When your contact center can't use phones to authenticate
Industry
BPO/CX
Size
450K
Challenge
The company's authentication infrastructure, built on ADFS, Azure, and Duo, had become an operational bottleneck, and the CIO needed password elimination and platform consolidation. The complexity: 450,000 contact center agents worked in facilities where mobile devices and cameras were strictly prohibited, making traditional mobile MFA impossible, and over 5,000 applications required authentication across 80+ countries. The company also needed passwordless authentication for agents without phones, remote employees accessing thousands of applications, and shared workstations where multiple users logged in daily, all without disrupting operations for hundreds of thousands of users.
Solution
1Kosmos delivered a working pilot in 20 days, integrating with ADFS to unlock thousands of applications simultaneously. We became the company's identity provider, using intelligent routing to migrate users systematically without disruption. Within weeks, 1Kosmos integrated 3,500+ ADFS applications, expanded to Azure, and covered VPN, remote desktop, and operating system authentication. For contact center agents, 1Kosmos deployed hardware tokens for high-security locations and behavioral biometrics where physical tokens proved impractical. The architecture was designed to provide automatic failover and eliminate single points of failure, ensuring high availability for critical authentication services.
20 days to production
The company set a 20-day deadline for working capability. With under 3 weeks to spare, the 1Kosmos team identified ADFS as the critical integration point; a single connection that would unlock access to thousands of applications at once.
Functional integrations were delivered within 20 days, and that proof of execution cleared the path for global rollout over the next 6 months.
Routing 5,000 applications through one system
1Kosmos replaced the existing identity provider while keeping ADFS connected, which was crucial for users. During the transition, the platform automatically routed non-migrated accounts to ADFS, allowing employees to continue on with no disruptions.
Over the following weeks, the team brought 3,500+ ADFS applications into the system, expanded coverage to Azure, and added authentication for VPN, remote desktop, and Windows and Linux operating systems. The final architecture placed all 5,000+ applications behind a single unified system.
No phones, no cameras, 80 countries
Contact center agents across 80 countries worked in facilities with strict security policies that banned mobile devices and cameras. In these high-security locations, 1Kosmos deployed hardware tokens (1Key and Feitian) to enable biometric authentication. Where distributing physical tokens proved logistically impractical, the platform relied on behavioral biometrics instead.
For shared workstations, the team optimized authentication flows to reduce friction. The system handled authentication from device boot, eliminating passwords at the operating system level.
Six months, 450,000 users
Full production deployment took six months. The platform now serves 450,000 users across 80 countries and processes 10 million authentication events weekly across operating systems, VPNs, and web applications. The platform is architected for high availability, with automatic failover capabilities to maintain service continuity in the event of infrastructure issues.
1Kosmos helped the company eliminate passwords entirely, removed dependencies on multiple MFA vendors, and extended passwordless coverage from device startup through every application in the environment.


