Customer Spotlight: How MGM Uses Identity to Secure Users, Customers and Partners



Speaker 1:  This next session is definitely one that I've been looking forward to. For those who have been following our Okta Identity series, we literally have the boss here today. We're lucky enough to be joined by Elena Seiple, who's the executive director of IT security, operations and architecture, at MGM Resorts International. She's going to talk to us today about how MGM uses identity to secure their users, their customers, and their partners. We'll have time for questions at the end so without further ado, welcome Elena.

Elena Seiple:  Thank you very much. Welcome. It is a great opportunity to be here. Last year was my first year here at Oktane and I had no idea that I'd be up here, a year later, being able to present to you about what we are doing with security and identity here at MGM Resorts International.

So let me ask you all, before I get started. How many of you know who MGM Resorts International is? Do you? How many of you think that we are just the MGM Grand on the corner of Tropicana and Las Vegas Boulevard? A few of you. I want to take a couple minutes just to show you and show you who MGM Resorts really is so you can get an understanding for why security is so important to us and then I'm going to take the next 30 minutes to talk to you how MGM security is at the core of our success.

I don't know what more I can say after that. Every time I watch that video, I get chills. As an employee of MGM Resorts International, I am inspired ... and I think it's started again ... I am inspired every single day that I come to work. It is exciting to be part of a company that is so big, so involved in so many different areas, retail, hospitality, we have conferences, such as this one. You are sitting in one of our luxury properties right now and I do hope you're enjoying your stay. If not, please see Scott Howitt when this is over.

But to be part of this organization ... Our employees are inspired when they come to work every day, and their job is to inspire the customers. Their goal is to inspire the customers. And as much as we want to inspire our customers, it is also our job to ensure that the data that we collect about our customers we keep confident. We need to make sure that the data that we also have, that the integrity of that data is secure. And we also need to make sure that all of the systems that we have across all of our properties are available for our customers so that they have a wonderful experience while they were onsite at our property.

When I joined this organization, about three, four years ago, security was a very siloed, segmented group. We did things that we didn't talk to anybody else about. We worked all by ourselves. If there was a requirement and we put a tool in, we didn't care how that impacted the business. We didn't care how that impacted the customer. We worked alone. With Scott Howitt, our senior vice president and CISO, he joined the organization a couple years ago, and with that he brought with him a vision. And his vision was for security to now drive the business. His vision was for security to enable the business and to partner with the business, having us work together, becoming ... having those conversations. So now, we are working with them to help them become empowered to deliver solutions to our customers that were effective.

This is very different than what we were doing before and we did something that we didn't have and that was we built trust, between us, security, and the business. I don't know how many of you are in that same position, but how many of you can honestly say that your trusts what security's doing today? That the business fully understands what you're doing? Some of you probably can say yes if you've got a very mature program but some of you might be in the position that we were, where security is sometimes viewed as hands off or, "Oh, all you're trying to do is make it difficult for me," or security is just telling me no, security doesn't want me to be successful. Some of you may be in that position. I'm hoping today you can learn from some of the things that we've done and that will help you as you move forward.

So does anybody here know what the average cost is for a customer breach? If there's a breach, what the average cost to the business per customer is? If you read my slide, you'd know. It's about $225 per customer. That's the cost. Does anybody know what the average cost to the company is, overall? How much does it cost for a company if you have a breach? Anyone? 3.62 million. And the overall average loss of business is about 4.3 million.

How many of you have had the conversation with your business, backed by this type of data? Talking to the business and having the intelligent conversation with the business, explaining to them what the cost of a breach to the business is, when you're trying to talk to them about a security solution? How many of you put it into the perspective of how it will impact brand reputation? How many of you have the conversation stating this is what your loss of revenue could be? When you start having the conversation with the business and you put that cost associated with it, it's much easier for you to come in then and say, "Hey I need to put this solution in and it's going to cost me x. But it's going to help you here because of the risk it's going to reduce on this side."

