App & Identity Migration

Frozen Peas, Identity Management, & the Path to Modernization

A Fireside Chat with Kroger, Microsoft, and Strata

If you’ve struggled to stay safe, sane, and healthy through the Covid-19 pandemic (yep, looking at you), the importance of grocery stores, such as Kroger, is clear. From frozen veggies, hand sanitizer, or baking supplies retailers of food and other essentials have been, well, essential. Yet, there are many steps from farm or factory to table. And each one requires people and apps that help to get the job done, and secure identity and access management.

Everything used by Kroger’s loyal customers, supply chain workers, office personnel, and checkout clerks involves identities.

When Kroger needed to move to the cloud they had to prioritize modernizing their legacy identity systems. They didn’t have time to rewrite each app and couldn’t afford to disrupt the experience of the many diverse sets of users — including the loyal customers who have come to rely on Kroger as their grocer of choice.

Join Kroger, Microsoft, and Strata for a fireside chat to learn how the grocer:
– Reduced the complexity of migrating 100s of applications to a modern identity system (Azure AD) without changing their user experience
– Leveraged automation to avoid common identity migration pitfalls and planned for a smooth transition to the cloud
– Eliminated much of the time, cost, resources, and stress of enterprise identity migration with Identity Orchestration

Panelists:
Rob Lenhof – Corporate Information Security Technology Manager, Kroger
Stefan van der Wiele – Senior Program Manager, Azure Active Directory at Microsoft
Mark Callahan – Sr. Product Marketing Manager, Strata Identity

_________________________________________________________________

Transcript for:Frozen Peas, Identity Management & the Path to Modernization” Webinar 

Mark Callahan: Good morning everybody. I want to thank you all for joining us today. I say “morning”, but we actually have quite the global presence on our call this morning. There’s… today, I should say good day! And I’m very excited to have you all join us as we talk a little bit about how frozen peas and identity management actually have a little more in common than you might expect.

We’re being joined by a couple of our friends from Microsoft and from Kroger, Rob, and Stefan, will be joining us and I’d like to share for a moment, some quick intros about who everybody is. 

I’m Mark Callahan. I am the head of Product Marketing here at Strata. And for me, it’s, very much thinking about where identity and my personal life intersect. I see this future state where consumer and workplace identity are going to be intersecting. And so that’s one of those things that makes identity really interesting for me personally. 

And as we think about this, what I’d like to do before we do any intros, just a quick round of housekeeping, what we’ll be doing is we’ve got an open chat window at the bottom of your screen right now, as I point. And hopefully directionally hit everyone. If you have any questions throughout, we’ll be monitoring this channel. So please feel free to send your questions our way. 

We plan to have a very casual conversation today and would love to hear your thoughts and questions about your experience. So please do send us your questions at the bottom and without further ado, what I’d love to do is just go to our friends here and get a little bit about your role at your organization and maybe finish the sentence: Identity is important to me because, and with that…

Rob Lenhof: Hey, good morning everyone. My name is Rob Lenhof. I am a manager in our Information Security group here at Kroger. I’ve spent about the last 12 years working for Kroger and the majority of that time I’ve been on the Identity and Access Management team.

So it’s pretty well ingrained in me now. Currently, I’m a manager so newly minted. Identity to me is very important because I know no matter who you are, where you are, where you work, where you play, everyone has an identity and it’s unique to you and it should stay that way. I think.

Stefan van der Wiele: Stefan van der Weile. I’m a Senior Program Manager in the Identity and Network Access division within Microsoft. So I’m part of a team that is called the customer experience team. And actually, this team got created as basically part of the “new Microsoft”, which basically initiated like five, six, maybe longer seven years ago, where instead of us being in the office thinking about what our customers want, we actually started to talk to customers and made them part of the process of building the product. So our team, we are the connection between the customer and the engineering of building the product. 

To finish the sentence, identity is important to me because how I see it it’s the front door and the center of basically the whole IT infrastructure. And I think that’s the cool part because it’s the first thing you see, but it’s also that core thing that protects data everywhere around, and that makes it so for a lot of things, it looks so small, but it is so big. And I think that this is also the thing that I run into while explaining what I do for a living. For a lot of people, it sounds like entering your username and password is as easy as it is, but it’s much more complicated than you think. And there’s so much more. So it was a very long sentence! 

