Roles are sets of access settings assigned to groups of users; a user with an Admin role might be able to view and update data and settings that a user with a Servicing Agent role is unable to access.

Roles are fully customizable. LoanPro offers out-of-the-box configurations for common positions (e.g., Admin, Agent, Loan Servicing Manager,) and clients are able to use these, customize them, or create their own.

Editing an existing role lets you adjust access settings for all employees with that role, streamlining any security changes.

When configuring a role, you’ll also be able to control which API endpoints the user can access (see API security below).

Search restrictions limit the accounts an agent can view. For example, you might limit third-party servicers to only viewing accounts they’ve been contracted to manage. You’d assign each account a portfolio marking it as one of theirs, and then assign each third-party servicer a set of search restrictions that limits them to only viewing accounts with that portfolio.

Search restrictions can be limited to a single factor, like the portfolio in that example, or a more complex combination of dynamic account and borrower information. Once those criteria are in place, you can restrict what kind of access the agent has in specific areas (view-only, full access, etc.).

Agent Walkthroughs guide users through your processes; rather than manually navigating through an account, they follow a clear clickpath with instructions tailored to their task and the specific account. Complex processes like making an SCRA adjustment or verifying a bankruptcy become clear and streamlined, while minimizing the possibility of user error.

But to make sure those processes are only completed on the right accounts at the right time, Agent Walkthroughs have several security measures in place.

• First, agent users are assigned to Walkthrough Groups. The group gives them access to some, all, or none of the Agent Walkthroughs in your tenant. 
• Second, each Agent Walkthrough can be controlled with rules and validations, ensuring that an account meets specific criteria before an agent can begin the process.

It’s important to note that when using an Agent Walkthrough, a user is temporarily granted access to the screens and settings it navigates to. This lets you restrict agents’ access to sensitive information or tasks through their role, and only grant it when necessary through the rules and validations on the Agent Walkthrough. 

LoanPro can restrict access to your tenant based on the IP address an agent is using when they log on. You can restrict access through either whitelisting or blacklisting:

• IP Address Whitelisting allows agents to access LoanPro only if they’re using a specific, approved IP address.
• IP Address Blacklisting allows agents to access LoanPro from any IP address except a specific, restricted list.

These restrictions can be assigned on an individual basis, allowing you to control access by specific groups or employees rather than a single, across-the-board setting.

LoanPro is cloud native, and employs several security measures to keep your data secure:

• Amazon Web Services (AWS) security. All platform data is stored in AWS, with the primary AWS Northern Virginia region of the United States. Each LoanPro tenant's data is stored in a separate database. LoanPro undergoes both application and application network external and internal penetration testing at least annually. Additionally, we use infrastructure-as-code and serverless components to prevent any kind of data loss, corruption, or degradation during peak usage.
• Encryption. Within LoanPro, all data is encrypted in transit and at rest. We use unique encryption keys that are regularly rotated using the AWS key management service. All web traffic is encrypted with HTTPS/TLS when the receiving end supports it. TLS v1.2 and 1.3 are supported. Block level encryption is used for VMs. Some data (PII for example) is also encrypted at the application level.
• Code deployment. Clients are notified at least 90 days in advance of any change to the LoanPro platform that may impact service. We deploy changes using a CI/CD methodology for software and blue-green deployments for hardware, which require no downtime. If any downtime is anticipated, 90-days notice will be given.

LoanPro’s API security keeps safeguards access with granular controls, following the same role-based access structure and setup as the UI.

When configuring a role (see role-based access above), you’ll set up both UI and API permissions. You can grant and restrict access to specific endpoints and methods a user can send API requests to.

Each agent user with API access is granted their own API keys, which they can then use in the headers of API requests. The system keeps  a complete audit trail of all actions taken, by which user, and whether those actions were performed in the UI or through the API.

LoanPro also provides security measures through Advanced Connections, our webhook tool. When creating a webhook, you have the option to create an Authorization Token which is only used for that webhook configuration instance, or to use an existing authorization token.

To create a token at the webhook level, you can either enter a token that you have generated into the “Authorization Token” space, or you can select the “Generate Token” button for a secure token to be generated. This token must then be used in the webhook headers as the Authorization Token.