Administrator Capability Workflow

Authorized administrators associated with a counterparty (Seller, Servicer, third-party originator, etc.), are able to create and provision users with specific roles to access Freddie Mac tools and applications. They can also remove, update, and revise users, run reports, and much more.

Each type of administrator has limited capabilities/workflows on their position within the administrator hierarchy or levels. The scenarios below depict a typical administrator hierarchy that you can replicate for your set up. In these examples, one counterparty (organization) does business as a Servicer and the other is a Seller.

                          Scenario A                                                                Scenario B

               

Executive with Primary Administrators will be able to provision access for Authorized Users to all applicable Managed Access Tools and all applicable Seller/Servicer or RTP Numbers(s) associated to the Authorizing Entity. This Administrator type will automatically receive any additional Managed Access Tools or Seller/Servicer or RTP Number(s) added to the Authorized Entity in the future.  Also, this Administrator Type has the ability to create, modify and disable Primary Elevated, Primary and Secondary Administrators. 

Primary Elevated Administrators are able to provision access for Authorized Users to all applicable Managed Access Tools and all applicable Seller/Servicer or RTP Numbers(s) associated to the Authorizing Entity. This Administrator type will automatically receive any additional Managed Access Tools or Seller/Servicer or RTP Number(s) added to the Authorized Entity in the future.  Also, this Administrator Type has the ability to create, modify and disable Primary and Secondary Administrators. 

Primary Administrators are able to provision access to Freddie Mac applications to Managed Access Tools and Seller/Servicer or RTP Number(s) that have been designated to them.  This Administrator Type has the ability to create, modify and disable Secondary Administrators.

Secondary Administrator are able to provision access to Freddie Mac applications to Managed Access Tools and Seller/Servicer or RTP Number(s) that have been designated to them.  This Administrator Type does not have the ability to create, modify and disable any other Administrators.

Manage User Accounts

An Administrator will use a number of workflows to manage other administrators and general users. Refer to the steps below for each specific functional workflow or use online help's predictive search and table of contents to find the specific functionality workflow that you need.

Create New User with Access  

This process is available to Executive with Primary Admin, Primary Admin, and Secondary Admin roles.  Follow the workflow steps when you want to create a new user and give that user access to specific Freddie Mac applications and/or tools along with respective user role(s).  

 

  1. From Freddie Mac Access Manager, click the menu.

  1. Select the Manage User Accounts drop-down.

  1. Select Create New User with Access. The Create New User with Access page opens.

  1. Complete the required fields: First Name, Last Name, Email, Phone Number.

  1. Click Next. The Add User Access page displays.

  1. From the Add User Access page, click on the Application drop-down list to select a specific application. Role and Counterparty Numbers fields will appear for you to complete.

Note: For more information on Loan Selling Advisor user roles visit the User Roles section in the Loan Selling Advisor Online Help.
  1. Continue to fill-in the Role and Counterparty Numbers a.k.a. Seller/Servicer number as applicable.

  1. If applicable, check the Select All Counterparty Numbers checkbox to associate all Counterparty numbers to the User.

  2. You must select the Add to Selected Access checkbox which triggers the addition of your requested access. Confirm by viewing the designated application, role, and counterparty number listed under the "A summary of the selected access" section as shown below. To provision and permit additional Freddie Mac application access, repeat steps 6 through 9, if not, then skip to step 10.

  1. Click Next. The Confirm Request page appears. Take time to review and confirm information you have entered.

  2. Click Submit to complete the process and return to the home page.

  1. Once the request has been completed, two e-mails will be sent out to the newly created user. The first e-mail will contain the user's account ID, and the second e-mail contains a temporary password. See the two example e-mails below.

Add User Access   

In this workflow, you are giving an existing user access to another Freddie Mac application and/or application role. It is recommended that you confirm with the user's manager that you are provisioning the correct application and specific role. To add access:

 

  1. From Freddie Mac Access Manager, click on the menu.  (or from the home page, click the Add User Access Quick Link card.)

  1. Select the Manage User Accounts drop-down.

  1. Select Add User Access. The Select Identities page appears.

  1. Type in a name to filter and search. Use the Advanced Search tab to narrow your search if needed.

  1. Select one or more check boxes next to the username you wish to provision. Immediately, the name(s) appears in the Selected Identities view box as shown below. You can uncheck the box and the name will be removed.