Mark Callahan: It was great. It’s funny because I think that the three of us work in a space where, when we’re doing our jobs, nobody knows. And, that’s the hardest part of being a marketer in the identity space. Is that again when you’re doing things right and everything’s working, nobody knows it because things just work. And, so it’s very much that we’re sort of these unsung heroes of, keeping everything working as it should.

And with that in mind, we teased the idea of the “Secret Life of Peas” — frozen peas — and identity. Rob, as we’re thinking about your experience at Kroger as many of us are thinking about the local grocery store. It’s really interesting because you have these lifelong loyalties that tend to happen between you and your local grocery store or a gas station, or some other retailer just might be a matter of convenience.

You stop wherever you run out of gas, or wherever you might need something. But, I shop at the same store that my parents shopped at because I felt comfortable and I have a loyalty there. I’d love to hear a little bit about the Kroger perspective where identity plays beyond the typical places that you might expect.

We talked about peas, starting at the farm and going all the way to the freezer shelf. There’s a lot of things that happen along the way, and there’s a lot of different applications and systems that are required to make that just happen. And I’d love to hear a little bit about Kroger and its unique identity experience at Kroger.

Rob Lenhof: Yeah, of course. Kroger As you put it, it might just be to your neighborhood grocery store. But to me, and the rest of my team, we are the country’s largest traditional grocery retailer with 2,700 or so stores and upwards of 470 thousand associates.

And as you can imagine with a grocery store, we have a fair amount of turnover. We’ve got the high school kids, the college kids that come to work for short stints, and things like that. But we also have distribution centers and manufacturing plants, delivery now and other warehouses and things like that. 

Every single one of those people that do some work for us that help us get those peas from the farm to your kitchen will have an identity, and they will be accessing various lines of business apps in order to do whatever it is that they need to get the job done. It’s anywhere from inventory apps to HR-related apps or transportation-type applications, all of those types of things, but for every little bit and piece that needs to be completed, we’d like to know who you are and be pretty confident that you are who you say you are when you’re accessing said applications that make the whole thing work at the end of the day. Like Stefan alluded to earlier that username and password seem so simple, but it’s much, much more than that.

Mark Callahan: So 470,000 associates. That’s practically a city if you think about it in scale and every single one has an identity and then multiply it times the number of apps that people have access to. Curious, can you tell us just a little background about your challenges as you were thinking through: How do we modernize? And, what was the previous state and what was the Nirvana state that, that future state that you were looking to go to with that small city of identities practically, right? 

Rob Lenhof: Yeah, with that number of individuals out there you can imagine there are quite the disparate types of systems that are used for authentication. Kroger wasn’t always this company that had the twenty-something or so different banners that they operate under. Over time, we’ve merged with other grocery retailers and they have their own identities. Over the years we’ve done our best to try to consolidate, make it simple, selfishly, make it simple for me and my team to manage all of these accesses and things like that.

But the Nirvana state is to have everything consolidated into one thing. One place where we can go, to assure that if you say you are who you say you are, you have access to the data that you have been provisioned to have access to. And there’s a lot that goes on behind the scenes for that as well. But that’s why we’re here chatting along that journey, we’ve come to leverage partnerships with folks like Microsoft and with Strata. 

Stefan van der Wiele: Listening to your story, you basically know what you did. So looking at the landscape, and I think this is a common thing happening with mergers and acquisitions, is that your landscape is starting to get very diverse.

So you don’t have one identity place, you have multiple ones. So I guess at some point you’ve probably looked at like, how can we really make — and I’m going to put some Microsoft marketing stuff in here, but I love this sentence — how do we make identity, the control plane? How do we put it into the center and make one central IT system?

And I guess that is probably the place where you also started looking at something like Azure Active Directory. How can we get everything into one database and get control of all those users and also the fenders, the externals that are there as well. How did that go? 

Rob Lenhof:  Yeah, I think you’re spot on and up. I was thinking about this the other day. I wish I had a great story, how we went out, and we double and triple-checked with every sort of company that could do this sort of thing. But we had made a pretty big partnership with Microsoft and we’d been in our, information type workers using things like the Office 365 suite for email, Microsoft Word, Excel, all those types of things — Teams, but with that being our first kind of push into Azure Active Directory we came to know that, this can be, utilized for additional things and not just for checking your email.

