Domino’s Pizza Enterprises slices identity by role for seamless, highly secure access with Microsoft Entra ID

Domino's Pizza Enterprises Ltd. as a global powerhouse with franchise partners around the world., it must manage those identities across multiple international borders. In an initiative to simplify its IT landscape through consolidation and reduce costs, DPE replaced its previous identity management system, Okta, with Microsoft Entra ID.

Domino’s Pizza Enterprises (DPE) knows that its success rests with its more than 100,000 team members, whose jobs can put them in roles as varied as safely delivering a piping-hot pizza to a customer or designing a marketing campaign at its Support Office. In between those two ends of the spectrum are Franchisee Partners, each one running a Domino’s outlet as an independent business, but with business support from its Global Support Office. “We offer full-service management support to our Franchisee Partners,” explains Matthias Hansen, Group Chief Technology Officer at Domino’s Pizza Enterprises. “We even supply an optional accounting service so that they can really focus on their business and the product.” 

But as he took up his post at DPE, Hansen discovered that the enormous diversity of roles, geographic locations, and technologies used had created a siloed system for managing identity. Support Office team members used a different access and identity management system from Franchisee Partners and their frontline workers, who far outnumber them.

Rolling out unified identity with Microsoft Entra ID

Up until July 2023, Support Office team members used Microsoft Entra ID to access their Microsoft 365 productivity apps, while Franchisee Partners and their team members generally used the Okta identity management solution. DPE could score multiple wins by shifting its entire identity management to Microsoft Entra ID, beginning with avoiding Okta application licensing costs. More importantly, it would simplify management for DPE IT teams while providing a standardized, streamlined authentication experience for all team members.

Another advantage of using Microsoft Entra ID was its potential to solve confusion caused by the multiple roles and locations that a single frontline worker might occupy. The company hadn’t yet deployed a global human resources system, so Hansen had no single source of truth for employee identities. His team engineered a solution by writing code to populate the DPE Microsoft Azure environment and combine information from each store for every team member and from multiple sources (such as a team member working in different roles at multiple stores) to create a cohesive employee record. “We were able to create a single identity for each team member and ensure that it contained the appropriate data using Microsoft Entra ID,” says Hansen. “No matter how many different roles, or how many different locations a team member might work in, we have one version of the truth. And our Microsoft Entra ID adoption made it possible for us to retire legacy bespoke systems, each of which was solving a different aspect of this challenge.”

Several applications created for frontline workers—the learning management app they use to chart their upward mobility in the company, for example, and the GPS Driver App used by Domino’s Delivery Experts—would require code-level intervention to ready them for an Okta alternative.

Layering Entra ID features to optimize deployment 

When Hansen’s team approached Microsoft with their need to reconfigure some of their most critical frontline worker applications, it awarded DPE private preview to the custom authentication extensions feature. The team used this facility to customize the company’s Microsoft Entra ID experience by linking it with those all-important applications.

Hansen’s SSO vision was a crucial aspect of the rollout. “We insist on single sign-on capability for our DPE team members,” he says. “Microsoft Entra ID makes it easy for every team member to access what they need, whether they are a Delivery Expert, a Store Manager, a Franchisee Partner, or a Support Office team member.” DPE also exercises the Conditional Access capabilities in Microsoft Entra ID to heighten security by creating and imposing its policies about who can access which resources. “We use modern capabilities like the Conditional Access feature in Microsoft Entra ID to focus on just the right balance between ease of use and better security,” explains Hansen. “Our stores are a busy environment, and we won’t disrupt our team members, but we can use Microsoft Entra ID features like multifactor authentication to keep them both productive and highly secure.” And with role-based access control in Microsoft Entra ID, DPE can use Microsoft Graph API to control who can access groups, users, and applications for granular permissions management. “When employees use a software-as-a-service solution, we can map that solution to the appropriate role to ensure that the person has the capabilities they need,” Hansen continues. “There’s no need to change the application or use other cumbersome management techniques. A Store Manager, for example, can only access the data for their store and use only the capabilities we grant to Store Managers.”

The team gets the most possible out of its Microsoft identity management ecosystem, thanks to the connections it offers to the DPE security landscape, underpinned by Microsoft Sentinel as its security information and event management system and the Microsoft Defender family of integrated security solutions.

Savoring the wins

With all DPE team member identities managed on the same system, Hansen’s team enjoys a level of efficiency it’s never had before. Most importantly, providing a common identity platform for everyone puts frontline workers on more even footing with the rest of the company—a move that lifts morale even higher and helps retain hard-to-find talent. DPE furthered its commitment to its frontline workers with Microsoft Viva, an employee experience platform that seamlessly connects with Microsoft productivity solutions like Microsoft 365 and Microsoft Teams. It facilitates that rollout (in process until mid-2024) with Microsoft Entra ID, bringing those workers into the corporate information sphere. And since one identity management system controls access to all the tools available to DPE team members, Franchisee Partners now have access to corporate productivity tools like Microsoft Power BI to better assess and manage store performance. It all comes at the lower costs and with simplified management inherent to vendor consolidation.

“We find that we can administer and secure our infrastructure better and more easily with a single platform.” But like DPE’s Path to Excellence, which supports team members’ personal and professional growth through the business, Hansen’s IT team aspires to ever greater successes. “Our Microsoft Security solutions, especially identity management with Microsoft Entra ID, deliver a great deal of capability. We appreciate the continuously evolving capabilities provided by this platform.”

527 Views 0 Likes Introduce me  Read More