Note: If needed, resort the view list by clicking over any of the column names.

 

  1. Click Submit. The Add User Access page displays.

  2. From the Add User Access page, click on the Application drop-down list to select the specific application. The Role and Counterparty Numbers fields will appear.

  1. Fill-in the Role and Counterparty Number based on your application selection.

Note: For more information on Loan Selling Advisor user roles visit the User Roles section in the Loan Selling Advisor Online Help.

  1. If applicable, check the Select All Counterparty Numbers checkbox to associate all Counterparty (Seller/Servicer) numbers to the User.

  2. You must select the Add to Selected Access checkbox (see graphic above) which triggers the addition of your requested access. Confirm by viewing the designated application and user role listed under the "A summary of the selected access" section as shown below. To provision and permit additional Freddie Mac application access, repeat steps 7 through 10; if not, then skip to step 11.

  1. Click Next. The Confirm Selected Access page appears. Take time to review and confirm that the application, role, and counterparty numbers are correct.

  2. Click Submit to complete the process and return to the Home page.

  1. The user will receive an e-mail that details which application(s), role(s), and counterparty number(s) have been provisioned to the user's account.

 

Remove User Access  

Administrators can remove access to applications from a user’s account. Access can be removed using the following steps:

  1. From the Home page, click the Remove User Access tile card, or from the menu, select Remove User Access under the Manage User Accounts drop-down.

  1. To start this request, select an identity to modify. Double click the user name to continue.

  1. Next, select an application to remove. Click the Application drop-down menu. In this example, the Loan Product Advisor® LPA application from the list. Click the Next button to continue.

Note:  Administrators will be able to remove access to applications that they are not authorized as an application user.  This means that the Application drop down may show more applications than the administrator is used to seeing.  In these scenarios, the admin should ignore the additional applications and only focus on the access that they are certain needs to be removed.

  1. Once the application to be removed is selected, select the Access (a.k.a. the user role plus counterparty number). Click the Access drop-down menu. In the example below, the LPA_GUI_Broker role is selected. Click the Next button to continue.

  1. The final step in this process is to confirm the registration request to remove the user’s access. Review the Application and Access selected. When ready, click the Submit button.

 

Once the request is submitted, you will be redirected to the Home page.

 

Note: Access can be removed from one user account at a time. If you wish to complete a bulk request, please contact the internal Freddie Mac Customer System Access team.

 

Enable User Account  

Once a user account has been disabled, if needed, it can be reactivated. When a user account is re-enabled, it will automatically include the same application access that they had at the time they were disabled. To enable a user account, complete the following steps:

  1. From any Freddie Mac Access Manager page, click the menu.

  1. In the drop-down menu, click Manage User Accounts.

  1. In the Manage User Accounts drop-down menu or from the home page, click Enable User Accounts.

  1. Under Available Identities, click the check box next to the user name to select the account.

  1. Once you select the user account, click the Submit button.

  1. The last step is to confirm the account information for the User ID you wish to enable. If everything in this request is correct, click Submit. If not, click the Cancel button and modify your request. Once the request is submitted, you will be redirected to the home page.  

Note: If a user is re-enabled with application access, you will see that information under Current Access header as shown on the screenshot below. (It does not show all the current applications provisioned to this user.)

Disable User Account


Once a user account has been created, the profile can be disabled if access is no longer required. To disable a user account, complete the following steps:

  1. From Freddie Mac Access Manager, click the menu.

  1. In the drop-down menu, click Manage User Accounts.

  2. In the Manage User Accounts drop-down menu or from the home page, click Disable User Accounts.

  3. Next, select a user account to disable. In the Available Identities list, click the check box next to the user name.

  4. The user is now displayed in Selected Identities. Click the Submit button to continue.

  5. The last step in to confirm the account information for the user you wish to disable. If everything in this request is correct, click Submit. Once the request is submitted, you will be redirected to the home page.

Modify User Profiles

Executive Administrator with Primary Administrator role and Primary Administrators have the ability to update a user’s profile. To modify a user’s account, attributes can be updated by using the following steps:

  1. From the home page, click the Modify User Profiles card, or from the menu, select Modify User Profiles in the Manage User Accounts drop-down.

