Our single sign-on (SSO)feature allows users to log in to LoanPro using valid authentication from another application. Multi-factor authentication (MFA) adds another layer of security by requiring users to verify, in more than one way, their right to access LoanPro. Usually a username and password are used in conjunction with a code that is received through an SMS text or an authentication app.

Together, single sign-on and multi-factor authentication enhance both convenience and security. 

Setting up SSO in LoanPro

SSO in LonPro is only available using Azure or Okta identity provider (IdP) services. 

Required credentials 

LoanPro uses Security Assertion Markup Language (SAML), an open standard that allows identity providers (IdP) to pass authorization credentials to service providers, to configure Center LMS authentication through one of the two supported IdP providers.

You will need the following credentials for SAML authentication:

• SAMLv2 login URL
  • Example Okta URL: https://dev-5555555.okta.com/home/dev-5555555asdf/8888cn33wJSszPUiW555/abc1cp519rzWPNMUx555
  • Example Microsoft Azure URL: https://login.microsoftonline.com/55555555-7527-40e9-bf78-aaaa12345678/saml2
• SAML application XML (from IdP service)
• SAML certificate (from IdP service

Implementation steps

1. Once the credentials are acquired, the LoanPro development team will begin configuring the new SSO setup, a process that can span several weeks and incur additional costs.
2. Once LoanPro has completed our work, we will provide the client with a Cognito Identity Pool Id, which will enable the client to configure SSO on their side. The ID will look something like this: [use inline code formatting option]
   us-east-1:1234aa55-3402-4021-a0b9-5a5555a5aaaf
3. When configuration of SSO is complete, an SSO login button will appear on the client's VPC login page.

Setting up multi-factor authentication in LoanPro

Enrolling users

While multi-factor authentication is recommended, it is not required. To enroll a user for multi-factor authentication, navigate to Settings > Company > User Authentication > Multi-Factor.

This page will show a list of agent users in your company. To change the user's settings, click ‘Edit’.

Next, check the box to the right of each agent user that you'd like to enroll in multi-factor authentication. Use the 'Select All' and 'Deselect All' links to make the job easier. Once you have selected all the agents you want to enroll, click 'Save'.

User setup

Once users are enrolled in multi-factor authentication, their login process will be different. After entering the correct username and password, the user will be asked how they would like to perform the second authentication. They can perform the second authentication in one of two ways: 

Resetting MFA

If the Google Authenticator app is deleted, the agent user changes phones, or any other circumstance arises that interrupts multi-factor authentication, the setting must be reset in order to restore functionality. 

1. Navigate to Users > Agent Users > Authentication > Multi-Factor.
2. Click 'Reset' to unlink the authentication with the Authenticator app. The user must then set up a new authentication in Google Authenticator or switch to using SMS codes.

Error notifications

If a user receives an error notification when trying to log in, the notification will be ambiguous. This is done purposefully to create an added layer of protection; if an unauthorized user is trying to log into an account, more specific messages might help them know what they need to focus on to break in.

If a user locks themselves out of their account after repeated error notifications, they should contact LoanPro to regain access.