New Features & Forms in Version 20.2 (Broker Edition)

(Updated on 10/30/2020)

Starting in Encompass 20.2, a new Web-based login screen will be presented to all users when opening Encompass. Encompass Consumer Connect users will recognize this new screen, as it is similar to the login screen used with that platform.

On the Encompass Login screen, you will now enter your Instance ID.

• The Instance ID is your Encompass SmartClient ID, which is provided by the Encompass administrator. (It is not the Client ID found under Help > About Encompass in Encompass). Example SmartClient ID: BE111XXXXX.

• After providing your Instance ID and successfully logging in once, this ID will be cached and automatically provided each time the user logs in moving forward.

If your company is not utilizing the new Single Sign-On (SSO) options that are also being introduced in Encompass 20.2, then enter your Encompass user ID and password, and then click Log In, just as you did in previous versions of Encompass.

If your company is utilizing the new SSO options, refer to the Single Sign-On (SSO) Options for Encompass Users entry below for more information.

Please review The New Login Screen Coming with Encompass 20.2 - What You Need to Know knowledge article (#36794) in the Ellie Mae Resource Center for more important details about this new login screen.

There are certain users that will not see this new web-based login screen after they have upgraded to Encompass 20.2. Ellie Mas has sent notification messages to these impacted customers with more information and next steps. Please review this message in your My Messages Inbox in the Ellie Mae Resource Center.

Watch the Video for Setting up Single Sign-On

Single Sign-On (SSO) is an authentication process that enables users to authenticate securely with multiple websites or applications by logging in only once with one set of credentials, a user name and password. When a user logs into an SSO website or application, a trusted identity provider (IdP) verifies the user's credentials. To authenticate the user, the identity provider prompts the user to enter a user name and password for the website. Once the user is authenticated, the identity provider grants access to the websites and/or applications.

Starting in Encompass 20.2, Encompass administrators can use the Login Access section of the Organization Details screen to determine if their company's users will be required to log into Encompass using credentials provided by their company's IdP (Restricted Access) or if they will have the option to log in using their IdP credentials or their Encompass user name and password credentials (Full Access). By default, all users are set up to use Full Access.

New Encompass Login Screen

Again, starting in Encompass 20.2, a new Web-based login screen will be presented to all users when opening Encompass. Encompass Consumer Connect users will recognize this new screen, as it is similar to the login screen used with that platform.

Authorized users can click the Login via Single Sign On (SSO) button to access the IdP login screen provided by your company's chosen IdP where you enter the required credentials provided by your company to log into Encompass. Here is an example of the login screen provided by Okta.

Single Sign-On Requirements

If the Encompass administrator elects not to require users to log into Encompass with SSO (i.e., you are using the Full Access option), you do not need to configure any additional settings. By default, all organizations are set up to use the Full Access option. (Note that users with Full Access will still have the option to log in using IdP credentials too, but administrators must still configure their IdP and set up the connection in order for the credentials to work.)

If the administrator elects to require their users to only log into Encompass using their IdP credentials (i.e., the Restricted Access option), there are additional prerequisites that must be completed. The following list describes the high-level tasks for setting up SSO:

• Configure your identity provider: Select an IdP, and then set up credentials for Encompass users. Only an  Encompass Super Administrator or the administrator assigned with the admin user ID can perform this task.)

  • Your IdP must be configured using SAML 2.0.
  • The configuration settings required by Ellie Mae for each of the following IdPs are provided in the Configuring SSO for Encompass guide (link is below): Microsoft Azure, Okta, and Salesforce. Other IdPs may be used, but they must be configured using SAML 2.0.

• Set up the Connection to your IdP in Encompass Developer Connect: If you or your developer do not have access to Encompass Developer Connect yet, you can use a button provided in Encompass (in the Company/User Setup > Company Information settings) to go directly to the SAML SSO set up page in Encompass Developer Connect. No additional credentials are needed to access this page. Only a Super Administrator or the administrator assigned with the admin user ID can perform this task.