Stefan van der Wiele: And, I think that then probably you started with the identity. So I think that this is a really common thing, you say, okay, we’re starting to use Office 365. So we got AzureAD on there. We got all the identities in there, all consolidated, but now we have that bunch of apps lying around, which all need another username and password. Let’s write it down because if everyone forgets about it, it’ll make it very simple. So that’s probably where I guess the next journey started. 

Mark Callahan: So that’s where we met, obviously. That’s where we came together to talk as the identities had been migrated, but it’s like all of a sudden you have these apps. And we were talking about hundreds and hundreds of apps, Rob is, we were looking at that, migration, how do we move those apps and modernize them. 

Rob Lenhof: So as a company that’s been around for a hundred-plus years, I have to check my hands. 

Stefan van der Wiele: Before the internet was created.  

Rob Lenhof: Throughout those years, we had applications built before AzureAD, so we have the legacy applications. We have applications that were built in the past few years and applications that will be built in the future, and the way that they leverage authentication and authorization are going to vary greatly.

With our journey and modernizing some of these legacy-type applications… I hate calling them legacy applications — they’re great applications, they just have some legacy authentication sprinkled on top, but yeah. With those in mind, we began a partnership with Strata and we use their Maverics product in order to extract that authentication and authorization and married up with Azure AD to prove you are who you say you are, and that you do have access to what you are attempting to access and bring these legacy applications into a modern authentication world. 

Mark Callahan: And we did it. I mean not to toot our own horn to a degree, but as we talked about decoupling the identities from the apps themselves is we were able to do all this without rewriting any of those apps this, happened without having to go in and refactor and recode 300 apps, this was right. 

Rob Lenhof: Yeah. That was a big requirement of mine because as you can imagine, you. Been in the industry for a while. Like some of that code, your may or may not have been touched for quite a while. It could be some code, honestly, from some other commercial off-the-shelf type of application that we may or may not have access to source code. But yeah we’re able to utilize this, Maverics product to lay the security on top of it. 

And I think the best part of it is we were using that identity that we have in Azure already. So it just seems to work. Yeah. 

Mark Callahan: Yeah. And it’s one of those things when our jobs are doing well or jobs it just works. 

Stefan van der Wiele: So I’m wondering how did that process go? Because you probably didn’t know all the apps that. I, it sounds maybe a bit strange right there, this is one small department or this one small store that uses this app, but it’s part of the daily business. So it needs to keep on running. So, how did you approach that? Looking okay, so we want to, and I think security is also a great point. I want to touch on that later, but at first, I’m very curious, like, how did you come from getting those, all those legacy apps with Maverics connected to AzureAD. What was the first thing you looked at on doing that?

Rob Lenhof: Yeah. So I would say maybe took a couple of different approaches here, but may Strata did help us out with going to botch. I can’t remember some sort of discovery type exercise to discover the applications that are currently in use. Cause you’re absolutely right. Applications began to sprawl. Don’t really like to admit it, but we might not know exactly. 

Mark Callahan: And you mentioned a hundred, some years of, mergers and acquisitions obviously pre-internet, but even the more modern ones, they brought all their own apps as well. So there might be some obscure line of business application that runs checkout registers at one specific banner. And yet or maybe just in one department of one banner and all of a sudden you have this line of business apps that maybe people didn’t know about, but you have to find those. And hopefully, we were able to help you find those apps along the way in an automated way.

Rob Lenhof: Yeah, and that was done. And to add onto that, finding some of the extra policies and types of rules that we had a place for those individual apps whether it’s utilizing things like group membership of individuals in order to access apps and what sort of information are we passing to that application so they can utilize it to provide the experience that the user would expect. The personalized experience as an authenticated and authorized user would. 

Stefan van der Wiele: So did you do any prioritization after you got the list of applications? In my experience, working with customers to help them modernize their apps, you probably want to look at which app makes a lot of impact that could be that quick win. Let’s start with that one and make that impact and show that we’re doing a great job. But then after that, you probably want to look at what would be next. 

