Developer Programs
Getting Started
Get started working with Jack Henry's developer programs today.
Fintech Integration Network (FIN)
Jack Henry's Integration Program for Fintechs.
Technical Account Manager (TAM)
Get technical integration help from a single point of contact.
Developer Account
Create a developer acccount to access resources that help you integrate with Jack Henry.
Learn
Shared Responsibility
Learn about shared roles and responsibilities of customers and Jack Henry in open banking.
Developer Use Cases
Find a use case that fits your development needs.
Developer Video Gallery
Watch the latest demos, webinars, and more.
Developer Conference
Connect with industry leaders, gain insights from expert speakers, and explore our latest innovations.
Docs
Admin API
Create solutions for an institution's back office support tools.
Authentication Framework
Map customer identities to your existing system IDs.
Consumer API
Access financial data for user accounts, transactions, and more.
Data Hub
Get deeper access to financial institution data.
Digital Core
Modernize with cloud-native core banking technology.
Enterprise Event System
Respond to events in real-time using this powerful pub/sub-based solution.
jXchange - REST API
Translate business information between Jack Henry and 3rd-party apps using a REST-based API.
jXchange - SOAP API
Translate business information between Jack Henry and 3rd-party apps using a SOAP-based API.
Operational Data Integration (ODI)
Get customized queries for bulk data needs.
Payments
Embed check deposits, ACH, bill pay, cards, and real-time payments.
Plugin Framework
Embed the best of the fintech world directly into your user's dashboard.
SymXchange
Query Symitar core member accounts, post transactions, run PowerOn scripts, and more.
Full List of APIs
Begin working with Jack Henry's public APIs to build financial applications today.

Jack Henry Identity

Jack Henry Identity
What is Jack Henry Identity?

Jack Henry Identity is a cloud-hosted and OAuth 2.1 compliant identity provider and authentication system for enterprise applications within the Jack Henry ecosystem. It’s designed to securely authenticate users and applications, ensuring that only authorized individuals and servers can access sensitive data and systems. It replaces the need for applications to store or manage passwords and multifactor authentication (MFA), enhancing security and reducing credential-based data breaches.

Jack Henry Identity provides authentication for a diverse range of users and entities, including:

  • Financial institution (FI) employees
  • Internal Jack Henry employees
  • Other users of enterprise applications
  • Server-to-server

Jack Henry Identity utilizes both of the main authentication flows documented more generally in Concepts:

Key Capabilities & Benefits

Outsources authentication complexities

Allows products to outsource functionality such as two-factor authentication (2FA), password resets, rate limiting, and user credential management.

Single Sign-On (SSO) with 2FA

Provides a unified login experience across all Jack Henry products, and standardizes 2FA requirements for all users. Supported 2FA methods include SMS, phone call, authenticator apps, and FIDO security keys. Support for passkeys is also coming soon!

Rate Limiting

Rate limiting occurs if an IP address appears to be suspicious. IP’s that have high failure rates and a high percentage of failures are blocked until such a time as they quit attempting to login for some time. As a standard security practice, the exact specifics of this criteria are not shared publicly and are adjusted over time.

Secure credential handling

Does not use API keys, and ensures that user login credentials are never shared with third-party applications. Instead, access is granted via secure tokens.

Integration with Active Directory

Supports user authentication using the password from your Active Directory through LDAPS, and syncing Active Directory security groups with Banno and JH Platform groups for permissions.

Tokens

Provides Access Tokens for authorized access to resources and Identity Tokens for authenticated user information. Access Tokens typically expire quickly (around 10 minutes), while Refresh Tokens (obtained via Authorization Code Flow) are good for 90 days.

Claims and Scopes

Uses claims to provide authenticated information about the user (e.g., name, email) within the Identity Token or from the UserInfo endpoint. Scopes define the categories of data and operations an application can access, ensuring limited and precise authorization.

Architectural Separation

While Jack Henry Identity handles enterprise-level authentication, user management functions and the assignment of specific permissions are managed by the distinct, specialized platform service called Authorization Management System (AMS). Jack Henry Identity and AMS’s role-based access control offering are closely related and work together, but are separate services that back different portions of the Users & Groups user interface.

Topics in this section

Have a Question?
Did this page help you?
Last updated Fri Apr 3 2026