Security
We believe that the community financial institution of tomorrow needs to be as mobile as the customers and members they serve. To enable that vision, we built all of the Banno tools for your institution run on the open internet from any modern device. That means your institution can support a user, who can be anywhere, from anywhere.
While we believe this is how community institutions will succeed, we realize not every organization is ready to make that change. If the security posture of your organization is to limit access to Banno People and other administrative tools to only be available inside of your network or from a workstation, we can support that. By installing a package in Xperience you can restrict sign in access to Banno for your institution to only come from Xperience and not from the open internet.
Installing Banno in Xperience
If you have Banno Apps as an installed product, you’ll have access to download the Banno package from the Jack Henry™ Download site. The Banno package installs just like any other.
Find the latest package where the file name starts with “Banno” and download it. Refer to the Xperience user guides for the steps necessary to install the package.
Once the package is installed, we need you to run Banno in Xperience once in order to generate logs needed for us to complete the configuration on our side.
User access
With access to Banno from Xperience fully configured, you’ll now see a new section in Banno Users & Groups titled “Authenticate” that contains two options.
- Permit sign in via Banno - The default where users can sign in to Banno from Banno.com. Uncheck this option if you only want to allow sign in via Xperience.
- Permit sign in via Xperience - For users, like branch employees, allow them single-sign on access into Banno from Xperience.
User credentials are not maintained in Xperience for Banno’s SSO into Banno Admin. For logins to be successful, the user must have a profile in Banno Admin and the profile must match by email from XP/Core profile.
Adopting Xperience password reset for Banno lets banks and credit unions send Banno end users a reset password email from Xperience, just as they can reset the user's password from within Banno People.
To understand how your financial institution can leverage external applications to enrich the Banno Platform user experience, you will need to study these resources before proceeding:
Creating the external application
Because the process below involves steps that require considerable technical aptitude, we recommend reviewing the Authentication - Client Credentials and/or Public Key + Private Key documentation that our Developer Relations team maintains on the JackHenry.Dev resource site, which exists to help developers utilize our Digital Toolkit—including the Plugin Framework, Authentication Framework, Admin API, and Consumer API.
Reminder: Please be aware that the Banno Platform support team is not able to assist customers with utilizing the Digital Toolkit. Instead, developers will need to submit questions on Stack Overflow (using the #banno-digital-toolkit tag) or reserve a spot during the next Toolkit Meetup.
To enable the Xperience Password Reset feature for a bank or credit union, you will first need to create a new external application in Banno Admin:
- In the lower-left corner of the main menu, click the ••• (Settings) icon and select Users & Groups.
- In the Developers section of the sub-navigation menu, click Create external app, and then use the following details to complete the app creation form:
- Name: Enter a unique, easily identifiable name for the app (e.g.,
Xperience Password Reset
). - Partner Name: This field, which is inactive for customers, should clearly indicate the product or company we've partnered with for the external application. In this case, the partner name will likely say
Xperience, by Jack Henry
. - Application Type: Service account
- Client Type: Signed JWT
- Public Key: After generating a public key in PEM format (i.e., a plain text file), copy and paste the contents into the Public Key field.
- Associated user: Select the lone user who will be identified with the external application that you’re creating for Xperience Password Reset.
Note: The Xperience Password Reset feature will not work unless the associated user you choose belongs to a Group with the Manage security settings checkbox selected in their group-level permissions. - Click Save.
- In the Developers section of the sub-navigation menu, click External apps, and copy the Client ID, which you will need when configuring this connection in Xperience.
Note: You'll also need the base URL for the Banno Admin API,https://banno.com
*.
*It's important to distinguish the Admin API base URL (which does not vary) from our Consumer API base URL (which is unique for each financial institution), as described in more detail in the Consumer API - Base URL article on JackHenry.Dev.
Configuring Banno Online Banking Password Reset in Xperience
Now that you’ve created the external application in Banno, you will need to open Xperience and complete a second set of configuration steps—available in the “Banno Online Banking Password Reset” section of the General Ledger, Integrations, and Other Applications Enhancement Guide for SilverLake on ForClients.