And then the second question — so it’s going to be two questions in one — but the second question, normally, what I see a lot of times, these types of migrations, you would end up with 20% of applications that would stick, probably. So I guess you have thought about how to do that. So first prioritization and the second one, how did you make sure that, in the end, all those 300 apps were a part of the modernization. 

Rob Lenhof:  I really like the first question. So we, as an information security group over the years, have built our own web applications for whatever type of functionality we’re trying to provide to our associates. 

Right off the bat, we were going to convert the applications that we use first. And that goes from the other members of the security team, even up to our CISO might use those applications. So if we can convert those applications successfully and without interrupting the business and with the end-user being none the wiser that something had changed on the back end, that was the first step that we took. 

And that was pretty successful. They weren’t heavily utilized applications or like the applications that are actually selling the peas on the shelf but they’re important to some people, right? 

Mark Callahan: Because they’re all necessary, to get to the shelf without them. That’s how we, as loyal customers, find what we’re looking for. You’re able to take for granted that they’re going to be there. And we’re just none the wiser about all the steps that it took to get them on the shelf. Especially as we think about COVID and things, obviously our entire world has changed. We’re all talking from our homes these days. Out of curiosity, how did COVID change the experience at Kroger, and also where did identity play a role in those changes?

Rob Lenhof: I’m sure as you and everyone else here realize that as the pandemic hit, people’s shopping preferences changed pretty quickly. Personally, I was not going into the store any longer. So now we were thrust into more online ordering and pickup. And all of the applications that sit behind those processes, that work… that were there before, we had been doing it, but maybe, you didn’t know about it until then. And scaling up and scaling out for those applications was something we had to quickly account for. 

And it, I think from an identity perspective, it was really like, a non-event really cause we had the infrastructure to handle it, I think some other people maybe felt the pain a little bit more in technology. 

Mark Callahan: Yeah. Because we were working together, not just did the migration together, but we wanted a future-proof. We wanted to make sure that as new applications come in and new identity systems, they could actually all be orchestrated so easily. And, hopefully, it made your pain a lot less than maybe some other departments, because we’re able to help with some of that. 

Stefan, I have a question for you actually in a perfect world. Everyone’s using Microsoft products, right? All that exists is Microsoft, but it’s not necessarily the reality, right? We love Microsoft products, but we also leverage lots of other products that are out there. If somebody is going from an Active Directory and they’re going to migrate to AzureAD, you all have off-the-shelf software that can help make that quickly. What’s the process like when somebody is looking at others like legacy IDPs, and they’re looking to migrate to AzureAD in your experience if someone’s coming from OEM or SiteMinder or you name it. What are the manual steps required to get there when you don’t have Azure Connect, to help with the move? 

Stefan van der Wiele: And, I think we, you mentioned Azure connect and where we talked about identities first, right? I think that’s the first step in getting those identities into Azure Active Directory or that central directory there, which gives you the control, is the first step.

So installing AzureAD Connect or AzureAd Connect Cloud Sync, which is a really lightweight thing to install and get your users up in AzureAD is the first step. 

And then the second one is that if you if we’re looking at app migration and if we look at the steps there, we’re looking at the first thing that we would say, like modernization, go to things like OpenID Connect or look after even, SAML, which is 20 years old, I think already, but still, it’s, modern authentication and why do we call it modern? We can apply security controls to those types of sign-ins. But a lot of times and, I think this is an interesting piece, as Rob also mentioned, it’s old stuff we don’t have to code. We don’t know how it works and we don’t know how to update it. We don’t even know who owns it.

Yeah. So it’s there. It needs to be there. We need to keep on using it, but we also need to protect it. And that’s an important piece. So I think. The other piece there, if it doesn’t fall in. So if modernization is not an option, we go through the next few options. And that basically means how can our partners with their products help us do that conversion, put in the conversion layer adding that conversion.

And I think, especially when you mentioned SiteMinder, I think that the Strata metrics product is exactly that. We can go to customers and we see they have a lot of those applications and we can say, yeah. Okay. So you have all your identities in AzureAD. Look, we have Strata who has a product that can do that mapping from the legacy authentication to the modern authentication, and then add all those security controls that are in AzureAD and add them on top.

