Authenticating that we are talking to the actual customer

Sam_A_Martin
Contributor
May 2, 2024

In an MSP enviroment with hundreds if not thousands of end-users from differnt clients it can be hard to confirm that you are speaking to the actual customer.  And becasue we are tighting our security and implementing new SOP that address this.  I was wondering if there is a feature or way in JSM that we can confirm through 2fa or some other method that the person who has called in, is the person in the ticket, or the person wanting to create a ticket.

For example.

Call queue rings, tech asnewrs, they say they are Mr. Jones, from such and such company, how do we confirm it's actually them?

And is this a probelm that Jira Service Managemnt has a solution for, or does anyone have ideas?

Thank you

1 comment

Comment

Log in or Sign up to comment
George Abdo May 2, 2024

We tend to get around that by asking the users to log a ticket first through the portal and then calling for an update or whatever referencing the ticket number.

Sam_A_Martin
Contributor
December 14, 2024

@George Abdo I completely agree, and the SSO, or MFA protection of JSM and Atlassian is great, and the amount of security we have over the portals is excellent.   What happens when you have a customers who cannot log into their workstation, and say they are working from home, so they cannot have a colleague open the ticket for them.  Its been 6 moths since I proposed this is issue for MSPs to the communicate and I feel like Socially Engineered Hacking attacks are on the rise.  How do you suggest you authenticate that the person you are speaking with, if the request or incident is first reported to a technician  via phone?

TAGS
AUG Leaders

Atlassian Community Events