Admin platform authentication

Your institution employees can access the Banno Admin platform via login.banno.com. The process is simple, but some of the requirements differ from the authentication your end users utilize. This document outlines the current functionality for enterprise authentication.

Password requirements

Password requirements can be broken into two categories: text that must be included in a password, and text that cannot be included in a password.

Required Not allowed
At least one number Alphabetical sequences of letters (e.g. abcd)
At least one uppercase letter Numerical sequences of numbers (e.g. 1234)
At least one lowercase letter Sequences of keys on the keyboard (e.g. qwerty)
At least one special character (e.g. @, #, $, %, etc) More than four repeated characters
Between 8 and 128 characters Spaces

Enterprise passwords do not expire.

Two-factor authentication (2FA)

Within Banno Admin, authorized personnel can manage your institution’s 2FA settings for employees as well as end users. Because we consider changing 2FA options a high-risk change, employees must belong to a group with 2FA enabled before they can manage 2FA settings for the institution.

Currently, admin users need to use the Authy app for 2FA when logging in to Banno Admin. We are planning to support all Banno 2FA options in the future.

We also support 2FA via the Authy app for employees with international phone numbers. To use an international phone number when enrolling in 2FA, the employee just needs to modify the Country code field when adding their phone number for receiving Authy 2FA codes.

Session timeout

For more information on enterprise session timeouts, see the associated documentation page.

Session logging

Each time a user attempts to log into the enterprise platform, the attempt is logged in History. Certain actions done by authenticated users are also logged in History.

Account lockout

Users are locked out of the enterprise platform after 5 failed login attempts.

Account inactivity

Enterprise accounts do not move to an inactive status, regardless of the amount of time since last login. Accounts must be manually deactivated.