How bunq uses Okta to keep users’ data as safe as their money
of audit preparation work automated with Okta
password instead of 5, improving the user experience for 500 employees
of onboarding time saved for developers with Advanced Server Access
- On a mission to make life easy
- Blending security with convenience
- A new foundation for identity in just two weeks
- Faster access, fewer hassles
- Enhancing security and compliance through automation
With its versatile banking app, service-oriented business model, and swift account creation, bunq is changing the way people bank. bunq’s popularity is evident in the company’s growth — but the manual identity and access management solutions were struggling to keep up.
bunq and Okta share a common goal: enhancing the user experience by combining security and convenience. Because bunq’s IT team was looking to replace a range of manual tasks, Okta’s automation features were especially valuable for the company and a key deciding factor for Okta.
With support from Okta partner FuseLogic, bunq deployed Okta with the company’s HR system BambooHR in just two weeks. After connecting its most important apps with Single Sign-On and Multi-Factor Authentication (MFA), the team deployed Lifecycle Management to automate application provisioning, as well as Advanced Server Access to automate access permissions for developers.
With Okta, bunq has simplified app access for more than 500 employees while freeing IT staff from repetitive manual tasks, accelerating the company’s growth. And with consistent MFA protection, custom alerts, and automated access rights, bunq has further enhanced security.
Now that Okta’s automation features have proven to be valuable, bunq considers leveraging Okta to automate even more of its identity processes. With Okta Identity Governance, bunq will be able to implement automated, self-service requests for access to apps and resources.
In the past, if we wanted to give developers access to our servers, we had to update SSH keys manually and wait at least an hour until everything was sorted. With Okta’s Advanced Server Access, we’ve completely automated this step, which saves 95 % of onboarding time for developers and gives our employees access in minutes.
Wessel Van, DevOps and Software Engineer at bunq
Benefits
- Delivers simple and secure app access for more than 500 employees with SSO and MFA
- Reduces the administrative burden on bunq’s IT team by automating manual tasks with Lifecycle Management, Workflows, and other features
- Saves 95 % of onboarding time for developers with Advanced Server Access, giving employees secure access to servers in minutes
- Strengthens overall security with automatic deprovisioning, consistent MFA, and custom alerts for suspicious behaviour
- Automates 80 % of audit preparation work, facilitating compliance processes
Remember when branch visits, queues, and paperwork were an unavoidable part of the banking experience? If you’re banking with bunq, these brick-and-mortar drawbacks may be a distant memory. Founded in 2012, bunq is living proof of technology’s power to disrupt even the most traditional industries.
With no-barrier account creation, a user-centric approach, and an app filled with groundbreaking features, bunq has reinvented banking for the digital age. Founded in the Netherlands, bunq now delivers its banking-on-the-go solution in 30 countries across Europe.
“bunq’s mission is to make everything as easy as possible for the users, empowering them to take their finances into their own hands,” explains Wessel Van, DevOps and Software Engineer at bunq. “From digital nomads to international businesses, bunq fulfills its users' need for location-independence and enables them to bank like a local, making their international lifestyle easy, wherever they are.”
Scaling security for a growing bank
bunq has proven a hit with users, and as the user base is growing across Europe, so is the young company’s team. bunq’s employee count more than doubled during the Covid-19 pandemic, and the company keeps expanding. Wessel and his team soon realised that bunq needed a way of handling access and authentication for the company that would keep up with the growth.
To make sure bunq has a scalable system that takes into account all of the company’s applications and compliance requirements, bunq began rolling out Okta step by step, starting by integrating it into the company’s HR system BambooHR, with professional services support from FuseLogic, one of the most highly rated Okta partners in EMEA.
“The technical integration of Okta and BambooHR only took a few hours,” Wessel notes. “Within two weeks, we had imported all the necessary user data, creating the foundation for our identity and access management.”
Faster access with fewer processes
There are around 15 applications every bunq employee needs to access, such as Google Workspace or Slack. Thanks to Okta’s Lifecycle Management, these apps are provisioned and deprovisioned automatically based on reliable HR data from BambooHR. “Prior to Okta, whenever someone joined or left the company, we had to manually create users in our LDAP system. This was a lot of work, and usually took about two hours per request,” says Wessel. “By revoking access rights automatically, Okta also strengthens our security posture.”
Next, Wessel and his team began connecting the company’s applications to Okta bit by bit, enabling bunq’s employees to access all of them with Single Sign-On (SSO). Today, more than 30 applications are integrated with SSO and secured with Adaptive Multi-Factor Authentication (MFA). “Before Okta, we didn’t have an overarching MFA setup in place, so if we needed to enforce MFA, we had to do it on a per-app basis,” explains Wessel. “With Okta, it’s much easier to ensure consistent MFA standards.”
Meanwhile, bunq’s employees benefit from a much more straightforward experience. They no longer need to remember different passwords for different applications, and can even use Okta FastPass for passwordless authentication. On average, it’s down from about five passwords per employee to one - an 80 % decrease.
Bringing the SSO experience to developers
bunq’s developers don’t just need the usual apps, they also need to access the company’s servers and virtual machines. Managing the access permissions of back-end development and deployment teams, for example, used to involve a complicated set of steps. By implementing Advanced Server Access, Wessel, his team, and FuseLogic were able to streamline this process, giving employees access to the correct servers automatically by assigning them to specific user groups.
“In the past, if we wanted to give developers access to our servers, we had to update SSH keys manually and wait at least an hour until everything was sorted,” explains Wessel. “With Okta’s Advanced Server Access, we’ve completely automated this step, which saves 95 % of onboarding time for developers and gives our employees access in minutes.”
Enhancing security and compliance through automation
Automation is a key enabler for bunq’s continued growth. With Okta Workflows, Wessel and his team can build custom automations that further simplify Identity processes, making data entry and other manual tasks a thing of the past. When it comes to onboarding and offboarding employees, for example, a set of workflows assigns users the correct access levels based on their current status — making sure employees get the right access at the right time.
By using custom workflows for alerts created by FuseLogic, Wessel and his team can make sure that no suspicious activity goes unnoticed. For example, if a user has too many failed login attempts, it triggers a workflow that sends a report to a specific Slack channel. Combined with Okta’s built-in alerts, these workflows strengthen bunq’s visibility and control over the security of its IT environment.
“If someone tries to brute force an LDAP system, you probably wouldn't notice it until it’s too late,” says Wessel. “But with Okta, we just get alerts whenever there’s something that might be out of the ordinary. That really helps us to reduce all kinds of security risks.“
Another benefit is that Wessel and his team no longer have to spend hours exporting data about access permissions for security audits.
Mobile banking users can trust
By now, most of bunq’s most-used applications have been integrated with Okta, making things easy for employees who use them daily. Looking ahead, Wessel and his team want to leverage even more of Okta’s automation features, for example by simplifying permissions and access requests with Okta Identity Governance.
By working closely with Okta and FuseLogic, bunq has established identity and access management standards that fully support the bank’s mission to Make Life Easy. The beneficiaries aren’t only bunq’s employees, but also the users who can rest assured that their data is in the safest of hands.
“Keeping user data safe is our top priority,” says Wessel. “With Okta and FuseLogic, we’ve been able to strengthen our security further, while making work easier for our employees. We’ve been able to combine security and convenience, and that’s exactly what bunq is all about.”