It seemed that a lot actually it's like this digit, this idea of digital transformation driving a lot of standardized identity approaches down that seems like that kind of also. Yeah, does this it's when you get to the point what George me just described me where realist. Oh, oh, that's actually they call that identity and access mention. OK. Yeah, we need that.
Well, The funny thing is, I mean even at that point we rolled out sort of a new identity platform, but all of the markets still manage their all identity platforms for their local applications for their local PCs, etcetera. So we had for this dichotomy of the the global platform which only got you into this extranet and subsequently any application that sort of tied in. This is identity at the center if it has anything to do with IAM.
This is the go to podcast now your hosts Jim McDonald and Jeff Stedman. Welcome to the Identity at the Center podcast. I'm Jeff at. That's Jim. Hey, Jeff. Hey, Jeff, how are you? Oh. And that's a bad or so. People Las Vegas for you meet you Las. Vegas baby. What happens, and this way I realized what, when you say what happens in Vegas stays in Vegas, you're talking about things that you do. You see people randomly in public doing stupid stuff that doesn't have to.
Stay in Vegas. You can go and tell your friends. Yeah. You know, they don't know you probably, and you don't know them properly. And they become a story that you tell everyone else. Remember that time I saw this crazy magician? You were telling me stories about a magician. Oh, unbelievable. Magician. The magician. So we saw Shindlin. Fantastic. You know, mind, you know, just by nature it is here.
Yeah. Well, my nature is to try to figure out what's going on. How many do you know that that person's birthday was XY and Z here? How did they? How do you know, like, where they were from? Like he pulled one lady out of the audience and said, oh, your. Your accent sounds like you're from Michigan. And then he went on to name the town in Michigan that she was from, which I'd never heard. Wasn't like Dearborn or Detroit or something like that. So I thought that was pretty cool.
And then we had that magician show up at the restaurant that we were at and kind of the same deal where, you know, he did all these tricks and it was like, wow, that's really, really tricky. Duck sliding. And the misdirection, of course. Yeah, it gave you the. You know, there's a lot of this like look at my hand and like this hand's doing something else, so. But stracking somewhere, it's Vegas in spite of like an explosion and that there's something happening.
All I can tell you is like this stuff doesn't happen in the best of Church of our house. It's not. I haven't run into it yet, so. There aren't just random, no random. Musicals. You just show up at your table and, you know, take your money and set it on fire. And she's like, Oh my God, I guess I'm not getting that $20 bill back. That's the only trick, right? If we're deaf, we're going. Where's my money done? Yeah, right. Well, why don't we go ahead and get into this week?
So we're at a dinners, we're live. We're doing video for the first time in at Universe, it comes out. See. Knock on wood. We've got our guest, George Roberts. He's the global access identity director at McDonald's. Welcome to the show. Thank you for having me. Thanks so much for taking the time with us. Definitely want to give a shout out to RSM. Thanks for sponsoring us to get us out here and have conversations like this.
Thanks to Cyrus Alliance. We're giving a place to sit down record this a place to plug in bring all that good stuff, but why don't we saw it just go ahead and get into it. So I've done ever 2024 George this first time we've been on the show. We're all the kind of about the history and the origin stories of what the heroes in the states that call it. How did you get into the wonderful world about Danny next?
So I, I actually have a background mainly in software engineering and number of years ago I, I built what later became a component of McDonald's identity and access platform as, as a consultant. And I was in a different role and then got an opportunity to sort of combat and take over the, the project that I had actually built many years ago. And it just kind of snowballed from there.
So I've actually been doing identity and access focused work for the last six years, but I've been kind of tangent to that from that year before that, so. So I noticed you kind of ping pong back and forth when wearing. I'd like to say where I was here LinkedIn looking for ideas from this. You're at McDonald's consulting other things McDonald's again consulting adopt. Why is it they keep plenty of that other than the French?
Fries. Yeah. You know, a lot of us, we like to say we've got ketchup in our blood. I. Don't know if that's helping. Probably not, but yeah, you know, I mean, it's, it's a great, a great place to work. The the culture is phenomenal. You know, like any big company, there's always times when you, you know, there are outsourcing that happened and I just happened to be in the the wrong area at the wrong time, I guess you would say.
