Users & Groups

You probably have a lot of roles for your team, and not everyone needs access to everything. Users & Groups gives you the tools to manage permissions for users and groups, ensuring that your team has access to what they need, when they need it.

How does it work?

Users & Groups aims to make it simple. Choose a Banno user, add them to a group, and they’ll get access to everything that group has access to. Any apps that user has no permissions for will be hidden from them when they log into banno.com, keeping their working interface clean and easy to manage. Of course, with so many settings, you’ll have some questions. Luckily, we have answers. Check ’em out below.


Users

Within Users & Groups, the Users screen is your home base for your individual team members. From here, you can view all of your enterprise users, filter by group, and search by name. Clicking any name will bring you to the settings screen for that user.

Inviting new users

The Invite people button allows you to add new team members. All you need to do is enter their email address and invite them to at least one existing group, and they’ll receive an email inviting them to set up an account. The Send invite button will only be selectable once you have both an email address entered and at least one group selected.

You can also invite multiple people at a time by entering multiple email addresses separated by commas.

User settings

The settings page for each enterprise user allows you to view their permissions, change the groups they are a part of, view their recent notifications, and access security settings.

Permissions

The Permissions tab allows you to view the status of each permission for the selected enterprise user. Permissions are determined by the groups an enterprise user is a part of, which is listed at the top of the page and can be changed by clicking the Edit groups link. For a full list of all permissions and their effects, see the Settings permissions doc.

Notifications

The Notifications tab allows you to view all notifications sent to the selected enterprise user. Clicking a notification will open the text of the delivered notification in a new window. If you are unable to view a notification, check the status of any enabled pop-up blockers in your browser, as they can interfere with the new window.

Security

Enterprise users are able to view only their own Security tab where they can change their password or reset their two factor authentication enrollment. If you need to reset 2FA on behalf of one of your team members, you’ll need to open a support case.


Groups

Within Users & Groups, the Groups screen houses all groups your team has created for managing permissions. Enabling or disabling permissions is handled exclusively through group membership. When your institution first logs into Banno Settings, only one group will exist with all permissions enabled. Members of that group will be able to fill out the rest of the groups your team needs. While you are free to utilize settings however works best for your team, we do have a few best practices to help you get started.

Creating a new group

The Create a group button allows you to create a new group. You’ll enter a group name and description, an optional group that this group reports to, and the ability to require Two-factor authentication for all members of that group. When creating a group, you’ll also select an enforcement date by which all users must have two-factor authentication enabled to continue having access to banno.com.

You may also select a collection of permissions for this group, as outlined in the Settings permissions doc.

Two-factor authentication

Enabling Two-factor authentication—or not—for a group serves two purposes. First, it’s a security measure that verifies team members by having them complete 2FA when they log in to Banno Enterprise. An enterprise user should only have to authenticate on their first login, but if they clear their device storage or switch web browsers, they’ll re-authenticate when logging in. Second, Two-factor authentication controls 2FA and other high-security changes that verified enterprise users can make in People. For groups with Two-factor authentication disabled, security settings will be read-only and unable to change regardless of an enterprise user’s permissions.

Editing a group

Clicking an existing group will give you access to the options available in the Create a group section. In addition, you will be able to view all members of this group through this screen. Changes to group settings will not take effect until the Save button is clicked.

From this screen you may also delete the group by selecting the delete icon.



Related