SCOTTSDALE, Ariz., [June 29, 2026]. Trusona, the leader in Identity Impersonation Detection (IID), today announced ATO Protect for ServiceNow, an integration that puts identity verification inside the ServiceNow ticket where help desk agents already work. When a caller asks to reset MFA, reset a password, or recover account access, the agent triggers an identity check from the open incident and reads the risk decision from the Operations Workspace.
Most account takeovers never break authentication. Someone talks a help desk agent into resetting it. Industry threat reporting has tied groups such as Scattered Spider and ShinyHunters to breaches at major enterprises that began with one phone call, an attacker who had an employee’s name and ID number and a cloned voice, asking for a reset. ATO Protect for ServiceNow is built to make that call a dead end.
ATO Protect does not require pre-registration or a mobile app. It works in the browser, even with first-time callers, and no personal data is stored once the identity check is complete.
A valid ticket is not a verified person
ServiceNow runs the help desk workflow well. It was never built to prove the caller is who they claim to be. Knowledge-based questions and an agent’s read on whether someone “sounds right” were not built to stop a cloned voice paired with employee details an attacker can pull off LinkedIn.
ATO Protect moves the proof off the call. Rather than asking the caller to recite information that can be found or faked, the agent sends the employee a verification link by SMS or email. The real employee opens it and confirms, and a caller controlling the audio on the line has no way to stand in for them. A persuasive voice no longer gets the caller in.
How it works, inside the ticket
The whole exchange happens where the agent already is. There is no second console and no copying data between systems:
- Agent picks up. A caller requests an MFA reset, a password reset, or account access, and a ticket is open.
- Agent triggers the check. From the ticket, the agent sends an identity check to the employee as a link by SMS or email. No app, no prior enrollment.
- The real person verifies. The employee completes the check in their browser. Knowing the answers is no longer enough, because the attacker is not the one being asked.
- Risk decision lands in the Operations Workspace. ATO Protect writes the result back, so the agent has a clear, logged basis to act.
- The agent sees the full picture. Risk factors and the details of the caller’s identity show up in the same interface, so the agent does not have to judge the call on instinct.
“Security teams have spent years hardening every layer of the stack, and then the help desk gets a phone call and hands the keys over. The problem was never the agent. It was asking a person to detect a fake under pressure. We move the verification to the real employee, somewhere the caller on the line cannot reach, and we put it right inside ServiceNow so nothing changes about how agents work.”
Ori Eisen, Founder & CEO, Trusona
Live in under 30 minutes, with no PII stored
Because the integration adds a step to a process agents already run, rather than rebuilding anything in ServiceNow, teams can be live in under 30 minutes. Install and configure the app, and the check is available. Admins control which agents can use ATO Protect through group ACL, so an identity check does not have to cost extra handle time. And because Trusona retains nothing sensitive once the check is done, security teams get verification without new exposure.
Availability
ATO Protect for ServiceNow is available now in the ServiceNow Store. Teams can start free in the Trusona portal or request API access for a guided setup. Full details are at trusona.com/ato-protect-servicenow.
About Trusona
Trusona is the leader in Identity Impersonation Detection, focused on stopping account takeover across the enterprise. Its ATO Protect platform verifies the people behind high-risk requests, whether that is an IT help desk reset or a finance approval, so attacks like social engineering, vishing, and business email compromise have nowhere to land. Learn more at trusona.com.
Get Started Today.