And a couple of the, the ping pongs that you you saw was when I had transitioned over to an external provider for McDonald's. So actually over the last like 25 years, I think guys worked for McDonald's as either a consultant or an employee for 21 of the last 25 years. Been there long time. What's the biggest change you've seen in your time? Wow. You know, I think probably in general for McDonald's is that recently we've kind of come to accept the fact that we're a, a
technology company. You know, a lot for a long time McDonald's was technology was a, a, a cost Center for, for McDonald's. But you know, in recent years with the advent of our mobile app and our kiosks and our restaurants, I think our our leadership has really recognize how much of A of an advantage that really brings to us. And we've we've kind of shifted our thinking away from technology being a con center to being a business and you're. Really at that these days meaningless.
What restaurant do you go to that doesn't have a now I think you guys do a good job. The fact and they don't usually ask our guests for favors, but we did hear that there is a, you're right, Corey, in Chicago, IL, right, yes. And so you have a, we hear there's like a test kitchen or test restaurant with all the international offerings. You can go to this test kitchen. Are you sure you're reporting blogging? Me, yeah. So our, our global restaurant, which is it is actually a public
restaurant. It's on our on the 1st floor in our in our building, but it is open to the public. So if you're in Chicago, come, come check it out. We don't, it doesn't have all of our global offerings, but what they do is around every three months or so, they'll rotate some international offerings. And so they'll usually have one or two of like the, the international sandwiches.
They'll have some kind of like an international side, like maybe you know, different types of potato, like potato wedges or shake fries or other things like that where if you haven't had the shake fries, it's like fries in a bag with like a seasoning and then you you dump in there and shake it up and it. Gets all. That's not at all. Yeah, no, I it is not a shake and a fries. Although I'm told that dipping your fries in shake is also very good. It's except for.
Yeah, I like that. So tell us about your typical day. I mean what you know specifically within identity access venture, what are the areas that you cover and then is it like you mouse your team that does those things or are you more hand? Yeah. So I lead our identity and access engineering team. And so basically my team is responsible for building, maintaining, enhancing our identity and access platform for McDonald's enterprise users
worldwide. So the way McDonald's operates from a sort of a day-to-day identity management perspective is a lot of that is done by our IT teams within our markets. We have 115 different markets globally. So sort of day-to-day management password password changes etcetera is done by the local markets. My team is more focused on actually building and running the, the identity life cycle, IGA, you know, password resets, MFA, all, all of the, the technical work.
And so, you know, we're always looking at, you know, what are the, the newest and latest and greatest technologies available. How can we apply that to to our platform to enhance both the security of McDonald's as well as the user experience, our users? So within that that store network, I mean how many of the the our daily life signals are you responsible for? Is it everybody from the top manager all the way down to the line cooks?
Yes. So look at we have two and a half million users worldwide and and that's at everyone from our CEO down to our three people that are. After crazy amount 2.5 million. Yeah. I bet you when you go out and buy some kind of software like an identity management technology, scalability is a real issue. Absolutely. Ken, yes, I like what I see. But can you handle like 5
million users? Yeah. And, and honestly, the, some of the biggest challenges that we see are are around the, the sort of the wide breadth of types of users that we have, right? Because, you know, our corporate users, our, our staff people, you know, people on my team, etcetera. They're, they're using McDonald's laptops that we have McDonald's issued phones. So we can, we can kind of control what that experience looks like. We can enable things like Windows Hello for business, etcetera.
But when you're talking about our crew people in our restaurants, most of them don't even work for McDonald's directly as employee. They work for franchise who owns the restaurant. So we don't have as much control over what they're experience is like from a device perspective, right, because they're they're not getting smartphones issued to them from the company. We can't you know require them to use a personal device to be able to do things like MMA and
things of that. So that's where a lot of our challenges are is how do we how do we build or buy platform that is going to support such a wide variance of different user types and user experience it? Does your team like a 24 by 7 operation? Do you have people like globally dispersed or do you are you able to have a well turn in one place and just have people around the clock?
And so we're on right now, we are sort of hair McDonald's employees, which are really focused more on sort of product and service management and technical direction. And then we also rely heavily on partners who do provide that 24 by 7 coverage to ensure the platform is up and running, handle support tickets, things like that. So we have some folks obviously on my team in Chicago and other parts of the US working remotely, but we also have a team in Croatia, team in India as well.
Craig should that's the first time to hear that come up as like IT hub. Yeah, it's one of one of our our key vendors is is located is. There a particular technology or area that really interests you right now? Well, I mean. So later this week, I'm, I'm talking, you know, participating in one of the keynotes on, on authorization. It's, that's a big area of our focus for, for us is, you know, we've, we've kind of solved the
authentication issue. You know, we're, we, we rely heavily on SAML and at Open ID Connect and it's pretty easy for us to, to onboard an application from an SSO perspective, it's kind of like doing 30 minutes worth of work. We like all the variables in and, and away you go, but the authorization side is much more, much more complicated.
