Understanding Okta and Microsoft Authenticator at Bunnings

At Bunnings, keeping our information and systems secure is everyone’s responsibility. Authentication is a critical part of safeguarding our sensitive business data. To bolster security, Bunnings utilises Multi-Factor Authentication (MFA) in addition to the usual username and password. This extra step confirms your identity before you can sign in to key Bunnings applications.

Okta and Microsoft Authenticator are essential in keeping us secure, offering different but complementary features to protect our systems and data.

Why Use Both Okta and Microsoft Authenticator?

Okta: Okta is an enterprise-grade identity management service that connects people to various applications on any device. It provides Single Sign-On (SSO), MFA, and integrates with different systems. Crucially for Bunnings, Okta covers a broad range of internal and external apps, streamlining access and boosting security across the organisation.

Microsoft Authenticator: Designed to secure Microsoft services such as Microsoft 365 and Azure, Microsoft Authenticator also supports passwordless logins, two-step verification, and one-time passcodes. This app is specifically tailored for Microsoft applications, offering seamless protection for our Microsoft suite.

Having both apps ensures complete coverages for all our systems. Okta secures the wider scope of internal and external applications, while Microsoft Authenticator focuses on Microsoft-specific services. Together, they form a robust, organisation-wide security solution.

Installing These Apps on Personal Devices

• Both Okta and Microsoft Authenticator use MFA, significantly reducing the risk of unauthorised access. By requiring multiple proof points, MFA strengthens account protection.
• Many industry regulations and standards require MFA. Implementing these apps helps Bunnings stay compliant and maintain customer and stakeholder confidence.
• Without these apps, access to critical systems can be restricted, affecting productivity, and increasing security risks. Installing Okta and Microsoft Authenticator helps ensure smooth access to your work tools.

Security & Privacy Concerns

1. Limited Access to Personal Information:
   Bunnings’ Technology and Cyber teams do not have access to your personal information on your phone. These apps only need the minimal data necessary to authenticate your identity. Unlike a work-managed device, your personal device remains under your control.
2. Non-Intrusive: Both Okta and Microsoft Authenticator focus solely on verifying your identity for work. They do not track personal activities, and you can customise your settings to your comfort level—choosing fingerprint, face recognition, or a PIN for verification.
3. Transparency: Both Okta and Microsoft publish clear documentation explaining how their apps function and what data is collected. This transparency allows you to understand exactly how your information is being secured.

Okta and Microsoft Authenticator are essential tools that ensure Bunnings remains protected from modern cyber threats. Okta safeguards access to internal and external applications, while Microsoft Authenticator offers specialised protection for Microsoft services. By installing these on your personal device, you gain an additional layer of security without sacrificing privacy or personal control.

What Happens if I don’t want to install Okta Verify and/or MS Authenticator?

• Loss of Access to MFA-Protected Applications: You will not be able to log in to critical business applications, including Microsoft Teams and Outlook on your phone or other personal devices.
• Authentication Challenges off Network: You will also be unable to authenticate when working from home, while travelling, or any time you’re off the Bunnings network (e.g. not on VPN).
• Impact on Productivity: Without these apps, day-to-day tasks may be disrupted, as many of our essential tools and services require MFA to function securely.

Your cooperation in setting up and using these apps helps keep our systems, data, and business processes secure.

What do I need to do?

• Any overseas travel (business or personal) that will require access to your Bunnings account requires the Travelling TM Form to be submitted.
• Please ensure the Travelling TM Form is submitted in advance of the travel commencing. This applies to both work and personal travel should you wish to access your Bunnings Account whilst overseas (Laptop access, Email access on mobile phone etc).

Can I still access my Bunnings Account whilst overseas if l don’t submit the Travelling TM Form?

• No, without submitting the Travelling TM form, your account will be blocked to maintain a strong security posture and limit potential overseas cyber security threats.

What if I need help submitting the Travelling TM form?

• Please reach out to the Cyber Defence Team cyberdefence@bunnings.com.au or your local Technology Office Support Team.