One of the things that I have learned myself is that having a risk based discussion, having a discussion with facts behind it that you can tie a breach or vulnerability of some sort into, helps business now understand why you are making the decisions that you're making and it gets them more engaged and helps them want to partner with you because now they understand your perspective and also gives you the opportunity to talk with the business and say, "You know this is the loss that you could have," and they could say, "Well yeah I'm willing to assume that." That's okay, that's not a big deal to me. And so then security can say, "Okay, you're going ... we all agree." But it puts you then as a partner, not just somebody who's in the background making decisions in a silo that they're not a part of.

So, one of the questions that I get asked a lot is in our industry, how does fraud ... or how does that impact us? A lot of people have the impression that MGM Resorts International, or not even just MGM Resorts, but the Las Vegas strip is about gambling. That's what we were known for. Back in the days when the mobsters were here, it started with that and it was gambling. But if you look at the trend behind me, since 1990 the trend has trended downward from a gaming perspective for revenue but the non-gaming revenue has increased. How does that happen? If you look at all of our properties, our properties are not just the casino floor. Our properties have stores, so we've got a lot of retail, we've got restaurants all over the place, high end restaurants, so you've got your food and beverage, we've got conferences, such as this one, and it's almost as if every property is its own ecosystem of multiple entities.

How many of you are just a retail customer here? And you're focusing on POS terminals and securing your POS terminals? How many are in hospitality? And you're focusing on your PMS system and customer data on the front end? How many of you have both external and internal customers? You've got your external websites? So you have to focus on your customer, your customer's data? What about a customer loyalty program? How many of you have to work with ... have customer loyalty programs that your customers rely upon? 

So we have to worry about all of that. I don't have the opportunity to just worry about one thing. It makes it very difficult, when you think about that, because all of our systems now are becoming very tightly integrated. All of our systems, from retail, POS, PMS, all of these systems all talk to each other. And while you might have to, in the past, worry about a slot machine, a physical slot machine, or you might have had to worry about your front desk manager checking someone in, guess what, we added more complexity. We decided to take our phones, and our phone is now our front desk, so you can now check in from the front desk, you can get your key on your phones so now that becomes important, you can make room reservations, you can make ticket reservations. You can even gamble on your phone.

So I now have to be concerned about that as well. So that makes it even more interesting, I call it, not scary, but more interesting for my teams and our leadership to ensure that MGM is secure.

So with that said, this is where Okta comes in. So we have a very large security program that focuses on multiple things. I have four different pillars under me and one of my pillars in particular is identity access management, where that team's job is to solely focus on identity and how we're going to secure our customers' identity. Sounds easy. And when you watch demos, it's even easier. Let me tell you, it's not easy. And it's something we had been at for over a year and it is, I want to just make sure you understand, it is a journey.

It is not something you are going to be able to do overnight unless you are a very small company and maybe have a few applications that are all SAS or cloud. But for those of you that are in a larger organization, you've got mergers and acquisitions, you have legacy applications that are very clunky but yet the company depends on them, you're going to find that it's a little more difficult. And the reason it's a little more difficult to integrate them is because you now have to rely upon a vendor who this may not even be on their roadmap. They may not even be thinking about where you're going as you're progressing on your identity journey.

So I want to talk to you a little bit about, today, about how we are leveraging Okta, how we have incorporated it into our environment and then I'm also going to talk about how we leverage internally for our customer, our employees, and also how we use them externally for our customer facing applications, our websites.

So we have four commitments that we have made and the four commitments we have made ... I'll start with the single source for user identities. We wanted to commit to the business that we would have a single source of truth to identify users and to identify unique positions within the enterprise. And we did this with integrating Okta with Workday. That was one of the very first things we did. And then we wanted to consolidate provisioning as well. This was part of our journey. This is going to take us a little longer to get there but we're doing it. From a single source we've already integrated 70 applications, 70 plus applications.