We, you know, we, we look at it like to think it's somewhere in the 120 hours range on the average for us to integrate from an authorization standpoint an application. And it's very custom, you know, a lot of connecting directly to databases or God forbid, doing flat file data, you know, data transfers. I I mean, it's, it's across the all over the place. So anything that is sort of aimed at solving that portion of the platform, I think is something that I'm super interested in.
I'm also interested in the opportunities for other ways of doing MSA or MFA like activities, but for people who are a little bit more like some online workers who we don't have as much control over the types of devices or the the capabilities that they have. It's a big challenge for us. You know, with as many, I mean, of those two and a half million users that I talked about about being 1 1/2 to 1.6 million of
them are through crew meters. And that can range anywhere from, you know, a 16 year old kid who's got their first job all the way up to, you know, somebody who is working and, and you know, they've retired and they're, they're just picking up a few hours. You tell you that people with a lot of disabilities well. We do, you know, so I mean the
IT, it ranges the gamut, right. You have maybe, maybe some kids who are more familiar with, with technology, maybe probably have a smartphone, but are, are they going to want to use it for their job at McDonald's? And then you may have other people who who dump they don't have any hand it's on.
Or, you know, maybe they have a, a old school mobile device that they could do texting on. But again, like, do you know, maybe they're in a country where they pay per text and it's like, well, can you, you know, how do you take advantage of that? So, you know, we're always looking for for new ways to try and solve that problem. What's your take on solutions like password was and I don't know hotness the best that?
I think password was is great, but it but it only really works when when you control the devices that the that the user has like you know, some of the some of the, you know, pass key support. It is is really cool because it it does kind of take away that need to a certain extent for the user to to have a specific type of device. You know, obviously I love Windows hello for business. It's great on a windows windows laptop that has a hello based
camera. But again, it only works really when you have control over that device as as the company. So things like passkey, I think are, are really good, but still doesn't there's a lot of scenarios where like you may have 20 user using shared tablet in, you know, in a restaurant that's not a managed device. It's just some, you know, an iPad that a a franchise has gone bought or an Android tablet that
franchise has gone bought. And if they go and then try and access any of our web application, that's, it's like, what's, what's the way forward on, you know, they don't want, you don't want to try and do passkeys on shared device like that. You know, not my area of expertise. Maybe there's a solution for
that. But I think there's still a lot of the solutions that we see are, are really great when you're in a a sunny day situation where all of the pieces are aligned with, with, you know, everything that the vendor is, is expecting. But when you when you kind of look past that and you've got, you know, heterogeneous environments or things seem to have control over it, it they couldn't fall. Unhappy. The unhappy path? Exactly.
Yeah. Yeah, I I can imagine all the series I've worked with another large vest 2:00 to. Fountain. Tremor and one of the biggest problems that they were dealing with was people who were accepted. They were supposed to start on Wednesday and they didn't show up. So going through that whole provision process and then, you know, basically they had to design the process from avoiding that being a big catastrophe because it happened all the time. Yeah, I'm sure you guys deal
with that. Oh, yeah, you know, I mean, it's, it's definitely a challenge that we, we see in our restaurants as well. You know, I mean, if you think about it, I, I, I, it's been a long time, but I can remember when I was a 16 year old kid, you know, a lot of times you go out there, hey, I, I got to get a job and I go and apply for like, I don't know, three or four different jobs and whichever one of them calls me back first, yeah, I'm going to
go talk to them. But then the next day some other company calls and says, Oh yeah, we'll give you $0.25 more an hour that then McDonald's is going to give you. So then you just don't show up for, for your first day, right. Yeah. It's, you know, it's interesting the, you know, when you're in a more corporate setting, a lot of things are a little bit more standardized and they, they work
how you expect that to work. You know, when people apply for a job and they get higher than they show up for their first day and, and everything kind of follows the hobby path, as you said. But when, you know, when you start to get into, you know, retail pipe establishments, it gets a lot more dicey in terms of how that all works. So we have to definitely desire our, our processes to account for that and, and you know. I would imagine it's a scenario used the term a lot. I am heroes.
When you have that kind of distributed operation like McDonald's, it probably comes back to somebody actually really carrying this in this location. Or even when I'm your team who just like goes the extra mile to make it work, make it happen. Yeah. I mean, we've, we've done a lot of work within our platform to try to address some of the unique business scenarios for McDonald's.
You know that I mentioned before that I had built sort of what became part of the platform, but it's basically a web-based portal that is almost a a custom review into the identity platform for each of our restaurant organizations.
So if if I were a franchise at A at McDonald's that I own several restaurants, my team and I could go into this portal and could see all of the user accounts that belong to my restaurants can do things like reset passwords, can reset the MFA for our users, can give them access to various different applications. And the the nice thing about that is where we allow the people who are closest to the users to be able to try and solve those problems for them versus making them call a help desk.
And you know, then how do you validate that John Smith is actually it's. Frustrating. We've all been through it, right? I mean, I had to get a power ship for the group today and I must have gone to four or five different people who say good to that person. You go to that person, they say good to this person, eventually get to the right person. But by the time you do, it can be pretty.
You can be already pretty frustrated and pretty angry at the whole process, and there's somebody you want to put your users through. Yeah. And and I think you know what we've found is that a lot of this sort of traditional identity management tooling works really well when you're talking about a traditional sort
of enterprise scenario. But when you have a situation like ours where we have really hugely distributed fire, like we have 40,000 restaurants worldwide and basically every one of those restaurants is its own little business. You know, I mean, yes, some of our franchisees own multiple restaurants, but ultimately each one of those restaurants operates sort of independently of each other, you know, really. Is that always almost always the case?
Well, so I think it's something like 93% of our restaurants worldwide are owned by a franchise or, or a licensee of some sort of McDonald's. McDonald's I think only operates about 7% of our, our restaurants ballpark. I, I don't know what the numbers are. They change over time as, as we buy and sell restaurants. But, but The thing is, yeah, you may have a, a franchise who owns 5 or 10 restaurants and they'll operate that obviously as a
single business. But the, the individual restaurants themselves, you know, you're gonna have a general manager and you're gonna have other managers and then you'll have the crew and they operate that restaurant on a day-to-day basis, sort of independently of the other restaurants even within their franchise. Obviously they have oversight from their their franchise organization. But in, in terms of how those crew members and the managers get supported, it it's done
basically at the restaurant. OK, so you know, when you if you have a crew person who's having a problem with their identity, the first person they're going to go to is one of their managers. And and we need to be able to empower those managers to be able to address and handle that issue as quickly and as easily as possible because #1 identity's not their job as. Far as I was ready. Their, their job is running, running the restaurant.
And so we have to streamline these things as much as we can because they need to get back to being able to run the restaurant, but we also don't want them to be on the phone calling the helpdesk all day actually. It's always been fascinated by the franchise model or the dealership model or either brokerage model because I think to your point earlier you were talking about with the device that you lose control of the device.
The franchise can go out and buy Dells or they can go out and buy whatever they want and you just deal with it, right? And also like within that network, I own 10 restaurants. I could, you know, have some kind of hierarchy. I could own a lunch with restaurants. Make be sure you have some franchisees that owe them like hundreds of restaurants, right? Yeah, I don't know what the exact numbers are, at least within the USI think our largest ones are somewhere in the 50 restaurant range.
But again, I, I'm not 100% sure. You know, to some extent we we do control the hardware within the restaurants from the standpoint of like our point of sale systems and things like that are, are fairly standardized. There may be some options that the that the the franchisings have for registers and and other types of devices.
And I think what we've tried to do over time is to sort of provide a standard set of capabilities so that the franchisees don't have to solve these problems themselves. And I think we've done a pretty good job with that.
We must to the, you know, for the most part, I think in most areas of the world, McDonald's is actually, you know, provide not necessarily providing the hardware, but specifying and then having partners and working with those partners to provide those, those options to the the franchisees. A little outside my area of expertise. But I do know that for the most part, we standardize those things because otherwise we, you know, we provide the point of
sale software. We would be able to to easily support that if we were out too wide of a variation. And you hear a question and this is probably way outside of your expertise, but maybe you know the answer. So when you're using a McDonald's app, you place an order and it says your code is and it gives you a four digit code. Yes, all right, there's. Thousands of McDonald's or outside, right? There's thousands of orders going in at a time.
How is a four digit code enough to know that you know this is Jim and he ordered XY and Z? So stay on with this. According to the fill, it only needs to apply to the location wanting to pick it up, correct? Yeah. So here are two smart people shorts. Yeah. So you won't get the code until you've submitted the ordering that the order is going to be tied to the restaurant that you're submitting the order to.
So they really only have to support enough ongoing orders for that one particular restaurant. You could have theoretically and you have code collisions across restaurants and it wouldn't, it wouldn't be a problem because on what happens is when you give them that code, they that into the point of sale system and the combination of the restaurant and the code then pulls the order in on from the digital cut. That's my understanding. OK, that makes sense. Yeah, Four, did you go?
Wouldn't wouldn't scale, but it wouldn't. But we, you know, it's like, how do you how do you find again? Click, from a user experience perspective, how do you find the right balance? Because you're reading out a, you know, 16 digit code. Yeah. No, no, no, that was, that was an H. Yeah, right. H And what the hell? Let's talk about identifies. I think we were talking before we started. We mentioned you were here last year. Yeah, right. So you're sucking that nervous second.
What brought you back? I, I really enjoyed the, the conference last year. I, I, you know, obviously I, I love being involved in any kind of, you know, community events, right? Obviously this is a big part of the identity and access community and being able to participate in these types of events to be able to come and talk with people that are sort of working in the same industry out like it is. Is it valuable? Because, you know, I mean, the, the sessions are great, right?
You, you know, you get to hear it and you hear about, you know, new things that are coming and hear how other people have addressed problems. But even just if you were to get together or come and talk to the people you know walking through the the exhibit hall with the the sponsors and stuff beginning to talk to other. Practitioners in the industry, I think it's, it's hugely valuable just to be able to network and and make connections. Then you start to recognize a
lot of these folks. So absolutely. They've been here for years and years. Or other properties. Except, yeah. So, yeah, the, the hallway conversations are always one of the highlights for me at least. You know, that's not something you can replicate like let's see or a weather or something like that. Well, and it's, it's hard too, because even if you, even if you know and have the contact info for, for some other people in the industry, you know, you
know, they're busy, right? And you know that they're tied up with their own things. And we hate to kind of like inject yourself into into their, with their daily grind. But when everybody has taken the time to, you know, to come to a certain place, it's a, it's an opportunity to really, you know. Here, Yeah, Identity to meet new people, learn new things and see new things. All that good stuff. And we're in Vegas right up. It stays and it stays in Vegas and then may not stay in Vegas, but.
Well, I mean, the thing that I've always enjoyed too is, you know, I, I, I spend a lot of time on, on social media trying to, you know, just understand what's going on and, and see what other people are talking about. And, and you have conversations with people on social media, whether that be, you know, through a, a public, you know, chat with comments or whatever, or if you're having maybe even a, a direct private conversation.
But the relationship with that person changes drastically when you've talked with them in person, even even if it's just like for a few minutes. I, you know, I attended a, yeah, I told you, I, I come from a software engineering background. I, I have a lot of Microsoft events over the years. And I had been chatting with a a gentleman from their identity team for months or or even years on Twitter. We're on the service forum announced where and we had never
met in person. And I happened to run into him at one of the Microsoft events and we hadn't threatened 5-10 minutes. The the relationship that we then had on Twitter subsequent to that changed drastic. It was it was no longer just some random person that who he was chatting with. It was somebody who he knew who he had met. And you could tell just it that the willingness to actually have a little bit more depth to a conversation. So that's how it's.
Upgrading like what's rating because a lot of these conflicts as well, you're seeing it last they used to be there was a virtual option, right? First it was virtual only, then it was virtual option and now you're seeing a lot of that go away, which makes sense. You know, people who travel and be together out. But the benefit is what you just said, making that connection. Now you're more than just a a picture and a a tagline on screen. You're a person that I've had an interaction, but.
Yeah, I honestly, I really love when they, when in the conferences do sort of a combination of virtual and in person, because then I can go attend in person and can focus on the networking aspects and not worry so much about the sessions because I can always come back afterwards and watch the sessions. Or something like this and you go watch it. Right. Well, because you know the what's the difference if I'm there in person watching it or watching it or it.
But being able to go talk to people and actually have a conversation is a lot harder to do virtual or even. Split in between sessions, right? You wanted, there's like four different sessions all taking place, right, Like you want to be. I think it should be a mandatory thing. You know, if you're right in the conference, you should have some sort of recording or something right, taking place where you
can watch whatever you missed. I saw somewhere out there they're doing some sort of AI. Some are the as well around things. I I don't know what that means, you know, identivers now with whatever set more AI. Mean, you know what I mean? If you slack a little AI on it, it's gotta be. Right, Yeah, that's gotta be better. Let's talk about your keynotes Friday. So it's time people listen to this that I'll probably pass a blank.
But the future of authorization, you mentioned early on authorization what consider relations to your like a area that needs to be solved or still an employee review on that give us a little synopsis of what the talk about. Yeah. So I, I will say I am, I am a very small part of the King code. It's mainly Sarah from AWS and and. Peter from and Sarah's been popping her head in see us like motioning and stuff like that. She can go across.
