Explore authentication factors for AI voice agents

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:6分

    • Authentication factors are the elements used for caller identification and authentication. In secure voice agent environments, the process begins with identifying the caller, followed by authenticating their identity before granting access. A robust security strategy combines multiple factors to confirm that only authorized users interact with AI voice agents.

    When configuring an AI voice service to support natural, conversational exchanges, it’s crucial to select authentication factors that reliably verify a user's identity. Caller access to specific voice agents is determined by the authentication types and methods configured by the administrator.

    In this context, two categories of authentication mechanisms are supported:

    Single-factor authentication

    Single-factor authentication requires the user to confirm the identity through a single verification method. Within the ServiceNow AI Platform voice agent configuration, you can select from three supported authentication factors:

    • Knowledge-based authentication (KBA)
    • Soft PIN
    • Time-based one-time Password (TOTP)

    Each method offers a distinct approach to user verification, enabling for secure access tailored to the needs of the service.

    Multi-factor authentication

    Multi-factor authentication (MFA) requires users to verify their identity with two methods, such as a PIN and an authenticator app code. This approach enhances security and user confidence by making accounts and voice services harder for attackers to compromise.

    • Primary factor: Initial verification method (such as Soft PIN, TOTP).
    • Secondary factor: An additional verification method that strengthens security (such as sending push notifications through Okta Verify).
      注:
      Multi-factor authentication is selected as the primary factor by default, you can change the default behavior by setting the glide.voice.authenticate.mfa_mandatory property to false.

    Overview of the supported authentication factors

    Time-based one-time password (TOTP) authentication
    • TOTP is a temporary numeric code generated by apps like Okta Verify on the user's registered device.
    • TOTP is recommended for users needing stronger protection, as codes are generated locally and are resistant to interception.
    Push notification - Okta Verify
    • Users approve authentication requests via a push notification on their registered mobile device.
    • The factor is fast, convenient, and offers high security as a second factor, but requires an internet connection and secure device management.
    SoftPIN authentication
    • Soft PIN is a 6-digit personal numeric the user is enrolled.
    • The factor is suitable for verifying returning users in low-risk, self-service scenarios. It’s quick to use and device-independent but can be vulnerable to observation or reuse.
    SMS One-time passcode (OTP) authentication
    • SMS OTP is a temporary numeric code sent to the user's registered mobile phone.
    • SMS OTP is easy to deploy and familiar. However, it’s susceptible to SIM-swapping and delivery issues and shouldn’t be the only factor for critical operations.
    Knowledge-based authentication (Security Questions)
    • Knowledge-based authentication (KBA) are pre-set security questions configured by the admin, such as “What are the last four digits of your SSN?
    • Mostly used for low-risk operations, KBA requires no additional device but isn’t secure and shouldn’t standalone for sensitive actions.

    To learn more about voice service and how to create them, see Create an AI voice assistant.