And I think that. That would be like what, I would say in, in, in a perfect world where yeah, of course, everything’s Microsoft, but we still need our partners. I think that’s a good thing to mention for those specific types of things and those specific types of migrations. So yeah, that would be our approach there. When we’re talking to customers and looking into what landscape that they have. 

Mark Callahan: I remember Rob, we were looking at the amount of time that would have taken if we had to do all this manually and, actually rewrite all of those apps. And you mentioned no interruption to the user experience, right?

We don’t want people to know that something’s happened. That means we did our jobs. I don’t want to say back-of-napkin math. We did like very real math and we realized it was. (Hu)man years, developer hours, in terms of just almost like it would have taken us many years into the future, trying to rewrite every single app and, through automation with identity orchestration, we were able to do this and just almost no time.

Rob Lenhof: (Laughs) I don’t think anyone wants to even entertain the idea of [rewriting every app]. 

Stefan van der Wiele: So, Rob, one thing that I’m also curious about because, of course, the user of experience — bringing everything together — brings a great so not only great user experience but also from a management perspective brings a lot of ease to the IT department because they don’t need to maintain all those multiple systems. It’s just one system that you need to focus on, but security was also one of the drivers to go into that app modernization, using legacy authentication protocols let’s, put it like that.

Rob Lenhof:  I think we would like to obviously get to an ideal state wherever we are not using those legacy authentication protocols. And along with the new monetization of these authentication and authorization, we get all these extra bells and whistles now of identity. Like using Microsoft additional security aspects that they have around identity like the logging, the enabling like laying down multi-factor authentication, what, otherwise the application is none the wiser, but we can now flip it on with a quick conditional access policy or and also layer on additional security type thing, identity protection, and whatnot.

You use all that telemetry that’s being on the user behavior and whatnot that all that information is there’s an abundance of it and being able to use that, to make decisions and make policies based on, because all we’re trying to do here right. It mitigates risk at the end of the day. 

Stefan van der Wiele: And I think especially it’s also finding that balance between end-user productivity and security, right? Because you don’t want to use her to do multi-factor authentication 10 times a day, because then someone decides to build an app to auto-approve those notifications as a way to work around it.

And I think what you said around the identity protection piece looks at us as if there’s some particular risk to this access type of piece. And that made me take some action, like doing MFA, which is not available on those legacy authentication protocols.

It’s just username password done, which we know is eight 80 plus percent of the breaches that are out there are based on that username and password. So that probably adds also a lot of security but doesn’t disturb that end-user of experience. 

Rob Lenhof: Absolutely. And we have quite a varying degree of types of users — our C-level suite, to our information engineers, all the way to users in the store. Yet, we have to make it usable, friendly but we can’t have people sharing passwords, things like that right (laughs)?

Mark Callahan: Oh, I was just gonna say Stefan and a question for you, if you think about some of the organizations that you’ve worked with Rob, we heard you have your challenges on the path to modernization. What are some other security challenges that you’re hearing as customers? 

What are the drivers that you’re hearing, Stefan, as people are looking to move from legacy identity systems to AzureAD? Is it a fear of being on the front page of the paper? Because… 

Stefan van der Wiele: Definitely, yeah. What I said, those apps are only protected by username and password, and those are the first things that will come out and people reuse passwords, even though we don’t, we tell them, please do not — everyone does. I can say I did it in the past as well. I, at some point, got a notification from Netflix saying someone in India signed into your account. And it wasn’t me because I wasn’t in India. But it was just, I reuse a password and I use a password manager. Now, this is a long time ago, but just that, is so important.

And I think that this is also like the piece where we see a lot of customers looking behind what’s, after that password. We got MFA, which eliminates 99.9 — and a little bit more nines — of the attacks when a user and password got leaked out, but you probably also want to look further.

And I think going, moving those apps, making sure that they can also do those modern things. You also opened the door to things like passwordless, for example. Where that app that doesn’t know anything about MFA, doesn’t know anything about FIDO, Windows Hello, whatsoever. But because of that, Maverics connection that is in between, it doesn’t have to know but it still gets protected by it. And, it’s and, it’s still that good end-user experience. 

