Skip to content
Veraproof Veraproof Docs

Challenge Overview

Challenge Overview

Challenge provides identity verification workflows for when you need to reach a specific user, confirm their identity, and gather context—such as a justification or explanation—with assurance it’s really them. It also helps defend against impersonation and deepfake attacks in those same scenarios.

What is Challenge?

Challenge helps security and IT teams verify user identity and collect verified context when a workflow requires reaching out to a specific person. Originally built to defend against impersonation and deepfake-enhanced account takeover, Challenge extends that capability into security operations ChatOps: when a SOAR playbook or analyst needs to challenge a user and gather more data from them—such as a reason or justification for suspicious activity—they can do so in Slack with IdP step-up authentication and interactive challenge cards.

Challenge is not a general-purpose alert ChatOps platform. It fits the use case where you need to verify it’s the real user before acting on what they tell you.

When verification isn’t enough—or a challenge fails, a user reports an incident, or other signals in your security workflow indicate risk—Challenge can automatically revoke SaaS app sessions and contain devices through the webhook API or MCP.

Users can be challenged via Slack slash commands and interactive challenge cards, webhook API, or IdP SSO integrations.

Key Features

  • Security ChatOps: When SOAR or your team need verified context from a user, challenge them in Slack with step-up ID verification, interactive challenge cards, and configurable justification capture
  • Slack Integration: Use /challenge slash command or programmatic API to reach a user for identity verification in Slack
  • Webhook API: Create challenges programmatically, receive outcome callbacks, and trigger response actions from SIEM, ITSM, or SOAR playbooks
  • MCP Integration: Let AI agents and SOAR playbooks create challenges, check status, and trigger response actions via OAuth 2.1
  • IdP SSO: SAML 2.0 and OIDC authentication for identity verification
  • Device Fingerprinting: Collects browser, OS, IP address, and other security metadata
  • Session Revocation: Revoke IdP and SaaS sessions across Okta, Entra, Google Workspace, Slack Enterprise, and Miro—manually or automatically via webhook or MCP
  • Device Containment: Trigger endpoint containment (EDR) or lock (MDM) actions via webhook or MCP as part of incident response
  • Responder: Admin console for creating challenges and revoking sessions during incidents or connector testing
  • ITSM Integration: Seamlessly integrate into existing workflow systems
  • Account Takeover Prevention: Detect and prevent impersonation attacks
  • Deepfake Detection: Use device fingerprinting and authentication to identify potential threats

Common Use Cases

  • Verified context from a user: A SOAR playbook or analyst challenges the user associated with a detection in Slack—they complete IdP step-up auth and optionally provide justification or reason for the activity, so responders know it’s really them before taking action
  • Automated containment: A SOAR playbook reacts to a failed challenge, incident report, or other workflow signal by calling the webhook API or MCP to revoke SaaS sessions and contain the user’s devices
  • Impersonation and deepfake defense: Challenge users showing suspicious behavior during helpdesk or executive impersonation attempts, then revoke sessions and contain devices if verification fails
  • High-risk access and ITSM: Verify identity before granting elevated permissions or processing sensitive requests

Getting Started

Check out our Challenge guides to set up your first verification workflow: