Users & Groups
You probably have a lot of roles for your team, and not everyone needs access to everything. Users & Groups gives you the tools to manage permissions for users and groups, ensuring that your team has access to what they need, when they need it.
How it works
Users & groups aim to make it simple. Choose a user, add them to a group, and they’ll get access to everything that group has access to. Any apps that user has no permissions for will be hidden from them when they log into banno.com, keeping their working interface clean and easy to manage. Of course, with so many settings, you’ll have some questions. Luckily, we have answers. Check ’em out below.
Users
Within Users & Groups, the Users screen is your home base for your individual team members. From here, you can view all of your enterprise users, filter by group, and search by name. Clicking any name will bring you to the settings screen for that user.
Inviting new users
The Invite people button allows you to add new team members. All you need to do is enter their email address, and invite them to at least one existing Banno group – and any optional JH Platform groups if applicable – and they’ll receive an email inviting them to set up an account. The Send invite button will only be selectable once you have both an email address entered and at least one Banno group selected.
You can also invite multiple people at a time by entering multiple email addresses separated by commas.
When inviting a new user, ensure that they are added to at least one existing Banno group. Even if your financial institution only uses Users & Groups for Jack Henry Platform solutions, or a particular enterprise user only needs access to Jack Henry Platform products, they still must be added to a Banno group. In this instance, we recommend creating a dummy group with minimal to no permissions to fulfill the one Banno group requirement.
User settings
The settings page for each enterprise user allows you to view their permissions, change the groups they are a part of, and view their recent notifications. If you select yourself, you will also be able to see your security settings, which other enterprise users are not able to see.
Permissions
The Permissions tab allows you to view the status of each permission for the selected enterprise user. Permissions are determined by the groups an enterprise user is a part of, which are listed at the top of the page.
Enterprise users may be part of multiple groups and their permissions can span across more than one product. Find the the product in the left-hand Features menu and select it to see which groups the enterprise user is a part of and what permissions they are granted. For Banno groups, the user interface will look a bit different and include an option at the top of the page to change the groups a user belongs to through the Edits groups button. For all other products in the Features menu, you will still be able to see the enterprise user’s permissions and groups, but you will not be able to edit the groups they are a part of from this page. To edit the non-Banno groups a user belongs to, you will need to go to the Groups page and add the user to the group. For a full list of all permissions and their effects, see the Settings permissions doc.
Notifications
The Notifications tab allows you to view all notifications sent to the selected enterprise user. Clicking a notification will open the text of the delivered notification in a new window. If you are unable to view a notification, check the status of any enabled pop-up blockers in your browser, as they can interfere with the new window.
Security
Enterprise users are able to view only their own Security tab where they can change their password or reset their two factor authentication enrollment. If you need to reset 2FA on behalf of one of your team members, you must open a support case.
Groups
Within Users & Groups, the Groups screen houses all groups your team has created for managing permissions. Enabling or disabling permissions is handled exclusively through group membership. When your financial institution first logs into Banno Settings, only one group will exist with all permissions enabled. Members of that group will be able to fill out the rest of the groups your team needs. While you are free to utilize settings however works best for your team, we do have a few best practices to help you get started.
Creating a new Banno group
The Create a group button allows you to create a new group. Select Banno group, enter a group name and description, an optional group that this group reports to, and the ability to require Two-factor authentication for all members of that group. When creating a group, you’ll also select an enforcement date by which all users must have two-factor authentication enabled to continue having access to banno.com.
You may also select a collection of permissions for this group, as outlined in the Settings permissions doc.
Creating a Jack Henry Platform Group
From the Create a group button, select JH Platform group to create a group with permissions for your Jack Henry Platform products or features. Enter a group name and description and select Save to continue. Navigate to the Groups screen under the JH Platform tab to see your newly created group and add your desired permission sets. Permission sets are exactly what they sound like: a collection of permissions that can be applied to a JH Platform group.
Note: Permission sets apply only to the product they grant permissions for, but one group can have permission sets for multiple products simultaneously. You cannot currently create your own permission sets or edit or delete permissions within a permission set, but we are working on introducing this ability soon – so stay tuned!
Two-factor authentication
Enabling Two-factor authentication – or not –for a Banno group serves two purposes. First, it’s a security measure that verifies team members by having them complete 2FA when they log in to Banno Enterprise. An enterprise user should only have to authenticate on their first login, but if they clear their device storage or switch web browsers, they’ll re-authenticate when logging in. Second, Two-factor authentication controls 2FA and other high-security changes that verified enterprise users can make in People. For groups with Two-factor authentication disabled, security settings will be read-only and unable to change regardless of an enterprise user’s permissions.
Note: Two-factor authentication is currently only an option to enforce for Banno groups, meaning it is not an option for JH Platform groups. However, because every enterprise user must be enrolled in at least one Banno group, you still have the ability to enforce 2FA at first login for all enterprise users if you make 2FA a requirement within their Banno groups.
Editing Banno groups
Clicking an existing Banno group will give you access to the options available in the Create a group section. In addition, you will be able to view all members of this group through this screen. Changes to group settings will not take effect until the Save button is clicked.
From this screen you may also delete the group by selecting the delete icon.
Editing Jack Henry Platform groups
Selecting the group you wish to edit will give you the option to add permission sets, add users to the group, or edit the group details such as name and description.
Note: One important difference between managing users in Banno groups versus JH Platform groups is that in Banno groups, you may only grant permissions by adding groups to an enterprise user through the Users screen. Whereas with JH Platform groups, you will add enterprise users to a group through the Groups screen. You may also select which JH Platform groups a user should be a part of when you initially invite a user, but you cannot add groups to an existing enterprise user through the Users screen like you can with Banno groups.
Managing permission sets for Jack Henry Platform groups
How you manage your JH Platform groups’ permissions is entirely up to you. We designed the system to allow you maximum flexibility so you can choose which setup works best for your financial institution.
Because JH Platform groups allow you to assign permission sets to a group across multiple products, you can either create one group with permission sets for multiple different products (like a group for admins or tellers for example) or you could choose to create separate, product-specific groups and have an enterprise user belong to multiple groups depending on which products they need to access.
Here is a generic visualization to show the two different ways you could manage enterprise user permissions, depending on how you set up your groups:
Here is another visualization with real permission set examples to demonstrate what group management could look like for the Jack Henry Wires product:
FAQ
- What is the difference between Banno groups and JH Platform groups?
- Users & Groups has always been Banno’s way to manage what enterprise users can and cannot access within Banno products, but this need to manage enterprise user permissions is not unique to Banno. Rather than having several products each with its own authorization framework, we created a new Authorization Management Service (AMS) and integrated it into Banno Admin’s user interface for centralized authorization management across various Jack Henry products. If you have products that use AMS and you belong to a Banno group that gives you the necessary permissions to view, create, and edit groups, you will see a JH Platform groups option and be able to manage those groups’ permissions.