Like its generously topped pizzas, Domino’s Pizza Enterprises Ltd. (DPE) manages an internal identity roster that features enormous diversity in role, variety, and sheer volume. As a global powerhouse with Franchisee Partners in Australia and New Zealand, Asia, and Europe, it must manage those identities across multiple international borders. In an initiative to simplify its IT landscape through consolidation and reduce costs, DPE replaced its previous identity management system, Okta, with Microsoft Entra ID. Just four months after deployment, team members experienced convenience like never before, and DPE cut licensing costs and raised IT team productivity. Most importantly, the company keeps morale high through its nontraditional inclusion of frontline workers in its corporate information workspace, Microsoft Viva. Now with Microsoft Entra ID, everyone is in the know with seamless and safer access.
“Our Microsoft Security solutions, especially identity management with Microsoft Entra ID, deliver a great deal of capability. We appreciate the continuously evolving capabilities provided by this platform.”
Matthias Hansen, Group Chief Technology Officer, Domino’s Pizza Enterprises Ltd.
Seeking a better way to deliver identity
When Australians and New Zealanders want pizza, they often call Domino’s Pizza Enterprises (DPE). They share a taste for the traditional party food with people throughout Europe and Asia who all rely on DPE for its delicious Hot & Fresh pizzas, “loaded” fries, and other inspired offerings. But the company is not only about fun. It follows a constantly evolving ethos: sourcing high-quality products, using only the freshest ingredients, reducing its environmental footprint, and caring for the communities where it operates.
People ultimately come first at DPE. The company knows that its success rests with its more than 100,000 team members, whose jobs can put them in roles as varied as safely delivering a piping-hot pizza to a customer or designing a marketing campaign at its Support Office. In between those two ends of the spectrum are Franchisee Partners, each one running a Domino’s outlet as an independent business, but with business support from its Global Support Office. “We offer full-service management support to our Franchisee Partners,” explains Matthias Hansen, Group Chief Technology Officer at Domino’s Pizza Enterprises. “We even supply an optional accounting service so that they can really focus on their business and the product.”
But as he took up his post at DPE, Hansen discovered that the enormous diversity of roles, geographic locations, and technologies used had created a siloed system for managing identity. Support Office team members used a different access and identity management system from Franchisee Partners and their frontline workers, who far outnumber them. Hansen muses that in 2018, he might as well have set up a tenant for Franchisee Partners and their frontline workers and a separate instance for Support Office team members, but technology advances made a much more streamlined approach possible. “Bringing the entire company into a single tenant increases our safety across our corporate ecosystem,” he says. “Why would we not want a solution that we could use to achieve this unity?” Not only did Hansen envision a consolidated identity system—he insisted on single sign-on (SSO) capability to make life as easy as possible for every DPE team member.
Rolling out unified identity with Microsoft Entra ID
The beauty of a pizza lies in bringing inspired flavors together. Hansen believed that as a master pizza maker, DPE should similarly unite identities for its diverse talent pool. Up until July 2023, Support Office team members used Microsoft Entra ID to access their Microsoft 365 productivity apps, while Franchisee Partners and their team members generally used the Okta identity management solution. DPE could score multiple wins by shifting its entire identity management to Microsoft Entra ID, beginning with avoiding Okta application licensing costs. More importantly, it would simplify management for DPE IT teams while providing a standardized, streamlined authentication experience for all team members.
Another advantage of using Microsoft Entra ID was its potential to solve confusion caused by the multiple roles and locations that a single frontline worker might occupy. The company hadn’t yet deployed a global human resources system, so Hansen had no single source of truth for employee identities. His team engineered a solution by writing code to populate the DPE Microsoft Azure environment and combine information from each store for every team member and from multiple sources (such as a team member working in different roles at multiple stores) to create a cohesive employee record. “We were able to create a single identity for each team member and ensure that it contained the appropriate data using Microsoft Entra ID,” says Hansen. “No matter how many different roles, or how many different locations a team member might work in, we have one version of the truth. And our Microsoft Entra ID adoption made it possible for us to retire legacy bespoke systems, each of which was solving a different aspect of this challenge.”
