Developer Programs
Vendor Integration Program (VIP)
Direct access to Jack Henry's technical integration resources.
Technical Account Manager (TAM)
Get technical integration help from a single point of contact.
Learn
Shared Responsibility
Learn about shared roles and responsibilities of customers and Jack Henry in open banking.
Developer Use Cases
Find a use case that fits your development needs.
Developer Video Gallery
Watch the latest demos, webinars, and more.
Developer Conference
Connect with industry leaders, gain insights from expert speakers, and explore our latest innovations.
Docs
Admin API
Create solutions for an institution's back office support tools.
Authentication Framework
Map customer identities to your existing system IDs.
Consumer API
Access financial data for user accounts, transactions, and more.
Data Broker
Get deeper access to financial institution data.
Enterprise Event System
Respond to events in real-time using this powerful pub/sub-based solution.
jXchange - REST API
Translate business information between Jack Henry and third-party applications using a REST-based API.
jXchange - SOAP API
Translate business information between Jack Henry and third-party applications using a SOAP-based API.
Operational Data Integration (ODI)
Get customized queries for bulk data needs.
Payments
Embed check deposits, ACH, bill pay, cards, and real-time payments.
Plugin Framework
Embed the best of the fintech world directly into your user's dashboard.
SymXchange
Query Symitar core member accounts, post transactions, run PowerOn scripts, and more.
Xperience
Modern UI that provides consistent visual integration across Jack Henry products.

Associated User

Admin API > Overview > Authentication > Associated User

When an External Application authenticates itself with the Admin API, all actions are performed and logged as a single Associated User in Banno.

Principle of least privilege

The principle of least privilege is a key concept in information security.

Don't
It is not recommended to create an Associated User that has all possible privileges/permissions assigned to it.
Do
It is highly recommended to follow the principle of least privilege when creating an Associated User.

The Associated User acts as a back office administrator at the financial institution. As such, it is best to have the Associated User be created with only the privileges/permissions that are specifically necessary for the External Application to function.

The back office administrator at your financial institution can do this for you in the Users & Groups section of Banno.

Example

If an External Application is only meant to view information about users, then the Associated User should only include the permissions necessary to view users and should not include permissions to edit or delete users.

Key concepts

Maintain an audit log
The External Application is required to maintain its own audit log of actions.
Actions logged as associated user
All actions by the External Application are performed and logged as a single Associated User in Banno.
Follow the principle of least privilege
The Associated User acts as a back office administrator at the financial institution and should be created with only the privileges/permissions that are specifically necessary for the External Application to function.

A good rule of thumb is that the Associated User is able to perform the same tasks with the Admin API that they are able to do within the back office UI. For example, if the user is able to search and see users within the back office UI, the Associated User will also be able to perform this task from the Admin API.

Have a Question?
Have a how-to question? Seeing a weird error? Get help on StackOverflow.
Register for the Digital Toolkit Meetup where we answer technical Q&A from the audience.
Last updated Mon Jul 17 2023