Mark Callahan: I got all excited there cause that’s a part of my job [I love] when we’re told it’s impossible to add modern authentication to certain apps that our customers are using. And we say, the best part about having this Identity Fabric layer — that it actually abstracts above and beyond — is that we can bring modern authentication, like passwordless, into those old apps that they didn’t think could be protected. But they absolutely must be [protected] because the vector for the attack, in a lot of security scenarios, is due to poor password hygiene. That’s where the breach starts then you have that crescendo effect on other more critical systems. 

And it is fun to be a wizard sometimes when you’re talking to clients and you’re like, ah, we can help. So glad you brought that up. 

Rob is, as you’re looking at the time saved — I have to do the shameless plug here — we didn’t have free things, which was awesome. What did you all get to do instead of you and your team having to rewrite all these apps, hopefully, we gave you hours and peace of mind back in working and using Maverics. What did you get to focus on instead?

Rob Lenhof: Lots of things — the day-to-day stuff. I’m really looking forward to you looking towards the future and identity and what security-wise, what are we going to do and how are we going to you’re just simplifying some of the stuff that we’re doing… some of the cloud-based things.

I’m very interested in, honestly, one of the other things that Strata has been talking about is their IDQL standard that they’re looking for standardizing the types of policies and whatnot that can be written to do access and authorization, things like that across multiple different platforms. I’m looking forward to that and being a part of the birth of that type of standard. I don’t know. I’m pretty excited about being part of that. 

Mark Callahan: Awesome. I don’t want to date any of my coworkers, but they find that you pointed out samples that are 20 years old. We, two of the coauthors of SAML, are actually the founders of Strata. And so they are, we’re seeing those shortcomings and that’s where we realized we needed to focus now on a new standard that really does speak to how you handle identity policies and do policy orchestration. And that’s where IDQL is, definitely coming to bear very quickly here. We’re excited as well to see where that goes.

I guess I have a couple of questions from the audience. I think we’ve touched on them, but I would love to just introduce them and just get your all’s feedback. Someone had asked with so many users and passwords and being such targets Rob, is Kroger looking to go passwordless I know that we hinted at MFA and others, and without giving away anything too proprietary, are you all looking at going passwordless?

Rob Lenhof: I would say, yeah, we’ve been having conversations with folks from Microsoft about this and what the benefits are. And like how I alluded to, we have different types of people that access things from different platforms and whatnot. I think we’re looking into how we can best introduce that to folks that would best apply to best. Some of our information workers and things. Of course, we don’t want people to have to hit that MFA to approve their authentication right. But if we utilize some other tools if we can assure — I started with this — you are who you say you are and if that is via passwordless then, yeah, of course, we would use that. We have that certainty. Then, yeah, of course, you’re going to access your application. And depending on the type of sensitivity of that app maybe, there’s an additional layer of security that we rely upon there. But yeah, for sure. Maybe not for everybody, maybe for some people maybe. Some apps, but I think it is, I think it is the future. I don’t know for sure, but I’ve heard there are studies out there and password hygiene and all that stuff. 

Stefan van der Wiele: I like how you say that there’s no one method for everyone. And that’s also how we [Microsoft] see it. And our strategy has always been, yes, passwordless is great, but you have different personas that have different needs and different ways that they use it. If someone is in an office they probably have their own machine and desk beyond his machine. So [something like] Windows Hello for business works perfectly there, but if I’m the person basically moving around all those peas in the shop, I’m probably not behind the machine all day. I’m sharing a machine. So there are different ways of doing authentication. 

And I think that’s the cool thing about how we see passwordless and also the cool thing for end-users, which is great is that most of the passwordless methods are MFA by default, but you don’t think you do like the multifactor it’s you, show your face within this for business, you sign in and you actually did two factors because you have a device that you own, and it’s your face that, you also own. So there are two things that make it multifactor. And I think that. Then that makes life so much easier, but still, if you look for maybe some personas especially in large quantities you, probably yeah, there’s probably still a way to go. And that’s why I think that we’re at the start of the passwordless journey.

Mark Callahan: And I think you are there as well. Rob, you mentioned how many employees you all have. You know that again, it’s a small city and as we talk about some of the workers in the various stores, there’s a lot of turnover, admittedly, because you’ve got like high school kids and you’ve got people who are coming in like seasonal or things like that. And as we think through those advanced methods of authentication there are different degrees of technical acumen and savvy that people bring. But every single one of those hires probably brings a phone with them and brings the ability to bring new passwordless tools with them as well. So as you think through HR mechanisms and whatnot, hopefully, we have enabled you all to, future-proof and, bring in and continue to work with these, new authentication methods.

