
How does it work?
Specops Secure Service Desk is natively integrated with Active Directory. Configuration of the system is done using Group Policy, without introducing added complexity to your environment. This means that no external database is required to store password related information. User data is stored directly in Group Policy user objects, minimizing security risk while ensuring inherent real-time password provisioning.
What does it look like?
The solution interface allows service desk agents to view user details and perform the following actions:
- Manage user enrollments
- Reset Active Directory passwords
- Recover encryption keys for lockouts triggered by BitLocker or Symantec Endpoint Encryption
The above actions can be secured by enabling user verification enforcement. When this feature is turned on, the agent will need to successfully verify the user’s identity before being able to complete any of these high-risk actions.
User verification can be tracked within the solution via detailed audit logs.
The solution also provides a reporting dashboard that reflects verification data across multiple use cases. This data can also be exported to JSON or XSLX for further processing.