The I, I I actually met with Sarah earlier this morning. I need to go over the talk and she said say hello. But so they're, they're obviously working very, very closely together on a lot of standards around authorization. And I where I'm participating is I'm going to to be the problem child. No, I'm actually going to just talk a little bit about some of the challenges that we see at
the dolls with authorization. I, I, you know, I think I mentioned earlier, you know, super expensive for us to integrate allocations when it comes to authorization. There's a, a bunch of different ways to do it and none of them are white, but it's just we, you know, the way I'm looking at it is if I, if I want to, if I were to have a wish, like I would love for there to be some way to make authorization closer to as easy as doing authentication, a lot of standards.
And yeah, I mean, it's, it's great. You can go to a, a, a SAS vendor and say, hey, what do you, what do you guys support for SSO? And they all go, Oh yeah, we support open ID connect or, and, or where we support XAML and maybe some others, but those are the two that we care about. And you know, you plug it in, it's a little bit of work.
Sure, you know, for our team to do, you know, 30 minutes an hour work of set up, you know, work with the the app team and, and do some testing, make sure everything is good. And then OK, great, you've got, you've got authentication ready to go. But authorization is orders of magnitude more difficult. And so the keynote really is talking about some of the work that's being done in the industry out trying to standardize, you know, the
authorization story. I'm not, I, I don't think we're at a point yet where we go, hey, we have a, a solution to all of these problems. But I I think that what we're recognizing is we've largely solved most of the authentication challenges. Because they're right. Didn't face. It was that what's really interesting, I think from an authorization standpoint is I guess it's probably nervous. This is the first time I'm thinking about this town where your authentication issue was
10-15 years ago. The problem, the problem is applications are designed to be standalone, right? Like it's, if you have a single sign on, great, we can integrate, but you don't have to have it. You can log in on our screen and we have these roles here, Reaps or entitlements, whatever you want to call, but it's this combination. And then that's what our
application expects. Now replacing authentication was just that thin layer on top replacing authorization or not replacing but fully integrate them to and you have N number of applications all designed different ways. That's it's another. Story. Yeah, yeah, absolutely. But I, I think that the, you know, sort of where we're at today is we're trying to solve
sort of that common language. We, we, you know, with SAML and Oauth help, they detect, we, we have a common language that we can use for authentication today. And when you, when you have an application, you want to enable it on SSO, you now have a standard, you know, you can plug in. But you're right though, that authorization is much more complicated because every
application does its own thing. But I think if we can get to a common language or a common set of languages that can't be supported, you can hopefully get the application vendors to a point where they're starting to think about authorization in a consistent way because you have languages that work in a certain way. Because we didn't have those languages, everybody was left to sort of fend for themselves in terms of how they didn't do authorization within their app.
And of course, you know, you, you have, you know, one problem, but 99 different ways to solve it. We, that's kind of where we're at today. So I think the first thing we have to do is solve the language problem. And then once we have that and we can show like, hey, these these identity platforms now support these languages. Now we could start to. Go to the offenders and say let's figure out how to get you on board because like authentication, it will make
your life easier. It will make your customers lives easier because they'll be able to plug in a lot better. All the good news is that books like yourself and Not seriously Sarah and and many, many others, I'm not going to try and go through the whole list, but there's so many people focused on authorization now. You didn't see that five years ago. Yeah. Well, I, I mean, I think if you look at it, the, the proliferation of applications, it is contributing to this,
right. If you look 10 years ago, like our application estate at McDonald's was much smaller. I mean, you know, we still had a lot of applications. We're big enterprise, but it was much smaller than it is today. We're for over 1000 allocations. So imagine trying to integrate 1000 locations that are out doing their state, the, you know, the their own way and and it's it's challenging. Well, the next part of the positive assault, right, We have fixed authentication, we're done Great.
That's nothing. If there's thought we're there, I. Yeah. What's next? Part of the authentication there is the next step is authorization. So here we are with that Frank. And you know, I I guess I'm a little bit pessimistic because we do need outpatient developers
to get a hold of this. I don't know how we're going to go back and retro bit without some sort of crazy little where and there are some things that that probably not that, but probably being at what 10-15 years from now is really when we're going to look back on it. If we start now and say let's start standardizing the way we do authorizations or at least coming up with some framework, because you've got so many different ways to do it while here.