We also made a commitment that we wanted to make it a little bit easier for password resets. How many of you deal with password resets? Customers calling the help desk? If you look at applications across ... everyday you're doing an automated password reset, when you're online if you get locked out of your Google, your Gmail, you're used to it. So why are we not doing that internally and having password resets for our internal employees? So by using the Okta platform we were able to roll out password resets for our customers and that not only improved the customer experience it also cut down on customer frustration and calls that went to our call center and for those of you who actually pay for your call centers to reset passwords, some of you have to pay for each of the calls that come in, that's a cost reduction for you there. So if you're not doing that I highly encourage you to look into that.

We also wanted to manage access to our applications. Right now, we have a huge portfolio of applications and there's multiple ways of which you can access that application so we made a commitment that we would look to consolidate those applications, we would look ... try to make it an easier one stop shop for our customers, employees to be able to login to the application, see their portals ... You saw Todd this morning. Actually he pretty much, felt like he said everything I wanted to say today. When he was talking about the ease of you just click the button, the application's there and it makes it easy for the end user.

We've had multiple roll outs of applications now where we don't have to now assign usernames and passwords to our employees, we just push the application out to the portal and it's there, it's ready for them to go, there's work that we had to do on the back end and I have a tremendous team and they're with us today, a tremendous team that does that on a daily basis but it has improved the customer experience with the business that in the past the business would go off, do its thing, we'd be sitting in a town hall, we'd find out about an application. We're like, "Oh geez. What's this new application that we have? What are we supposed to do?" And then we would try to get in front of them from behind. So now we've got the business calling us saying hey we've got this new application. We would love for it to be in the Okta portal, can you please enable it for us? And we've changed the way that the business is engaging with us. So it's been a really positive thing.

And then the fourth is certification attestation with application owners. This is on the roadmap for Okta. It's not quite there yet. We're not there and it's further down and I'll show you in our journey. But this is where we would like to get to the point of leveraging Okta's lifecycle management where we can then, from an audit perspective, we are very heavily audited. I don't know what organizations you're with here, but you'll probably experience the same thing we do. Audit, after audit, after audit. And with Okta, it's going to help us with termed users to be able to, and Todd talked about this this morning ... Right now, I don't know what you guys deal with, but if I have to term a user, and I have to go to 25, 35 applications and individually term each user, guess what? You missed some. And guess what? You do some late, you miss SSLAs, you miss things, and then you get caught later and you get written up, you get a deficiency on your audit report. By leveraging certification and attestation, it'll help us get ahead of that, because as you're terming users it should automatically term that user with a click of the button. And then we can validate it when we go back and certify the application and attest to the application.

So, we've partnered with Okta, it was a couple years ago we partnered with them. Our first deployment was 62,000 users logging into Workday through the Okta portal. It was a huge hit. Shortly thereafter, people started, that's when we started ramping up our other applications and today we're about 70 plus applications that users can access through Okta. And as I stated, it changed the way our business started to view identity. All of a sudden they saw us as an enabler, they saw us as a partner, and they started coming to us. I have not had as many conversations with the business ... I wasn't having as many conversations with the business as I've been having in the last year. And it's been wonderful to be able to partner and watch them light up and get excited over security instead of just us being excited over the product offerings that we have. We made security relevant and that is so important. And then it's helping us drive the business forward and it's introducing stability into our environments as well by leveraging the Okta platform.

So we have a couple different pillars. So while we have Okta in some places, we also have integration in others. So we talked about we have the single sign on for users, the ability to be able to seamlessly login one time. We also went a step further here and implemented desktop single sign on so that not only do you have to login one time, we integrated it with their initial logon so they don't have to login again to the Okta portal, making it much easier for the user.

