How-to: Create User and API Credentials

0) Do we actually need to do this anymore?

Hypothetically, this old manual process will still work.

But is it truly necessary given we have self-serve signup on JackHenry.Dev?

We should push folks towards Accessing the Digital Toolkit instead.

1) Ask the Requestor to Create a CRES Account

We use the Cisco Registered Envelope Service (CRES) to securely send the test user and API credentials to 3rd party developers.

Note: The template here might have stuff hidden off-screen depending upon your browser zoom level. Make sure to scroll to copy all of it.

Hi,

We'll need you to create an account on the Cisco Registered Envelope Service (CRES): https://res.cisco.com/. The CRES is what we will use to securely message you with your test user and API credentials.

-- Developer Relations team

2) Create a Test User

Follow the steps for the New User Creation Tool to create a new test user.

NOTE:

Use this email address for one time passcode delivery on test accounts in the #auto-emails channel in Slack: v9f4y9o2h4s8h5d4@banno.slack.com

You can use a different email address, but it’ll have to be an email address that you can actually access to retrieve the one time passcode.

NOTE:

There is a new phone number for 2fa code delivery on test accounts in the #auto-authy-code channel in Slack: 3194861453

Do not use 319-343-9867 as it did not make it through the Google domain changes!

2a) Add user to tracking spreadsheet

After completing the task above, add the info as a new row in the Test User Management (& Vendors) spreadsheet (in the Vendors tab).

2b) Get “Firefighter” access

You need FF (firefighter) access to change abilities in Prod, even for demo FIs such as Garden.

Do this:

• Go to the #org-firefighter-requests channel in Slack
• Say “ff” (without the quotes) to get time-limited firefighter access from the ‘Firechief’ bot.
• The Firechief bot should respond in the affirmative with something like: “🚒 {your username} has been granted firefighter access by self request.”

You now have firefighter access to continue with the next step.

2c) Disable 2FA

Once you have an enrolled user, you can look them up in Banno People’s “Users” search feature, then:

• Click on the user from the search results
• Click on the Config tab (this only appears for Banno employees)
• In the Abilities section, click the ‘Only display overrides’ dropdown and choose ‘Display all possible overrides’
• Scroll down to Security
• Click the ‘Edit’ button
• For the two_fa_enabled config, click ‘Override Garden’ and turn off 2FA on the slider.

(Inspiration for the above steps)

2d) Verify 2FA is Disabled

The easiest way to verify that 2FA is, in fact, disabled is to open an Incognito window in your web browser and try logging in. If you can log into Banno Online without being prompted for 2FA, then you’re good to go. 👍

3) Generate API Credentials

We have access to create API credentials in Banno People’s Settings / External applications screen.

• We’re currently using the Garden financial institution, so you would find the correct screen at https://banno.com/a/people/8222/settings/external-apps
  • You’ll need your Banno LDAP credentials to log into this.

To create the credentials:

• Click the Create button.
• In the Setup a new external application screen, click - Select SSO name -.
  • Select (Custom SSO) Custom name.
• You should now see a screen where you can enter data and select some options.
• Enter a Name.
  • We’ll probably want to format this as [COMPANY] ([PERSON])
    • Notably, we started with the reverse where the format was [PERSON] ([COMPANY]). This didn’t scale too well, so use the format where the company name comes first instead.
• Make sure a Client Type of Confidential (uses client secret) is selected.
• Uncheck the User consent required checkbox.
• Enter these Redirect URIs:
  • http://localhost:8080/dynamic
    • This matches up with the Simple Plugin Example, which they can use to test out their plugin by followin the Build Your First Plugin Quickstart.
    • Note that this Redirect URI should appear 1st in the list of Redirect URIs since plugins expect to call the first Redirect URI to render the dashboard card face.
  • https://localhost:8080/auth/cb
    • This matches up with the Consumer API OpenID Connect Example, which they can use to test out their credentials by following the Authentication (Node.js Example) Quickstart.
  • https://oauthdebugger.com/debug
    • This is a 3rd party tool that’s helpful if they want to test out their credentials by following the Authentication (Command Line) Quickstart.
  • https://oidcdebugger.com/debug
    • This is a 3rd party tool that’s helpful if they want to test out their credentials by following the Authentication (Command Line) Quickstart.
• Click the Save button.

The API credentials have now been generated. To view the [CLIENT_ID] and [CLIENT_SECRET] that were generated, you’ll have to click on the name that you created.

4) Send the Credentials via CRES

We use the Cisco Registered Envelope Service (CRES) to securely send the test user and API credentials to 3rd party developers.

Note: The template here might have stuff hidden off-screen depending upon your browser zoom level. Make sure to scroll to copy all of it.

Hi,

Here are your credentials for our development environment.

Our developer docs are available on the public, open web at https://jackhenry.dev.

# Test User

Username: [USERNAME]
Password: [PASSWORD]

# API Credentials

Environment Base URL: https://[API_ENVIRONMENT]

Client ID: [CLIENT_ID]

Client Secret: [CLIENT_SECRET] <-- Must be kept secret, and not shared via unsecure methods
--> (e.g. email) or published in public source code repositories

-- Developer Relations team

• Where [USERNAME] is the username provided by the Analysts team.
• Where [PASSWORD] is the password provided by the Analysts team.
• Where [API_ENVIRONMENT] is the development environment.
  • Currently that’s digital.garden-fi.com so the full URL would end up being https://digital.garden-fi.com
• Where [CLIENT_ID] is the Client ID from Banno People’s Settings / External applications screen.
  • We’re currently using the Garden financial institution, so you would find the correct screen at https://banno.com/a/people/8222/settings/external-apps
  • You’ll need your Banno LDAP credentials to log into this.
• Where [CLIENT_SECRET] is the Client Secret from Banno People’s Settings / External applications screen.
  • We’re currently using the Garden financial institution, so you would find the correct screen at https://banno.com/a/people/8222/settings/external-apps
  • You’ll need your Banno LDAP credentials to log into this.

5) Update the Digital Toolkit Integrator Info spreadsheet

We use the Digital Toolkit Integrator Info spreadsheet to track the various organizations and associated individuals that the DevRel team has provided test users and API credentials (and the associated environment).

Update the spreadsheet with:

• Organization
• Contact (full name)
• Integration Notes (which type of integrator this is)
  • e.g.:
    • Fintech/Vendor
    • FI (Financial Institution)
    • Jack Henry (or Symitar) Employee
• Environment (linked name)
  • Currently that’s Garden
• External Applications (linked name)
• Status
  • e.g.:
    • N/a
    • Prospect
    • Developing
    • Live
• Comments