IVR Options

Users who experience a login problem can dial an interactive voice response (IVR) system with any telephone and reset a forgotten or locked password or PIN, clear an intruder lockout or resolve a problem pre-boot or with a hardware token. There are several options for identifying callers, including touch-tone input of login IDs or speech-to text. Similarly, there are several options for authenticating callers, including touch-tone or text-to-speech input of answers to security questions, voice biometrics and input of a PIN sent via SMS to a user's mobile phone.

The call flow in an existing IVR system can be extended to handle this type of self-service, integrating with Hitachi ID Password Manager via its API to access user profiles and initiate self-service operations. Alternately, relevant calls can be rerouted to Hitachi ID Telephone Password Manager, which can handle the entire call flow itself. Telephone Password Manager is an included, self-contained IVR system designed for use with Password Manager.

Note that there are some types of problems that cannot (physically) be resolved via a phone call. In particular, an IVR system cannot update any locally cached passwords on the user's device. For users who forgot their locally cached OS login password and are off-site, a self-service mechanism launched from the OS login screen is required.

IVR Network Architecture

This is implemented on the network with the following components:

Telephone access (IVR) architecture

Telephone access (IVR) architecture

Telephone Password Manager Installation Prerequisites

End user licenses of Password Manager 7.0 and later include the Telephone Password Manager module at no additional charge. Telephone Password Manager is a software solution which allows users to reset passwords and token PINs using a telephone.

To implement Telephone Password Manager, Hitachi ID Systems customers must provide:

  1. A Windows server where Telephone Password Manager will be installed. This can be the same server as the main Password Manager software or a similarly sized stand-alone server.

    Hardware configuration for this server and other runtime requirements are described at:

    https://Hitachi-ID.com/technology/server-hardware.html

  2. A Dialogic telephony board and/or software module suitable for the organization's PBX solution and sizing needs. This may be one of the following:

    1. Dialogic hardware for digital telephone systems, as described at:

      http://www.dialogic.com/en/products/media/jct/d42jct-u.aspx

    2. Dialogic hardware for analog telephone systems, as described at:

      http://www.dialogic.com/en/products/media/jct/d120jct.aspx

    3. Dialogic software for Voice over IP (VoIP) phone systems, as described at

      https://www.dialogic.com/hmp-software

  3. At least a one-year support contract from Dialogic or its reseller(s) for the solution selected above, as described at:

    https://www.dialogic.com/services

Note that it is Hitachi ID' recommendation that customers select the VoIP HMP option if possible, as it is less expensive, easier to maintain and does not require any hardware.


Watch a Movie

User unlocks Windows password with self-service telephone call


Content:

  • User locks out Windows login password.
  • User accesses self-service password reset via telephone.
  • User enters his network login ID using touch-tone input.
  • User gives numeric answers to security questions.
  • User selects one of several random password.
  • User signs into Windows with the new password.

Key concepts:

  • Access to self-service password reset despite being locked out of Windows.
  • User interaction via telephone, no client footprint.