It's transaction day, you know, maybe it's FAP, it's AT code natural directory, it's a group and yet another application. There is SAS days out maybe and it's this is the entitlement,
right? I just I I wish it would be get better faster, but the realist did me and the pessimist side of me looks as like probably in a 10 to 15 year I was absent to pinch up I. Mean, I think, I think you're probably right to get to the point where we're at today with authentication in terms of being able to say it's largely a solved album, right? Authentication, but we're not going to say like it's solved everywhere and for every
scenario. But by and large, we can look at it and go, well, hey, you know what, there's common tooling, there's common standards that people can use to plug in. And it's largely a solved problem from a technical perspective. Now, maybe not everything, but using it or maybe there's some edge cases. So I think you're probably right.
But I, I, I think there's a lot of value even in if, if you were to get commonly accepted standards for authorization and you were to get the identity platforms to support it and even some of the large vectors to support it, which is probably what you'll get early on. There's going to be a long tail right of, of applications, how long it takes them to, to, you know, to bring out support for it.
But I think, you know, even if you can get some of the major players on board that there's a lot of huge value to that, especially when you talk about enterprise type, you know, regulatory type applications, if you could get that on board, there's huge value for for, you know, for industry for that so. You've got another step coming up this week because you're busy the way One McDonald's Way, the global identity and access journey at McDonald's. What's that about?
Yeah. So McDonald's, you know, we, we're in 115 markets and historically McDonald's sort of operated as 115 different businesses. I, you know, I mentioned that I've been with McDonald's for a long time. I actually started incorporated in 2000. And when I started, there was no global IT. There was corporate IT, which was focused on like a mainframe and our financial systems for, you know, how the corporation rang.
And then every market had their own IT, you know, from the US market, which had a fairly sizable you IT because they're like a third of our restaurants. But he had some markets that it's like one guy in a in a closet somewhere around IT through the entire market because they're a small in market, but every market did the relative there. There was no, we didn't have a global identity platform.
In fact, when when I was fairly new, I think I was made counting a year in, we rolled out the first global identities because we were trying to roll out an extramat and realize that we didn't have an identity that everybody could use to sign in to this this website that we were going to use to disseminate defamation of. I see that a lot actually. It's like this, this idea of digital transformation driving a lot of standardized identity approaches down that seems like
that kind of also. Yeah, because this it's when you get to the point what George Lee just described me where realist. Oh, oh, that's actually they call that identity and access mentor. OK. Yeah, we need that. Well, The funny thing is, I mean even at that point we rolled out sort of a new identity platform, but all of the markets still manage their identity platform for their local applications for their local PCs, etcetera.
So we had for this dichotomy of the the global platform, which only got you into this extranet and subsequently any applications that sort of tied in to that same platform. But how people logged into their PCs was a completely different ID. So you had people with two different IDs with two different passwords. And eventually some of our, like the US market and corporate said, Oh well, since we're running both of these things, why don't we synchronize the password between the two, but
you still had two different IDs. And technically 2 still passwords, but it was it was wise I think. Exactly. But, but it was literally one was in Active Directory and one was in like Nobel identity manager directory. But yeah, they were, they were synchronizing passwords. So at that point we, we still had effectively 100 and 15120 different ways of doing I, I got
right. You had a central team that managed the global identity portion, but that wasn't really a global identity platform because it was really used for accessing one's websites. Over time, we got some of our major markets sort of standardized on a single Active Directory. But it, it took us up until end of 2022 to actually get everybody on to a standard platform right through the same business processes, same identity life cycle processes and everything.
But we, we really kicked that up process off in 2019. And over the course of four years, we onboarded 100 markets and something like almost 2,000,000 user IDs on platform in like 4 years. So that's what my talk is going to be about is really just kind of talking through what that process looked like, how we did it, how we structured the program to actually do that. Because it, it was an insane amount of work to try and work with all of these different
markets to bring them on board. And we obviously couldn't do it in a custom way for every single market 'cause there was no way we could do it. And then, you know, I'll talk through a a few of the lessons learned and and sort of what's next for from a top. Didn't stop. We've been timing here about 45 minutes kind of the call before
the store of identivers. It's, you know, 10:20 AM the next time because the people kind of coming and goings we're kind of like wouldn't look at doing that room right. Like the actual conference technically, I guess starts tonight with the the keynote. So we want to let you get on and at least get an app in or shenanigans starter right here. Would you say that the sausage, egg and cheese that griddle is the pinnacle of McDonald's innovation? So pinnacle of McDonald's innovation.
