MFA FAQ – Internal

Multifactor Authentication:

Release notification 

See Recruiting Accounts if you have a company that has a specific user to recruit brokers

MFA will be prompted to users who access Loansifter every 30 days or if a user logs in directly to the website from a different network. 

For example:

  1. Login on Chrome
    1. Not on VPN        
    2. MFA prompted
  2. Login again on chrome
    1. Not prompted for MFA
  3. Login using a different browser
    1. Not prompted for MFA
  4. Sign in on Cell (same wifi network)
    1. Not prompted for MFA
  5. Signed into VPN or a different wifi network  – Login with Chrome 
    1. Prompted for MFA
  6. Sign in on Cell connected to your cellular network
    1. Prompted for MFA

If users launch out from Calyx or Byte, the same rules above apply. 

If users launch out from Encompass or Loancatcher, MFA will not be prompted. 

If users have an active session from a login from Encompass or Loancatcher and open a new tab in the same network, MFA will not be prompted. 

Active Session in Loansifter:

An active session in Loansifter is defined as user that is logged into Loansifter (directly or from and LOS) and working in Loansifter without inactivity for 60 minutes. At 59 minutes of inactivity in Loansifter, we prompt the user with a message that indicates they will be logged out in 59 seconds unless they click continue. 

Updating MFA contact method:

A user can update their contact method used for MFA in Loansifter by Navigating to their Profile page and see the referenced Email or Mobile Phone number field. 

If a user does not have a mobile phone number available when MFA is enabled and they select Phone, they will be prompted to provide their phone number. This phone number will be saved to their Loansifter profile and can be updated at anytime after a sucessfull login. 

   

User Activity: 

To see login activity for a user, navigate to Client Management > User Activity

The email for verification looks like this: