Coming Soon: Updates to Freddie Mac Credentials for System Access
Single-Family Seller/Servicer Guide (Guide) Bulletin 2020-45 announced that we are further enhancing our access management provisioning standards, consistent with Freddie Mac’s overarching objective of protecting your data from security threats.
In December, we notified clients that beginning 2021, system-to-system (S2S) authentication credentials for Freddie Mac tools must be reset every 365 days.
Check out the following resources to help you successfully reset your password(s):
- Prepare to Reset Your System-to-System Password checklist will help you determine which scenario best fits your organization’s situation.
- Resetting Your System-to-System Account Password tutorial walks you through the process of resetting your passwords(s).
- System-to-System Password Reset Process job aid provides step-by-step instructions for quick reference.
Next Steps
- Review the resources for answers to any questions you may have.
- Schedule and plan the time needed to reset your S2S password(s).
- Notify any impacted parties (in advance) that need to be aware of the password changes you are making.
- Reset your S2S password(s).
You do not need to wait to hear from us to complete this process. We encourage you to reset your S2S password(s) as soon as possible.
NOTE: EXTENDED MAINTENANCE WINDOWS - Please review specific dates and times for a schedule of extended maintenance windows for distinct tools over specific weekends before scheduling the reset of your system account password.
We’ve started reaching out to clients about credential updates. If you haven’t already reset your password(s) and you receive notification from us you will have 90 days to complete the password reset process.
Enhancements to Freddie Mac Access Manager
To help you better manage your organization’s access to Freddie Mac systems, we recently updated Access Manager with the following enhancements:
- Updated Access Manager Help content with system account information related to the upcoming changes that will help Admins reset S2S passwords and disable accounts that are no longer in use.
- Added a new role, Primary Elevated, that allows Executive Admins to provision user access to all current and future managed applications, Seller/Servicer or Related Third Party (RTP) numbers. The Primary Elevated role will eliminate the need for Admin Access Authorizations and falls under the Executive Admin in the admin hierarchy structure.
- Added new alert messaging to prevent the creation of duplicate system accounts when provisioning a new user with an email address that already exists for an application.