V3 Create Internal User

post

https://api.elliemae.com/encompass/v3/users

Creates an Encompass internal user.

This API added with the 24.2 release of Encompass.

Usage Notes

Access Rights
- Only administrators (admin account, Super Administrator persona, and/or Administrator persona) or non-admin users with the Settings “Organizations/User” persona can create user accounts.
- The calling user only has access to create users within their same organization, or lower child organizations of their organization.
The “id” attribute is the Encompass user id and has the following requirements.
- The ID can’t start with a period (.). The following characters can’t be used: \ (backslash), / (forward slash), : (colon), * (asterisk), ? (question mark), “ (quotation mark), < (less than) and > (greater than).
To create a user, the Query Parameter ‘orgId’¹ and the following Request Payload attributes are required: Id, Firstname, LastName, WorkingFolder¹, Email, Personas¹.

¹Indicates that for these attributes, see the Company Setting exceptions below on attribute requirements.

Password is required, unless the user is an API User (apiUser = true) or an SSO user (isSsoOnly = true).
For Creating and Updating the Encompass user (Internal user) with cc site details; the user needs to pass CC site ID in the request payload.
Company Settings: A System Administrator can configure default values for user Organization, Persona and Working Folder attributes in the Admin Tools > Server Settings Manager > Policies for a given instance of Encompass. When the defaults are configured, then you do not need to provide the following parameter and/or properties in the request when creating an Encompass user.

Attribute	Located in...	Company Setting, Category = Policies	If Company Setting is configured...	If Company Setting is not configured
orgId	Query Parameter	Default Org Id for creating an internal user	Parameter not required. If not provided, configured ‘Default Org Id’ will be used.	This query parameter must be provided.
Personas	Request Body	Default Persona Id for creating an internal user	Property not required. If not provided, configured ‘Default Persona Id’ will be used.	This property must be provided.
AworkingFolder	Request Body	Default Working Folder for creating an internal user	Property not required. If not provided, configured ‘Default Working Folder’ will be used.	This property must be provided.

Query Params

orgId

string

Organization entity ID of the organization where the user will be created. Required unless you have 'Default Org Id for creating an internal user' Company Setting Configured. See Usage Notes for more information.

ignoreMinTermDays

string

Optional. Ignore Minium Term Days from LO Compensation Plan settings while adding compensation plans.

view

string

Optional. View type parameter. Enumerations: entity, id

Body Params

string

required

Required. Unique Identifier of the user. The ID the user will type when logging in. The ID can’t start with a period (.).
The following characters can’t be used:

\ (backslash)
/ (forward slash)
: (colon)
* (asterisk)
? (question mark)
“ (quotation mark)
< (less than)
> (greater than)
Max length: 16

firstName

string

required

Required. First name of the user. Max length: 64.

middleName

string

Middle name of the user. Max length: 64.

lastName

string

required

Required. Last name of the user. Max length: 64.

suffix

string

Suffix of the user. Max length: 64.

fullName

string

RetrieveOnly. Full name of user.

loginEnabled

boolean

Indicates whether the user account is locked out due to failed log-in attempt. Automatically set to false if a user exceeds the allowed failed log-in attempts (as specified in the Password Management tool). Set to true to remove the restriction and allow the user to log in again. If not provided when creating a user, default value is 'true'.

accountEnabled

boolean

Indicates whether the user account is deactivated. Set to false when you want to deactivate a user account and prohibit them from accessing Encompass. Set to true to reactivate the user account and allow the user to access Encompass again. If not provided when creating a user, default value is 'true'.

password

string

User’s login password. The password must meet the requirements established in the Password Management tool. Password must follow the password guidelines configured in Server Settings Manager. Password is optional for SSO user and API user. Max length: 50.

jobTitle

string

Job title of the user. Max length: 64.

string

required

Required. Email address of the user. Max length: 64.
Format: ######@###.###

phone

string

Phone number of the user. Format: ###-###-#### ####

cellPhone

string

Cell phone number of the user. Format: ###-###-#### ####

fax

string

Fax number of the user. Format: ###-###-#### ####

employeeId

string

Employee ID of the user for the organization.

chumId

string

Number assigned to the user for use with the HUD Computerized Homes Underwriting Management System (CHUMS).

nmlsOriginatorId

string

Enter user's Nationwide Mortgage Licensing System (NMLS) Loan Originator ID (NMLS number). If the user is a loan officer, this number is added to Page 3 of the 1003 application when they are assigned to the loan.

nmlsExpirationDate

date-time

The expiration date for the user’s Nationwide Mortgage Licensing System (NMLS) Loan Originator ID (NMLS number). When the NMLS number expires, loan team members will not be able to assign loans in that state to the user. If a loan has already been assigned to the user and their NMLS number subsequently expires (or if the user tries to originate a new loan after the expiration date) they will not be able to enter the Subject Property State in the loan file. If the NMLS Expiration Date is left blank, Encompass assumes the NMLS number never expires. Format: [Date: yyyy-MM-dd]

workingFolder

string

Loan Folder that opens the first time the user accesses the Pipeline. Only one can be selected. From an API perspective, it will be stored in string property but folder name validation has to be done.

apiUser

boolean

Indicates if the user is an API user. The purpose of the API User check box is to provide Encompass administrators the ability to grant a consulting Encompass Partner with access to your company's Encompass instance and access to your company's APIs stored in Encompass Developer Connect.