Because I could tell you right now, I think it is. I don't know how you beat that. So I will say my kids love the sausage, egg and cheese McGraw that is by far their favorite breakfast. I'm I'm more of a breakfast burrito kind of guy myself, 'cause you know what? What could be better than eggs and sausage and Peppers and. Roll well and thy and Gia Olivia bell salsa. And you know their skin correctly. Yeah. I mean, you know, the the little syrup injected pancake. I I done it.
I mean it, it literally is a whole breakfast in one thing accelerated. So yeah, I could, I could see that. I I could I could agree with that statement. What do you say to someone when they've never been to McDonald's and say what's the thing that they should try? It what? And then really he. Who is this right? Actually, that's not sure if he likes this. And I guess so, I think you got to go with the classics, right? If if, if you're talking about breakfast, you got, you got to
try the egg, you know? I'm not a guy too plain. Yeah. I I mean a lot of them as a kid, but now that you have the like red egg griddle, I mean, and, and by the way, it doesn't have to be just sausage. I mean, anything you put on Mcgriddle, that's wonderful. Yeah, I mean, honestly, you could really try it for breakfast because the breakfast menu is awesome. I I'd miss all day breakfast, but obviously. And for lunch, you got to try the fries.
Yeah, I mean, there's just no two ways around powder fries and I would say our poor powder of cheese because. My daughter cooking, you know, we, we switched over. To fresh beef for Kurt Carver cheese a number of years ago and it's like that day you. I mean, the quality of the fresh beef versus the frozen beef is just, I mean, frozen beef is good. It's good quality. It's just there's something about the and fresh. Bamboos Crispy Chicken Deluxe is playing too. So how? Here's what for you.
Overrated or underrated fish for legs out? I get to say overrated because I don't like fish very much. Not at all. But I I do know that there are lots of people that level then. It's probably underrated, I never get it but. Just wait a second. How can you how can you say it's underrated? I. Don't have to met that many people that like it. OK. So I think like the rating is very low. That is, among society, going to be better than we as fish.
We sound an awful lot but. It's just when I get to McDonald's, I'm. Like well. Serve things and fish sandwich doesn't come to mind for me, but yeah and they could probably. And it's it's the only sandwich we have that uses a steamed butt. All of our other sandwiches use toasted butts. OK, but the fish filet has a steamed butt.
And now we're getting. I don't know, I mean I'd have to go back and look at the history, but yeah, there's something about the IT makes it like super pillowy and a cow. I guess maybe because the fish is kind of a lighter, a lighter protein versus lighter chicken. It's are more dense And so because the the fish is is lighter to fluff. I'd have to have to ask by my buddy chef Mike her ass. I think it's how he pronounced his last name.
He's a he's a former McDonald's chef and he he's out on social media answering all the McDonald's questions. So. I'd be a good one for throwing out TikTok, for example. Yeah, exactly. That's a good like, you know, pub trivia quiz. Like what is the only McDonald's item that does not have a toasted rifle? No. Yeah, that will do all right. What do you think? Should we wrap it up there? I think we should wrap it up. We, I mean, we can't take up too much George's time.
Together. Just get out there. This day I didn't burst ahead, Yeah. I appreciate you guys have. Yeah, Thank you so much for taking the title class. And Yep, we'll see you walk in the halls and we'll be doing the same thing. So that's appreciating time. Yeah, thank you. All right, so we'll go ahead and make it there for this conversation, I think. So this was kind of kick off
with our Identitors 2024 series. It's a plan I think right now is episodes pretty much all looks that sweet as I get back to get things out of there and kind of pushed out the door, but that was it. So our first four range of video, we got cameras, we got some microphones, we got open door. People were kind of coming in and that way. How do I say was it on there? So, you know, do a live if they say the biz, but go ahead of the hands. Come on in. Then listen to us like subscribe.
We're building up a YouTube channel. So I know Jim was very interested in making sure that the YouTube log out. If you didn't know it's going on to have it, it's ready. I was ready. So youtube.com slash at IDAC Podcast brings you to our channel, our website, idacpodcast.com or Twitter or X whatever, all display them at IDAC podcast, Mastodon, IDAC podcast at info setup dot exchange. And yeah, we're on LinkedIn, George. We'll have your LinkedIn as well in our showdown so that people
can reach out. Awesome. Yeah, either do get grease over your your McDonald's items or commiserate the unauthorization stuff and, and things like that. So with that, go ahead and leave it big star watching and or listening. And we'll talk to Dell on the next talk. You've been listening to Identity at the Center. We hope you've enjoyed the show. Make sure to like, rate and review, and we'll be back soon. But in the meantime, hit the website at
identity@thecenter.com. See you next time on Identity at the Center.