Summary and recommendation
Encompass user management can be run manually, but complexity usually increases with role models, licensing gates, and offboarding dependencies. This guide gives the exact mechanics and where automation has the biggest impact.
Encompass manages users through a Persona-based permission model accessed at Encompass > Admin > User Management.
Every app in a mortgage operation that touches loan data inherits access boundaries set here - Personas control screens, fields, loan folders, and reporting scope simultaneously.
Organizational hierarchy placement further scopes what data each user can see, making both Persona assignment and org-node placement required steps, not optional ones.
Quick facts
| Admin console path | Encompass > Admin > User Management |
| SCIM available | Yes |
| SCIM tier required | Enterprise |
| SSO prerequisite | No |
User types and roles
| Role | Permissions | Cannot do | Plan required | Seat cost | Watch out for |
|---|---|---|---|---|---|
| Administrator | Full access to system settings, user management, personas, business rules, reporting, and all loan data. Can create and modify users, assign personas, and configure system-wide settings. | Administrator accounts count as licensed seats; granting admin rights does not create a separate license type. | |||
| Standard User (Loan Officer, Processor, Underwriter, etc.) | Access determined by assigned Persona. Typically includes loan origination, processing, or underwriting tasks scoped to their persona and organizational hierarchy. | Cannot access Admin settings or modify system configuration unless explicitly granted via persona. | Permissions are entirely controlled by the assigned Persona; a user with no persona assigned may have severely restricted access. | ||
| External User / TPO (Third-Party Originator) | Limited access to submit and track loans via Encompass TPO Connect or partner portal. Cannot access internal loan pipeline or admin settings. | Cannot access internal Encompass admin console or full loan pipeline. | TPO users are managed separately through the TPO Connect module; licensing and seat counts may differ from internal users. |
Permission model
- Model type: role-based
- Description: Encompass uses a Persona-based permission model. Each user is assigned one or more Personas, which are predefined or customized role templates that control access to screens, fields, loan folders, reports, and administrative functions. Field-level access can be configured within personas. Organizational hierarchy (branches, divisions) further scopes data visibility.
- Custom roles: Yes
- Custom roles plan: Not documented
- Granularity: Persona-level with field-level and folder-level access controls. Administrators can create custom personas and restrict or grant access to individual screens, fields, and loan folders.
How to add users
- Log in to Encompass as an Administrator.
- Navigate to Encompass > Admin > User Management.
- Click 'New' or 'Add User' to open the user creation form.
- Enter required user details: Login ID, name, email address, and password.
- Assign the user to an organizational hierarchy node (e.g., branch or division).
- Assign one or more Personas to define the user's permissions.
- Configure additional settings such as loan folder access, reporting groups, and licensing options as needed.
- Click 'OK' or 'Save' to create the user account.
Required fields: Login ID (username), First Name, Last Name, Password, Organizational hierarchy assignment, Persona assignment
Watch out for:
- Login IDs must be unique across the Encompass instance and cannot be changed after creation.
- A user without a Persona assigned will have minimal or no functional access.
- Users must be placed within the organizational hierarchy; placement affects which loans and data they can see.
- Email address is required for certain notification and eFolder features.
| Bulk option | Availability | Notes |
|---|---|---|
| CSV import | Unknown | Not documented |
| Domain whitelisting | No | Automatic domain-based user add |
| IdP provisioning | Yes | Enterprise (SCIM provisioning requires Enterprise tier) |
How to remove or deactivate users
- Can delete users: Unknown
- Delete/deactivate behavior: This app exposes delete operations in its API documentation, but the admin-console path may present removal as deactivation, archiving, or deletion depending on tenant configuration. Confirm whether the UI action is reversible before treating removal as recoverable.
- Log in to Encompass as an Administrator.
- Navigate to Encompass > Admin > User Management.
- Search for and select the user to be deactivated.
- Uncheck or toggle the 'Active' status for the user account.
- Save the changes. The user will no longer be able to log in.
| Data impact | Behavior |
|---|---|
| Owned records | Loans and records associated with the deactivated user remain intact and accessible to administrators and other authorized users. Historical audit trails are preserved. |
| Shared content | Shared reports, templates, and resources created by the deactivated user remain in the system. |
| Integrations | API tokens or integration credentials tied to the deactivated user may stop functioning; administrators should reassign or rotate credentials before deactivation. |
| License freed | Deactivating a user frees the licensed seat, making it available for reassignment to a new user. |
Watch out for:
- Deactivated user Login IDs cannot be reused for new users; the account persists in the system.
- Administrators should reassign open loans from a departing user before deactivating the account to avoid workflow disruption.
- Some integrations or automated tasks configured under the user's credentials may fail after deactivation.
License and seat management
| Seat type | Includes | Cost |
|---|---|---|
| Named User License | Full access to Encompass loan origination platform per the assigned Persona. Each active user account consumes one named seat. | Custom (subscription-based; pricing not publicly listed) |
| TPO / External User | Access to Encompass TPO Connect or partner portal for third-party originators. Separate from internal named user seats. | Custom (pricing not publicly listed) |
- Where to check usage: Encompass > Admin > User Management (filter by Active users to view current seat consumption)
- How to identify unused seats: Administrators can filter the User Management screen by last login date or active status to identify accounts that have not been used recently. No automated unused-seat reporting tool is documented in official help.
- Billing notes: Encompass is sold on a subscription basis with custom enterprise pricing. Seat counts are negotiated at contract time. Deactivating users frees seats for reassignment within the contracted count. Contact ICE Mortgage Technology account management for seat additions or contract changes.
The cost of manual management
Every app tied to a departing employee carries risk until that account is deactivated - Encompass does not permanently delete users, so the operational task is toggling the Active status off, not removing a record. Administrators should reassign open loans before deactivating;
integrations or automated tasks running under that user's credentials will silently fail after deactivation. Login IDs cannot be reused once created, which compounds offboarding overhead when replacement hires need accounts that mirror a prior naming convention.
Bulk user operations are not well-supported in the standard admin UI. Large onboarding events - new branch openings, acquisitions - require either manual entry per user or API use, since no documented bulk-import tool exists in the console.
Persona configuration adds another layer: the interface is reported by administrators as complex to manage at scale, particularly when many role variations exist across divisions.
What IT admins are saying
Community evidence is not specific enough to quote or summarize yet for this app.
The decision
Manual administration is workable for organizations with stable headcount and infrequent role changes. The Persona model is powerful but demands upfront investment in configuration - every user must have both a valid Persona and a correct org-node placement before they have functional access.
Teams with high loan officer turnover, multi-branch structures, or frequent persona changes will find the manual process increasingly error-prone at volume.
TPO users are managed through a separate module (TPO Connect) with distinct licensing; do not assume internal user management workflows apply to external originators. Confirm seat counts against contracted limits before bulk onboarding, as Encompass is sold on a custom subscription basis and seat additions require account management engagement.
Bottom line
Encompass user administration is reliable for steady-state operations but surfaces real friction at scale: immutable Login IDs, non-recyclable deactivated accounts, and a Persona configuration layer that requires careful upfront design.
Every app and workflow in the loan pipeline depends on correct Persona and org-node assignment - gaps here produce access failures that are not always obvious to diagnose.
Organizations managing frequent headcount changes or multi-branch structures should evaluate whether the manual console alone is sufficient or whether API-driven provisioning is warranted.
Automate Encompass workflows without one-off scripts
Stitchflow builds and maintains end-to-end IT automation across your SaaS stack, including apps without APIs. Built for exactly how your company works, with human approvals where they matter.
