Associated User
When an External Application
authenticates itself with the Admin API
, all actions are performed and logged as a single Associated User
in Banno.
Principle of least privilege
The principle of least privilege is a key concept in information security.
It is not recommended to create an Associated User
that has all
possible privileges/permissions assigned to it.
It is highly recommended to follow the principle of least privilege when creating an Associated User
.
The Associated User
acts as a back office administrator at the financial institution. As such, it is best to have the Associated User
be created with only the privileges/permissions that are specifically necessary for the External Application
to function.
The back office administrator at your financial institution can do this for you in the Users & Groups section of Banno.
Example
If an External Application
is only meant to view information about users then the Associated User
should only include the permissions necessary to view users and should not include permissions to edit or delete users.
Key Concepts
The External Application
is required to maintain its own audit log of actions.
All actions by the External Application
are performed and logged as a single
Associated User
in Banno.
The Associated User
is acts as a back office administrator at the financial institution and should be created with only the privileges/permissions that are specifically necessary for the External Application
to function.
A good rule of thumb is that the Associated User
is able to perform the same tasks with the Admin API
that they are able to do within the back office UI (ie. if the user is able to search and see users within the back office UI, the Associated User
will also be able to perform this task from the Admin API
).