🛠️ Validate My Call — Admin & MSP Technician Guide

This guide is for administrators, security teams, and MSP support technicians. It explains how to verify callers, manage user accounts, reset MFA, and maintain a safe identity-verification workflow.

🔐 Admin Portal Access

MSP staff access the verification portal through a protected page such as:
/call-verify-admin

You can restrict access with:

  • Custom WordPress user roles
  • SureMembers access rules
  • Backend-only admin permissions

🔎 Verifying a Caller

During a live call:

  • Ask for the user’s:
    • Email address
    • Username
    • Or user ID
  • Search for the user in the admin lookup tool.
  • Confirm the details match the caller.
  • Ask for their 6-digit Validate My Call code.
  • Enter that code into the verification box.

Results:

  • PASS (Green) — Caller is verified
  • FAIL (Red) — Code invalid; caller NOT verified

📋 Editing User Contact Details

Admins can update user records to improve accuracy and searchability:

  • Name
  • Company
  • Company ID
  • Email
  • Phone

♻️ Resetting or Disabling MFA

Admins can:

  • Disable MFA — Prevent the user from passing validation
  • Reset MFA — Wipe the TOTP secret and require the user to set up again
  • Clear contact details for re-onboarding

🧱 Permissions & Role Recommendations

  • Administrator — Full control
  • Support Admin — Edit users + verify callers
  • MFA Verifier — Verify callers only

For maximum security, only a small group should have verification access.

Scroll to Top