  1. To start this request, select an identity to modify. Double click the user name to continue.

  1. The User Profile is shown below. The User Title can be modified. Add or update the user title. Click the Next button to continue.

  1. As shown below, the User Title has been updated to Trainer. Click the Next button to continue.

Note: If you select a general application user instead of a Primary Administrator, you will also be able to update their Admin Type and Certifier privileges field on this workflow as well. In the first example below, the Primary Administrator is modifying another Primary Administrator's user profile, where he/she can only update the user title. Notice the second example below.

Example 1:

 

Example 2: The Administrator selects an Application User (non-Admin) to modify. Notice the additional Administrator Type and Add Certifier Privileges options as opposed to only the User Title shown above.

 

  1. The final step in this process is to confirm the registration request. Review the updated profile information. When ready, click the Submit button. Once the request has been submitted, you will be automatically redirected to the home page.

 

Modify User Profile to Change to Primary Elevated

Primary Elevated Administrators function the same way as other Primary Administrators. The main difference between Primary Admin and Primary Elevated Admin is that Primary Elevated Admin are able to provision access to ALL applicable Managed Access Tools and all applicable Seller/Servicer or RTP Number(s) associated to the Authorizing Entity. This Administrator type will automatically receive any additional Managed Access Tools or Seller/Servicer or RTP Number(s) added to the Authorized Entity in the future.

To modify a users profile to change their role to Primary Elevated, follow the steps below:

  1. From any Freddie Mac Access Manager page, click the menu.

  1. In the Manage User Accounts drop-down menu or from the home page, click Modify User Profiles.

  2. To start this request, select an identity to modify. Double click the user name to continue.

  3. Scroll down to the dropdown for "Administrator Type." Select Primary Elevated from the dropdown list. Click the Next button to continue.

  4. The final step in this process is to confirm the request. Review the updated profile information. When ready, click the Submit button. Once the request has been submitted, you will be automatically redirected to the home page.


Reset User Password

The Reset User Password workflow is used when an Administrator needs to reset an Application User's Single-Sign-On password. This differs from the Change My Password workflow where an Application User can reset their own Single-Sign-On password.  

Note:  Administrators do not have the ability to reset a user's System Account password. To request a change or reset  a system account password you should contact Freddie Mac's Customer Support Contact Center (800-FREDDIE).  

Administrators should follow the steps below to change a user's password:

  1. From Freddie Mac Access Manager select the menu.

  1. In the drop-down menu, select Manage User Accounts to open drop-down.

  1. Select Reset User Password. The Reset User Password page opens.

  1. Under the User Attributes Search Fields, search by Username, Last Name, First Name, and/or Email address. The example below illustrates as search for Last and First Name.

  1. After you have entered your search attributes, click on the drop-down arrow at the User field under Select User (as shown below) to activate the search. Any matching search criteria will show respective username(s)

  2. Click on the desired username (shown above).  User Attributes section appears with user profile information.

  1. Click Next. The Confirm Request page opens.

  1. Confirm the user request information then click Submit. This triggers the creation of a system-generated temporary password and sends an email to the user requesting him/her to reset their temporary password.

Note: The user has 10 days to reset their temporary password to a permanent one.

Manage Administrator Rights

Create New Administrator Account  

This process is available to all administrators except Secondary Administrator users.

Note: Secondary Administrators do not have access to this workflow since there are no Admin users below the secondary level admin.  

  1. From Freddie Mac Access Manager, click on the menu.

  1. Select the Manage Administrator Rights drop-down.

  2. Select Create New Administrator Account. (or from the home page select the respective Quick Link card.) The Create New Admin Account page appears.

  1. Under the Administrator Type field, select Primary, Secondary, or Certifier

Note: The Certifier is not an administrator type, but an administrator can be a Certifier that will have access to the certification workflow to be used during the recertification campaigns. In this example the user logged in as an Executive Administrator with Primary Administrator rights so they can select Primary, Secondary, and Certifier.ive Admin listed. A Primary Administrator would only see the Secondary and Certifier roles, and so forth...)

  1. After you select an option under the Administrator Type drop-down, check the box if you want to assign and add certifier privileges. (see below graphic)

  2. Proceed to fill in the other required fields denoted with a red asterisk. You are required to enter both a Phone Number and Cell Phone**.

