MFA and SSO
Our single sign-on (SSO) feature allows users to log in to LoanPro using valid authentication from another application. Multi-factor authentication (MFA) adds another layer of security by requiring users to verify, in more than one way, their right to access LoanPro. Usually a username and password are used in conjunction with a code that is received through an SMS text or an authentication app. Together, single sign-on and multi-factor authentication enhance both convenience and security.
The instructions below apply to our loan management system (LMS), but we also support SSO for our customer portal. For more information, please reach out to your regular LoanPro contact.
Setting up SSO in LoanPro
SSO in LonPro is only available using Azure or Okta identity provider (IdP) services.
Required credentials
LoanPro uses Security Assertion Markup Language (SAML), an open standard that allows identity providers (IdP) to pass authorization credentials to service providers, to configure Center LMS authentication through one of the two supported IdP providers.
You will need the following credentials for SAML authentication:
- SAMLv2 login URL
- Example Okta URL: https://dev-5555555.okta.com/home/dev-5555555asdf/8888cn33wJSszPUiW555/abc1cp519rzWPNMUx555
- Example Microsoft Azure URL: https://login.microsoftonline.com/55555555-7527-40e9-bf78-aaaa12345678/saml2
- SAML application XML (from IdP service)
- SAML certificate (from IdP service
Implementation steps
- Once the credentials are acquired, the LoanPro development team will begin configuring the new SSO setup, a process that can span several weeks and incur additional costs.
- Once LoanPro has completed our work, we will provide the client with a Cognito Identity Pool Id, which will enable the client to configure SSO on their side. The ID will look something like this: [use inline code formatting option]
us-east-1:1234aa55-3402-4021-a0b9-5a5555a5aaaf - When configuration of SSO is complete, an SSO login button will appear on the client's VPC login page.
Setting up multi-factor authentication in LoanPro
Enrolling users
While multi-factor authentication is recommended, it is not required. To enroll a user for multi-factor authentication, navigate to Settings > Company > User Authentication > Multi-Factor.
This page will show a list of agent users in your company. To change the user's settings, click ‘Edit’.
Next, check the box to the right of each agent user that you'd like to enroll in multi-factor authentication. Use the 'Select All' and 'Deselect All' links to make the job easier. Once you have selected all the agents you want to enroll, click 'Save'.
User setup
Once users are enrolled in multi-factor authentication, their login process will be different. After entering the correct username and password, the user will be asked how they would like to perform the second authentication. They can perform the second authentication in one of two ways:
Google Authenticator
- The user will be presented with a QR code and asked to enter a six-digit code.
- Download the Google Authenticator app. In the app, click ‘begin setup > scan barcode’.
- Scan the barcode. This action will generate the six-digit code needed for setup. Enter this code and click ‘Continue’.
SMS code
- The user will be asked to enter a phone number. Once entered, click ‘Continue’.
- A code will be sent to the phone number entered. Enter this code and click 'Continue'.
Resetting MFA
If the Google Authenticator app is deleted, the agent user changes phones, or any other circumstance arises that interrupts multi-factor authentication, the setting must be reset in order to restore functionality.
- Navigate to Users > Agent Users > Authentication > Multi-Factor.
- Click 'Reset' to unlink the authentication with the Authenticator app. The user must then set up a new authentication in Google Authenticator or switch to using SMS codes.
Error notifications
If a user receives an error notification when trying to log in, the notification will be ambiguous. This is done purposefully to create an added layer of protection; if an unauthorized user is trying to log into an account, more specific messages might help them know what they need to focus on to break in.
If a user locks themselves out of their account after repeated error notifications, they should contact LoanPro to regain access.
MFA for customer portal
MFA for the customer portal is available through an authenticator app or SMS. MFA is optional, so if you’d like to set it up, just reach out to your LoanPro contact.
Was this article helpful?