You mentioned the phone. Everyone I’d say for the most part has one of those. But then we have to bring your own device and then we have some corporate devices lay some additional security on as well. And your identity should be able to traverse both of those. Like you mentioned Stefan, the laptop or the desktop in the office at the store. Those identities need to be able to work on all of those, different form factors but yeah, you’re absolutely right.

Stefan van der Wiele: And I think this also proves that what I said, like at the beginning of. To finish the sentence like identity is the control plane is the core. And that’s again like we’re, now we’re talking like it doesn’t matter which device, it doesn’t matter which it’s location. It doesn’t matter which persona you are. There’s always an identity that you need to maintain and control and needs to be somewhere also to access all that data that is in those apps. And yeah,  you can probably tell it gets me really excited. Always makes me think about this — it is really funny. We were at an identity conference and someone did a demo on stage, basically showing that he signed in, and then everyone got crazy. And then afterward we were talking to each other. How crazy is this? The only thing you show is that you can sign in and the whole audience goes ballistic because this is so awesome. But then this, yes, I think this is just a thing between identity people. It’s what we’re so excited about because we know how important it is to the rest of the business and IT.

Rob Lenhof: That’s funny. Like that kind of reminds me of when we first met up with the Strata folks and they wanted to do a proof-of-concept and show how the whole thing worked. And I don’t think you’re going to get any awards for best picture or most exciting thing, because it just worked and you, to the non-identity people, they’re like, oh I’m signed in what happened here? But to the people on my team who didn’t understand what had happened in the background, it made it all more impactful, because they were like “Yeah, so I’m logged into my app. What now?” 

Mark Callahan: Honestly, my little Shepherd’s crook has come up because I think we’re unfortunately running to time, but we could keep talking for hours on this topic. But at the bottom of the screen folks, we’ll see a couple of links. We shared your perspective from Kroger’s angle and also [from Microsoft]. 

We shared a link to a survey that we did with 200 identity practitioners and the state of multi-cloud as people continue to adopt multi-cloud environments. And, how do you support these hybrid environments? There’s some really valuable information that we learned and it was kinda like, oh, that’s cool. So we put it into a report there at the bottom. 

And there’s also a link to that identity discovery tool that we worked on together with Rob that really helps people go from, how do you find all the apps and the policies and everything else that’s associated as you consider a migration, once you could do it free and do it for 10 minutes. And we’re like magic again, things that we geek out over that a lot of folks, otherwise. Also [it’s] stuck at the bottom. So we would invite folks to grab both of those. They’ll also be in the follow-up email.  Any closing thoughts? This was fun. I really enjoyed spending time with the two of you. 

Rob Lenhof: This was great. It’s the first time I’ve done something like this, but this was awesome. It was great talking to you too. And if anyone out there wants to reach out, feel free. 

Mark Callahan: Oh, awesome. Yes, LinkedIn is LinkedIn. Probably the best way. If people want to connect with all three of us. Great on LinkedIn. Yes. Please reach out there. 

Stefan van der Wiele: Yeah. And also feel free to connect with me on Twitter. I’m a little bit more active on Twitter than on LinkedIn, but I do see LinkedIn messages. I really missed chatting about the one thing that we’re all passionate about. And one thing I think it’s also really cool hearing from Rob, like his experience and the things that were on his mind and how technology could help modernize all the things and put identity there as the control plane. I think it’s really awesome how they all work together — like the three of us. It’s Strata, it’s Microsoft, it’s Kroger. And, together we made sure that a lot of people are way happier with their experience. And that Kroger is way more secure with the capabilities of MFA to those types of apps. And of course the part two POS requests. 

Mark Callahan: You’re going to make me blush. It’s like the best date ever. This was great. I really appreciate you all joining us today and look forward to more of the same again. Please feel free to reach out to all of us on LinkedIn, Twitter as well. Feel free to grab those links below. We’d love to give away free things. And with that thanks for joining us today. Look forward to talking again soon. Thank you.