MyGinnieMae Portal | Getting Started Manual v2.2 | 11
o Notepad: Create and manage personal notes. Notes are user specific.
o Task List: Create and manage task lists and list items. Set reminders on the list items.
o Ginnie Mae Calendar of Events: View and receive notifications on upcoming Ginnie Mae events.
• Application Access Controls: Utilizes Functional Roles to enforce Portal access security for all users and
systems. MyGinnieMae provides a means to associate authenticated system users with applicable rights and
privileges within the Portal and associated application programs.
• Web-Based Self-Service Interface: Provides self-service password management capabilities through a
standard web-based interface.
• Audit Support: Provides relevant reports and email notifications for Ginnie Mae business users to enable
transparency across the organization. For Organization Administrators, MyGinnieMae provides reports reflecting
user access, workflow request/approval details, and account status.
• Invitation Model: Automates the user registration process through an invitation model. Registration must be
completed before being granted access to the system.
• Portal Capabilities: Provides a central access point to all Ginnie Mae business applications including Single
Sign-On (SSO) to GMEP 1.0 and GinnieNET. Includes communications via the Marquee, Event Calendar, and
messaging from Ginnie Mae Account Executives, instructional materials, and notes and tasks/lists feature for
capturing action items and/or reminders for Ginnie Mae business activities.
• Multi-Factor Authentication via One-Time PIN (OTP): Provides an additional level of security for access to
Ginnie Mae business applications through a single use password received via email. Users also have the option
to receive the OTP via Oracle Mobile Authenticator (OMA) app.
1.2 Security Protocols
1.2.1 Multi-Factor Authentication
MyGinnieMae requires a strong authentication system to meet FFIEC (Federal Financial Institutions Examination Council)
and FISMA requirements. MyGinnieMae ensures that the appropriate security controls and context are established prior
to conducting business. This approach allows Ginnie Mae to maintain an access management system that complies with
Federal guidelines and security controls that align with leading industry security capabilities to reduce fraud, replay attacks,
and phishing. MyGinnieMae is designed and configured to enable strong authentication through its Multi-Factor
Authentication (MFA) service.
When accessing secured applications and information in the Portal, a single use password called a One-Time PIN (OTP)
provides an added level of security. This can be an eight-digit code, valid for 10 minutes that is sent to the user’s email
address or it six-digit code, valid for 30 seconds that is received on the user’s smart device via the Oracle Mobile
Authenticator (OMA) app. Users are required to enter the OTP each time they login.
1.2.2 New Enterprise ID and Single Sign-On
MyGinnieMae is accessed via a single enterprise ID or username. This new enterprise ID is the user’s corporate email
address, which must be unique, and serves as the login for personalized credentials set up during registration. Once the
account has been granted access to various applications, Single Sign-On (SSO) provides secure and seamless navigation
to those applications without the need to maintain and re-enter credentials for multiple GMEP 1.0 accounts or GinnieNET.