Admin platform authentication
Your institution employees can access the Banno Admin platform via login.banno.com. The process is simple, but some of the requirements differ from the authentication your end users utilize. This document outlines the current functionality for enterprise authentication.
Password requirements
Password requirements can be broken into two categories: text that must be included in a password, and text that cannot be included in a password.
| Required | Not allowed |
|---|---|
| At least one number | Alphabetical sequences of letters (e.g. abcd) |
| At least one uppercase letter | Numerical sequences of numbers (e.g. 1234) |
| At least one lowercase letter | Sequences of keys on the keyboard (e.g. qwerty) |
| At least one special character (e.g. @, #, $, %, etc) | More than four repeated characters |
| Between 8 and 128 characters | Spaces |
Enterprise passwords do not expire.
Two-factor authentication (2FA)
Within Banno Admin, authorized personnel can manage your institution’s 2FA settings for employees as well as end users. Because we consider changing 2FA options a high-risk change, employees must belong to a group with 2FA enabled before they can manage 2FA settings for the institution.
Currently, admin users need to use the Authy app for 2FA when logging in to Banno Admin. We are planning to support all Banno 2FA options in the future.
Session timeout
For more information on enterprise session timeouts, see the associated documentation page.
Session logging
Each time a user attempts to log into the enterprise platform, the attempt is logged in History. Certain actions done by authenticated users are also logged in History.
Account lockout
Users are locked out of the enterprise platform after 5 failed login attempts.
Account inactivity
Enterprise accounts do not move to an inactive status, regardless of the amount of time since last login. Accounts must be manually deactivated.