The Loan Origination System supports Time-based One-Time Password (TOTP) multi-factor authentication. Once enabled, signing in asks for a fresh 6-digit code from your authenticator app on top of your password, unless you have trusted the device for 30 days at a previous sign-in. The platform uses the standard TOTP protocol, so any authenticator app works: Google Authenticator, Microsoft Authenticator, Authy, 1Password, and others.
Enable MFA on every account. It matters most for Administrators and anyone who can adjudicate, disburse, or change roles, since those accounts can move money and grant access.
Enabling MFA on your account
Before you start, install an authenticator app on your phone or desktop. Any TOTP-compatible app works. Popular choices include Google Authenticator, Microsoft Authenticator, Authy, and 1Password.
Open the Authentication page
Click your avatar in the top-right corner, then select Authentication from the menu. You can also open Profile and pick Authentication in the profile sidebar.
Click Enable under Two-factor authentication
The Two-factor authentication row shows an INACTIVE badge with an Enable button. Click Enable to open the setup flow.
Confirm your password
The setup flow first asks you to confirm your current password. Type it and click Continue.
Scan the QR code with your authenticator app
The platform displays a QR code. Open your authenticator app, add a new account, and scan the code. The app starts generating 6-digit codes that refresh every 30 seconds. If you cannot scan it, click Can’t scan? Enter the key manually to reveal a setup key you can type into your app instead.
Enter the 6-digit code to confirm setup
Type the current 6-digit code from your authenticator app into the six boxes on screen. There is no separate submit button: the code verifies the moment you enter the sixth digit, and the flow advances to your backup codes. Pasting a copied code fills all six boxes and verifies in one step, so a code from a desktop authenticator does not need retyping. If the code is wrong, the boxes clear so you can try again.
Save your backup codes in a safe place
The platform shows 10 one-time backup codes. Use Copy all or Download to save them somewhere secure, such as a password manager, a printed sheet in a locked drawer, or an encrypted file. Each code works once. Click I’ve saved my codes to finish.
Backup codes are shown once, during setup. Save all 10 before you finish. They are your only self-service way back in if you lose your authenticator app, so store them where you can find them later.
Signing in when MFA is enabled
Once MFA is active, the sign-in flow has one extra step.
Enter your email and password as usual
Navigate to your credit union’s workspace URL and sign in with your credentials.
Enter the 6-digit code from your authenticator app
After your password is accepted, the platform sends you to a verification screen. Open your authenticator app, read the current code for your account, and type it into the six boxes. Codes are valid for 30 seconds. If the code is about to expire, wait for the next one.
Trust the device if it is your own
Tick Trust this device for 30 days before you verify if this is a device only you use. The platform then skips the code on that device for 30 days. Leave it unchecked on shared or public computers.
Use a backup code if needed
If you do not have your authenticator app, click Use a backup code and enter one of the single-use codes you saved during setup.
Lost access to your authenticator app
A backup code is how you get back in. On the verification screen, click Use a backup code and enter one of the 10 codes you saved during setup. Each works once. Once you are in, open the Authentication page from your profile to set up a new authenticator app.
If you have lost your authenticator app and have no backup codes left, there is no self-service path back in and no administrator reset. The platform has no MFA-reset control for one user to clear another user’s two-factor. Contact platform support to recover the account. This is why saving your backup codes during setup matters.
Managing MFA after setup
Once MFA is on, the Two-factor authentication row on the Authentication page shows an ENABLED badge with a Manage button instead of Enable. There is no in-product button to turn two-factor off, so treat enrollment as a standing change and keep your backup codes safe.
Manage is not a settings panel. It opens the same setup flow as Enable and re-enrolls you from scratch: a fresh password confirmation, a new QR code with a new secret, and a new set of 10 backup codes. Completing it invalidates the backup codes you saved earlier and replaces the secret in your authenticator app. Only use Manage when you intend to start MFA over, such as moving to a new phone.