We also are leveraging Okta multi-factor authentication in multiple ways and I'll talk a little bit about that when we talk about our external. But we're also using MFA internally, not only just for application access but for privileged access management. We integrated it in with our partner there. We're moving towards Okta mobile management and that should be rolling out this year. And we're also using, as I said we're hoping to get to lifecycle management when we feel that is ready for us to do. But for now we have to integrate with other people. So we have to integrate with other partners and we have a very tight integration with partners for certification attestation and right now for role management. We integrate with CA for example for when we have the tickets auto generated we have them open up automatically within our CA service desk and like I said we're using multi factor on privileged access.

So if you look at our road and our journey, we started out in 2016, we started to partner, we brought in business partners to help drive our program. We partner with Accenture to help our identity access program. They've been helping us build the connectors, helping us build the infrastructure and I want to stress, right now, something. When you move to this platform and you're moving to an identity program, that infrastructure is so key to having in place before you try to do so many other things. Like I said, it is a journey. It's not going to be as quick as you hope for some of you. Some of you, bless your hearts, if you're able to move at the speed of light. But for some, I just want to level set the expectation that you might hit some bumps in the road and it might be a challenge along the way, but it's possible. And I'm seeing the fruits of our labor, it's taken us a year but now we're starting to see it move a little bit quicker. 

We integrated Okta this year, with other partners, like Palo Alto, we used the MFA with the GPPN component of Palo, which is really exciting us. We're also using it with CAAPIM. That is the CAAP gateway manager. So for the applications that are a little more difficult to integrate, that aren't [inaudible 00:21:40], that don't have an API, we can work with the CAAPIM product. Like I stated earlier, we have integrated with Workdesk, with CA Service Desk and we've also integrated with Workday. As we move forward, our strategy for 2018, as I touched upon, is our life cycle management, fully rolling out multi factor authentication and government governance and certification. 

So let's talk about my external customers. So we have a big program here called M Life and what is really unique and awesome about our M Life customer loyalty program is you can ... we have 12 properties here in Las Vegas, so you can come here, stay at our properties and redeem points but we also have properties across the United States. We just opened a brand new property in Washington D.C., called National Harbor, it is a beautiful property. We're opening another property in Springfield, Massachusetts next year. We have properties in Detroit, in Beau Rivage, Mississippi, we have ... over in China, in Macau and we also have ... we purchased the Borgata in Atlantic City. So we're all over. So we have a very large customer loyalty base. And it's so important because you can now go to a property on the east coast and get your points, come out here to the west coast and you're still connected to us and be able to continually increase your loyalty program.

But how many of you are aware of the fraud and the challenges, from a security perspective, in customer loyalty and websites? How many of you, again, have customer loyalty programs? I forget, there was a handful of you. So, when you have a customer loyalty program and you have a breach or you have a vulnerability or something and those customer loyalty points are redeemed by someone else, not the customer, guess what? You lose that customer. 26% of customers won't even participate in your program anymore. Also, some of them won't even work with you ever again.

And the one thing that I don't think people understand is that when somebody redeems those loyalty points ... So say I go and I take Joe's loyalty points, I redeem them, I get a room, I stay in that room. Now, myself as the customer, realizes somebody took my points, used them to a room, now I'm going to call the property and say hey, somebody used my points, I need you to reimburse me for those points. That is real revenue loss now to the business. And while you might not care about the points, the business sure does. Especially when not only does the customer want you to reimburse him, you know how it goes, they want to you to give them more. They don't want just one night, they want two nights. They don't want 25 points, they want 50 points.

So, we have an extensive M Life program and we also have websites for all of our properties. So if you were, today, to go to Bellagio, you'd go to, you can go We use Okta in two different ways for our customer loyalty sites, we call them, or our property websites. First of all, we use the single sign on capability so that you just have to go, login, what you login to Bellagio with, you log in to Mandalay Bay with, you log in to It's all the same. That username and password carries across. Makes it a great customer experience for our customers.

