Using external IdP to authenticate to Banno

Question

We want to utilize an external IdP that provides authentication services with Banno. Is there an option to configure it as OIDC IdP and redirect users to authenticate with it?

looking through Banno authentication framework I only see references to pulling data from Banno assuming user was already authenticated. Cannot find any documentation to how to configure redirect-to-IdP for authentation

score 1 · Answer 1 · answered Nov 11 '22 at 01:32

We don't have documentation specifically about that use case, but we do have docs about our support for OpenID Connect Discovery: https://jackhenry.dev/open-api-docs/consumer-api/api-reference/v0/oauth-and-openid-connect/#openid-connect-discovery

We're aware of folks using Amazon Cognito, Kong, and Firebase with our OIDC Discovery endpoint.

Note that those services may not support Proof Key for Code Exchange (PKCE). If that's the case, then you'll have to have Banno Admin for your financial institution turn off the "Require PKCE" option in the External Application.

Of note: Banno supports being an identity provider but does NOT support deferring to a different identity provider. — Chad Killingsworth, Nov 16 '22 at 18:57

Using external IdP to authenticate to Banno

1 Answers1