  

• Set up your SSO preferences in Encompass: Only the Super Administrator or the administrator assigned with the admin user ID can perform this task. After your company's identity provider is configured and the connection is set up in Encompass Developer Connect, you can set up your company's SSO preferences from the Company/User Setup > Organization/Users > Organization Details > Login Access settings.

  

  • Once you have set up the Login Access settings, users can then log into Encompass. Their log in process will vary depending on the Login Access settings you have configured.

Please review the following guides and resources for complete instructions and requirements for setting up SSO in Encompass.

• Resource Center: Ellie Mae Identity Management Solutions page (guides, webinars, videos, and more)

• Setting Up SSO for Encompass

(Updated on 10/2/2020)

Bring Your Own Authentication (BYOA) provides an additional layer of security to the traditional user name and password authentication method. BYOA is part of a multi-factor authentication (MFA) framework where an employee authenticates to their corporate network first by providing a user name and password, then by providing a pin or code from their smartphone or device. Encompass administrators now have the option to enable MFA for their Encompass instance. Since login security is very important for protecting the personal information of borrowers, administrators  can now use their existing Okta Verify or Duo Mobile integration as an MFA solution.

The following list describes the high-level tasks for setting up MFA for Encompass:

• Configure your MFA provider: Encompass supports Okta Verify and Duo Mobile identity providers. Configuration steps for both Okta Verify and Duo Mobile are provided in the How to Set Up MFA for Encompass guide. Note that only an Encompass Super Administrator or the administrator assigned with the admin user ID can set up credentials for Encompass users.)

• Enable MFA in Encompass: This step is required for implementing MFA for Encompass. For instructions, see the Enable MFA on Encompass section of the How to Set Up MFA for Encompass guide.

• Set up the Connection to your IdP in Encompass Developer Connect: In this step, you will add your MFA application provider details to the Lender MFA configuration page in the Encompass Developer Connection portal. For instructions, see the Configure your MFA details in Encompass Developer Connect section of the How to Set Up MFA for Encompass guide. If you or your developer do not have access to Encompass Developer Connect yet, you can use a button provided in Encompass (in the Company/User Setup > Company Information settings) to go directly to the MFA SSO set up page in Encompass Developer Connect. No additional credentials are needed to access this page. Only a Super Administrator or the administrator assigned with the admin user ID can perform this task.

  

• Enable MFA for Encompass: Once you have configured your IdP and set up the connection in Encompass Developer Connect, the Super Administrator or the administrator assigned with the admin user ID can then enable MFA in the Encompass Admin Tools.

  

Please review the following guides and resources for complete instructions and requirements for setting up MFA for Encompass:

• Resource Center: Ellie Mae Identity Management Solutions page (guides, webinars, videos, and more)

• How to Set Up MFA for Encompass

(Updated 10/30/2020)

A new Fannie Mae Additional Data form has been added to record information required when submitting a loan to Fannie Mae. This form replaces the FNMA Streamlined 1003 for loans using the new 2020 URLA forms: the Fannie Mae Additional Data form displays when a loan is using the 2020 URLA forms; the FNMA Streamlined 1003 displays for loans using the 2009 URLA forms.

Much of the information on the form is populated with data entered on the loan application and other loan forms. This form includes an introductory section with information describing the amortization type, the mortgage owner, and the down payment, as well as sections for the following information, as shown below:

• Fannie Mae Additional Data

• MORNETPlus Community Lending

• FHA Loan Data

• VA Loan Data

• Value Verify

(Updated on 10/30/2020)

A new GSE Additional Provider Data form has been added to capture and consolidate information that is imported from external GSE-supported vendors. Some of the fields are automatically updated when the vendor reports are returned to Encompass, while some fields need to be manually updated with the corresponding report IDs. This form includes the following sections:

• Blend

• CoreLogic 4506T

• Early Warning Services (EWS) Report ID

• Finicity

• Informative Research 4506T

• Universal Credit 4506T

• Fannie Mae Additional Provider Data

• Freddie Mac Additional Provider Data

(Updated on 10/23/2020)

The Income / Assets Validation section has been removed from of the Freddie Mac Additional Data Input form for loans using the URLA 2020 forms. The information that formerly displayed in this section now displays in the new GSE Additional Provider Data input form described above.