It also makes it easier by using the Okta API, it allows our developers to be able to develop on the back end and it increases ... and they don't have to cause customer issues. The customer doesn't see what's going on, we can push things out and it makes it a more seamless experience for our customers. But then on the point redemption, point based redemption, if a customer wants to redeem points, that's where we're interjecting Okta's multi factor component. So, the customer ... when somebody logs in, they log in, so if there's an account takeover and somebody has fraudulently used someone else's credentials, now they're trying to redeem the points, guess what? We're able to stop them at that point because now we've got multi factor authentication in place.

So Okta has been an incredible partner with us to be able to help in our identity space, move us forward, and keep our customers, keep our customers secure, keep our employees secure, and keep the access of our organization secure. 

So, just to reiterate, I don't know how many of you are Okta customers, I don't know how many of you are using them today, but the program itself from an external perspective is very key because the loyalty point redemption fraud that we talked about, the API enabling the business, all of this helps your reputation of your business, helps your reputation with your customers, it makes them feel safe, secure, it's going to make them want to come in your door, it's going to make them want to do business with you because they know that you have a focus on security, they know that they can trust you and just like I talked earlier with the business, it's so important for the business to trust you, it's just as important for your customer to trust you.

So, our CISO Scott Howitt, who's here with us today, I told him I would not call him out, but I asked him for a quote, because I wanted to see ... he has a better of way of saying things that I do. "MGMRI is all about entertainment. A good information security program enables our associates to focus on the customer and their experience rather than worrying about how to keep their information safe." And I love the way he put that, because that's so true. We have changed the way security is viewed and we have been able to do that with partnering with Okta.

So, I've talked to you about what we do from a security perspective. I talked to you how we're addressing identity for MGM Resorts International, so I will just leave you with this question. How secure is your identity program? And what is keeping you up at night? With that, I open the floor up to questions.

Audience:  What was the single biggest challenge in transitioning to Saas IM

Elena Seiple:  Our single biggest challenge to ...

Speaker 1:  Elena, could you repeat the question?

Elena Seiple:  I'm not sure I heard it. I'm sorry. 

Audience:  Single biggest challenge in transferring your security IM program to a SAS IM company?

Elena Seiple:  Well I don't think we had an IM program prior to transferring it to a SaaS, to Okta. We were just doing what we could by the seat of our pants, I wouldn't say it that way, but it wasn't a formal identity program prior to that. So it's actually been a wonderful journey because it's helping consolidate all of the different things that we had going on, all the multiple different avenues of which you were trying to manage our identity and putting it into single source.

Any other questions?

Audience:  Elena, do you have any insight on the extent of fraud in the loyalty area of the gaming industry?

Elena Seiple:  For the fraud on the gaming side, I had the stats for fraud in general, I don't know off the top of my head, I don't know if you know, I don't have the stats with me today. 

Anyone else?

Audience:  You said you had a property in China? I'm wondering how Okta works in China?

Elena Seiple:  Yeah, China is separate from us today, we are not under one umbrella but they do have their own instance of Okta and from what I understand from talking to them, it's working similarly to what we're doing here today but I don't deal too much with theirs.


Elena Seiple:  I would assume. The great firewall. I like the way you put that, in China, sorry. I thought you were trying to make a pun. 

Anyone else?

Audience:  Do you guys have a partner integration as well, not just customers?

Elena Seiple:  Partner integration?

Audience:  Like different ... bring your own identity with some of your guys' vendor partners as well or you're not there yet?

Elena Seiple:  I'm not sure if we're there yet. We're in the process of building the foundation and I'm sure as we get further down the road, we'll be integrating that into the program. 

Audience:  I just have a quick financial question. How quickly do you think the system paid for itself and what were the main value propositions that drove the decision to adopt all of the different solutions that the company's offering?

Elena Seiple:  That's a big question. It's still paying for itself, I think we're not quite there yet. Would you agree? Yeah, we're almost there. And what was the second part of your question?

Audience:  What was the main driver behind selecting all of the different solutions that were there? Was it the ability to improve workflow in terms of business processes or was it really the security on the customer side?