Several applications created for frontline workers—the learning management app they use to chart their upward mobility in the company, for example, and the GPS Driver App used by Domino’s Delivery Experts—would require code-level intervention to ready them for an Okta alternative. Fortunately, Hansen and his team had taken that into account.
Layering Entra ID features to optimize deployment
When Hansen’s team approached Microsoft with their need to reconfigure some of their most critical frontline worker applications, it awarded DPE private preview to the custom authentication extensions feature. The team used this facility to customize the company’s Microsoft Entra ID experience by linking it with those all-important applications.
Hansen’s SSO vision was a crucial aspect of the rollout. “We insist on single sign-on capability for our DPE team members,” he says. “Microsoft Entra ID makes it easy for every team member to access what they need, whether they are a Delivery Expert, a Store Manager, a Franchisee Partner, or a Support Office team member.” DPE also exercises the Conditional Access capabilities in Microsoft Entra ID to heighten security by creating and imposing its policies about who can access which resources. “We use modern capabilities like the Conditional Access feature in Microsoft Entra ID to focus on just the right balance between ease of use and better security,” explains Hansen. “Our stores are a busy environment, and we won’t disrupt our team members, but we can use Microsoft Entra ID features like multifactor authentication to keep them both productive and highly secure.” And with role-based access control in Microsoft Entra ID, DPE can use Microsoft Graph API to control who can access groups, users, and applications for granular permissions management. “When employees use a software-as-a-service solution, we can map that solution to the appropriate role to ensure that the person has the capabilities they need,” Hansen continues. “There’s no need to change the application or use other cumbersome management techniques. A Store Manager, for example, can only access the data for their store and use only the capabilities we grant to Store Managers.”
The team gets the most possible out of its Microsoft identity management ecosystem, thanks to the connections it offers to the DPE security landscape, underpinned by Microsoft Sentinel as its security information and event management system and the Microsoft Defender family of integrated security solutions.
Savoring the wins
With all DPE team member identities managed on the same system, Hansen’s team enjoys a level of efficiency it’s never had before. Most importantly, providing a common identity platform for everyone puts frontline workers on more even footing with the rest of the company—a move that lifts morale even higher and helps retain hard-to-find talent. DPE furthered its commitment to its frontline workers with Microsoft Viva, an employee experience platform that seamlessly connects with Microsoft productivity solutions like Microsoft 365 and Microsoft Teams. It facilitates that rollout (in process until mid-2024) with Microsoft Entra ID, bringing those workers into the corporate information sphere. And since one identity management system controls access to all the tools available to DPE team members, Franchisee Partners now have access to corporate productivity tools like Microsoft Power BI to better assess and manage store performance. It all comes at the lower costs and with simplified management inherent to vendor consolidation.
The old warning against putting all of one’s eggs in one basket doesn’t apply to modern cybersecurity, according to Hansen. “If you only have one basket, it’s much easier to become an expert on the capabilities it delivers,” he insists. “We find that we can administer and secure our infrastructure better and more easily with a single platform.” But like DPE’s Path to Excellence, which supports team members’ personal and professional growth through the business, Hansen’s IT team aspires to ever greater successes. “Our Microsoft Security solutions, especially identity management with Microsoft Entra ID, deliver a great deal of capability. We appreciate the continuously evolving capabilities provided by this platform.”
Find out more about Domino’s Pizza Enterprises on X (formerly Twitter), Facebook, and LinkedIn.
“We were able to create a single identity for each team member and ensure that it contained the appropriate data using Microsoft Entra ID. No matter how many different roles, or how many different locations an employee might work in, we have one version of the truth.”
Matthias Hansen, Group Chief Technology Officer, Domino’s Pizza Enterprises Ltd.
Follow Microsoft