**Note: This field will be used differently in future iterations of Freddie Mac Access Manager. Multi-factor authentication will be used to verify the Administrator's identity, but this will be instituted farther out in our delivery timeline. We'll be doing an update in the software to remove the requirement to enter a cell phone number. For now, the same number can be used in both the Phone and Cell Phone number fields.

 

  1. Click Next. The Application Access Authorizations page opens.

  1. Select a Freddie Mac application(s) giving this new Administrator user rights to provision certain applications to other users.

Note: This Application Access Authorization workflow differs from the Application Access workflow. The Application Access Authorization workflow authorizes an administrator to have the ability to provision specific applications, roles, and counterparty number(s) to other users. This step is NOT giving your new Administrator access to use an application, but rather it is giving them authorization to provide other users access to specific Freddie Mac applications.  

  1. Click the Role drop-down menu to select a single specific role. Select items for any additional fields that may appear based on your previous selections made. In this example, select specific roles and Counterparty Numbers. Freddie Mac can work with you to ensure that the correct Counterparty Numbers are assigned to your Administrators so your organization can provision the proper access to your users. Select items for any additional fields that may appear based on your previous selections made. In this example, select specific roles and Counterparty Numbers (Seller/Servicer number).

  2. To select all roles, click the Select All Roles check box. Check the box next to Select All Counterparty Numbers if you want to give the new administrator rights to provision users for all Counterparty (Seller/Servicer) Numbers.

Note: For more information on Loan Selling Advisor user roles visit the User Roles section in the Loan Selling Advisor Online Help.

  1. Check the Next button to continue.

  2. Once you've made your application/role/counterparty selections, confirm the summary under the Selected Access field. If the listed selections are correct and complete, click the Next button to continue. Otherwise, to provision and permit additional Freddie Mac application access, repeat steps 8 through 11 or skip to step 13.

  1. Click Submit to confirm request and return to the home page.

Modify Administrator Access Authorization  

Once an Administrator account has been created, it can be modified by adding or removing application, role and/or counterparty access using the following steps:

Note: This Admin Access Authorization workflow differs from the Application Access Authorization workflow. The Admin Access Authorization workflow gives your Administrator access to use a Freddie Mac application. Whereas the Application Access Authorization workflow gives an administrator authorization to provide other users access to specific Freddie Mac applications. Check out the glossary term and definitions for Access Authorization versus Application Access and be sure to understand the differences.  

To modify an Admin’s access authorization, complete the following steps:

  1. From any Freddie Access Manager page, click the menu.

  1. In the drop-down menu, click Manage Administrator Rights.

  1. In the Manage Administrator Rights drop-down menu or from the home page, click Modify Admin Access Authorization.

  1. In Available Identities, click the user name of the administrator to select.

  1. Select a new role for the Loan Product Advisor application. As shown below, the LPA GUI Broker role has been selected. Once the Application, Role and Counterparty has been selected, check the box next to Add to Selected Access.

  1. Confirm the access information that you wish to modify for the administrator. If everything in this request is correct, click Next. If not, click the Cancel button and modify your request.

  1. Confirm the access information that you wish to modify for the administrator. If everything in this request is correct, click Submit. If not, click the Back button and go back and modify your request. Once the request is submitted, you will be redirected to the home page.

 

My Profile

Find User

Find User is a workflow that allows an administrator to search and see who is in the counterparty system. Currently, general application users do not have the ability to use this workflow.  To locate a user, please do the following:

  1. From Freddie Mac Access Manager select the menu.

  1. In the drop-down menu, select the My Profile drop-down.

  1. Select Find User. The Available Identities page opens.

  1. At the Filter by Identity field enter a name, (i.e., a first-name, last-name, username, or email address) and select the magnifying glass or hit the enter key. A list of matching results will display.

  2. Click on the Advanced Search button if necessary to narrow your search.

  1. From the results list, click on a row to open and see more user attributes. The User Attributes page opens as shown below. Notice the Application Access information towards the bottom of the page specifying: Each application access, assigned user role(s), and counterparty (Seller/Servicer number).  

  1. Clicking OK returns you to the Home page.

 

 

 

This information is not a replacement or substitute for the requirements in the Freddie Mac Single-Family Seller/Servicer Guide or any other contractual agreements. This information does not constitute an agreement between Freddie Mac and any other party. © 2024 Freddie Mac.

Terms of Use

Freddie Mac Learning