Elena Seiple:  It was both. It's one securing the customer making sure all that data is ... and Okta had a solution that met that but also yes streamlining processes, doing all those other components of it. Having tools that integrate well with each other was a big positive factor in that. Instead of having to go out and buy a tool for every single component, they're already integrated.

Audience:  So, roadmap wise, when do you think you will complete your transition to Okta for all your on prem applications?

Elena Seiple:  I don't believe that we'll ever be there for all of our on prem applications and the reason I say that is because some of your applications are just too old, some of them, like I said, the vendors are never going to partner with you, but we are focused on a subset of those applications and I believe that we will have them all within the next year.

Audience:  So about two years?

Elena Seiple:  Two years.

Audience:  Hi.

Elena Seiple:  Hi.

Audience:  You mentioned having to onboard 62,000 employees with Okta MFA for Workday. I wondered what type of a timeframe you had used on that and if there were any lessons learned in getting your internal colleagues to use Okta?

Elena Seiple:  About the 62,000, that was for onboarding them in to the single sign on component. We're doing the MFA component now. So, call me in a couple weeks, and I'll tell you how that went. But what we are learning, I will say this, as we have moved to Okta MFA as we do pilots and stuff like that it's been received very well. We have become very good at, recently, at doing communication campaigns and ensuring that we are educating our customer, I call them customers, educating the business well in advance of rolling something out so that it just doesn't come out and they're surprised because we learned that the hard way. You know we just assumed everybody knows IT, right? We're all IT companies now. That's wrong. So, we've done a better job at rolling that out and getting more information and inundating them with information prior to going live. 

Audience:  What do you use for your communication campaigns for the business units?

Elena Seiple:  What do you mean, how do we send them out?

Audience:  Yeah, how do you send them out?

Elena Seiple:  This is very important that we've partnered with our HR partners, we've partnered ... we have a communications team here, we partner with them and we typically write up the communications, vet them out internally, make sure that they make sense and then they go through several layers of review and then we start sending them out. We try to do at least three, four, five, depending on the vastness of what we're doing and what we're changing, then we start sending them out. And what I found is key to that is you have a timeline, that you start a few weeks out, couple days before, day of, and then continue the campaign once you've rolled it out and then remind them again a few months later because sometimes people forget. It's ongoing.

Audience:  I have a question. What of the journey of migrating employee identities versus customer identities. [inaudible 00:34:48] any risks or challenges that you have encountered migrating customer identities?

Elena Seiple:  What is the ... I can't ... Oh there you are.

Audience:  The risk of migrating customer identities? Moving customers from [inaudible 00:35:03] from B to C?

Elena Seiple:  I don't know that we're doing that yet. Right now we're focusing on just our internal ... Are you referring to customers as our employees?

Audience:  No, customers as your end customers, the M Life program.

Elena Seiple:  We're not moving them right now, though.

Audience:  Okay. So how is Okta used for your M Life program?

Elena Seiple:  For the M Life program we use that so that when you log in to our websites, it registers you as an Okta customer, as an Okta single sign on so that if you go to,, Aria, you can use the same user password, it traverses that platform.

Speaker 13:  Oh okay. So you are storing customer identities on frame but you're just leveraging [inaudible 00:35:49]?

Elena Seiple:  Yes. Yes.

Audience:  Got it, thank you.

Speaker 1:  Just one more. Two more waiting.

Audience:  Hello.

Elena Seiple:  Hello.

Audience:  I just had two questions. One was, did you have any particular pain points with transitioning all of your internal users from whatever you were using before to Okta? And, I'm sorry, I'm trying to remember my second question. Did you have any trouble, oh man I'm sorry, please answer the first question, I'll ask the second question ...