Only appears when creating new users.
Does count against your company's enabled user license limits.
This check box is intended for use with Supported Encompass Partners only and should not be used for users within your organization. Once the Partner and the Encompass administrator complete the required process, the Partner will be recognized as a Supported Encompass Partner and they will be able to access your company's Encompass instance via APIs.
The administrator will be able to assign the required privileges to this API user just as they would for any other Encompass user. However, this API user will not be able to log into any Encompass instances via Encompass.

isSsoOnly

boolean

Defaults to false

This is used to enable SSO login. The 'isSsoOnly' attribute can be provided only if 'password' attribute is not provided. Default value is false. This attribute indicates when the user’s Login Access level is linked to their Organization.

When this attribute is true, the user must log into Encompass using Single Sign-On credentials with their company's identity service provider (IdP) only. They will not be permitted to log in using their Encompass user name and password credentials.
When this attribute is false, the user’s login access level is “Full Access” and users can log into Encompass using their Encompass user name and password credentials OR Single Sign-On credentials with their company's IdP.

Refer to the Setting Up SSO in Encompass guide for complete details about setting up SSO and this attribute. Values are 'true' or 'false'. This is enabled in Encompass based on Company settings Category : PASSWORD. Attribute :SSOLOGIN.

ssoDisconnectedFromOrg

boolean

Indicates if the SSO user is connected to the org or disconnected from the org. Values are 'true' or 'false'.

allowImpersonation

boolean

To enable other Encompass Partners or other individuals to access your company's APIs by using this user account to call the APIs. Values are 'true' or 'false'. This 'allowImpersonation' attribute can only be set true when 'apiUser' is true.

requirePasswordChange

boolean

Defaults to false

This forces user to change the password on first login. Values are 'true' or 'false'. Default value is 'false'.

personas

array of objects

Array of objects containing the entity information for the personas associated to the user. The persona controls the views and features available to the user.

personas

groups

array of objects

Array of objects containing the entity information for the list of user groups associated with the user.

groups

licenses

array of objects

States in which the user is licensed to originate loans. The user can start a loan only if the subject property is in a state in which the user is licensed. When a state license expires, loan team members will not be able to assign loans in that state to the loan officer. If the Expiration Date field is left blank, Encompass assumes the license never expires. Refer to attributes listed in the User State License contract table.

licenses

compensationPlans

object

Collection of attributes related to the user’s assigned current, future, and/or historical compensation plans. Refer to attributes listed in the AssignedCompPlansContract.

organization

object

The organization the user is a member of.

orgHierarchy

array of objects

The organization the user is a member of.

orgHierarchy

createdDate

date-time

The DateTime that the user was created. Format: [DateTime: yyyy-MM-ddTHH:mm:ssZ]

createdBy

object

The entity and id that created the user.

lastModifiedDate

date-time

RetrieveOnly. The most recent DateTime that the user was updated.
Format: [DateTime: yyyy-MM-ddTHH:mm:ssZ]

lastModifiedBy

object

The entity and id that last updated the user.

lastLogin

date-time

Date and time when the user last logged in.
Format: [DateTime: yyyy-MM-ddTHH:mm:ssZ]

oAuthClientId

string

oAuthClientId is required when API user flag is true. Max length: 100

subordinateLoanAccess

string

Access level to other uers's loans, when the user is in a lower level of the organization hierarchy as this user.
Enumerations: ReadOnly, ReadWrite (ReadOnly is the default.)

peerLoanAccess

string

Access level to other uers's loans, when the user is in the same level of the organization hierarchy as this user.
Enumerations: Disabled, ReadOnly, ReadWrite (Disabled is the default.)

userIndicators

array of strings

RetrieveOnly. This field value will indicate if the user is one of the following enumerations:

TopLevelUser
TopLevelAdministrator
Administrator
SuperAdministrator

userIndicators

ccSite

array of objects

Array with ccSite information.

ccSite

comments

string

Free-form comments.

emailSignature

string

The e-mail signature of the user.

Headers

Authorization

string

required

Bearer token

Responses

400

Bad Request

403

Forbidden

404

Not Found

409

Conflict

Language

URL

Response

Choose an example:

application/json

201Created