Elena Seiple:  So the question is did we have any pain points when we transitioned the customers from Workday as it was to Okta? I'm looking at my team right now, I want to see if they're shaking their heads or ... It was pretty seamless. It was just, again, communication is key. Because you're changing the way of which they're accessing the application. Other than that, once they were there, it was the same. I think our biggest challenge was, and this is something we learned the hard way, was the password reset. People kept forgetting their passwords and forgetting how to login to Okta, because you have to go to the portal, so that was the challenge. Implementing DSSO, or desktop single sign on, helped alleviate that challenge then we also did some things like, in big letters put how to reset your password on the Okta homepage because you think people would know but you can't assume people know anything and make instructions and everything as simple as possible.

Audience:  That ties into my second question, and I think the answer to this is going to be communication as well, and that was, was there any corporate culture change that had to take place for the users to fully accept Okta?

Elena Seiple:  Absolutely. Absolutely, and part of this ... Okta, one of the things it is is really awesome because we are a company of mergers and acquisitions, we have multiple cultures, multiple ways of doing things, and by implementing the Okta single sign on solution, it helped us drive our one company, one culture solution. But of course, like any other, any applications you have out there, any change that you have, people are going to dig their heels in, they're not going to like it but, like I was saying in the beginning, when you start having those conversations at the business, getting in front of them prior to doing stuff, making them feel empowered, that they're part of the decision making process, you get better buy in, you get better adaptability and it's just a much easier experience and transition.

Audience:  So you guys host thousands upon thousands of expos, right, within all of the hotels? You see the millions and millions of vendors in the market and so forth, so kudos to you guys for being able to get through all the noise. What was it about Okta that made you feel, "Okay, we're going to have our customers come through this, we're going to have our employees come through this, there's going to be efficiencies gained," and so forth? But what was it that got you over that hump of confidence in understanding that this was the solution of choice going forward for you?

Elena Seiple:  I can't speak as, directly, as to why it was chosen because it was chosen before I came onboard but I'm going to make a guess just from my experience with working with Okta. I believe that Scott saw what Okta had, he believed in the vision of where Okta was going, he had that relationship and I believe it was trust in the fact that this product was different than any other product that was out there at time. I know there's other companies now that are providing the same thing but he saw where they were going and I think it was just a matter of, "Hey, this is absolutely where we need to be, this is going to benefit our organization, and this is the product that we should be using."

Speaker 1:  I think just one more.

Audience:  Afternoon. And thanks for sharing your experience. So my main question here is how have your company been able to maintain consistency when it comes, and also with complexity, when you have to deal with analyses and we have to deal with a lot of people, a lot of ... huge crowd out there. So how have you been able to do that, have you been able to use Okta to leverage or to reduce that or you still looking for the solutions to help you as a company?

Elena Seiple:  Making sure I understand the question. So how are we using Okta to reduce the complexity of ...

Audience:  Yeah. How have you been able to use Okta now you decide to go with Okta, so using Okta has it been able to help you to reduce the complexity of ... 

Elena Seiple:  Absolutely.

Audience:  Okay.

Elena Seiple:  I'll give you an example. The more applications and the more things that you can put into Okta, the less you have to sit here and tell your user, "Hey remember this username, remember this password." And we opened up a property in December right? Our National Harbor property. And I watched how difficult it was for people who don't log in all the time to remember usernames, passwords, complex passwords, this and that, and to put things into single pane of glass for them, for them to have one thing to remember, makes life so much easier. And it eases the frustration because you have to remember, in our industry, the people that are out on the floor, the dealers, hospitality, they're not IT people like you and I. Some of them don't even own a phone, some of them don't even have a computer. Logging in is a big deal. So the more you can do to reduce their frustration, the better off it is. And we learned some lessons from National Harbor and we get to do it all over again with Springfield, I'm so excited.

So the more, and I'm looking over here, the more we have built with our, I'm looking at my Accenture team, the more we have built by the time we go live, the easier the process will be to onboard as we go through mergers and acquisitions and as we onboard new customers.

Speaker 1:  Elena, there is a reason why we call you the boss. Please put your hands together in thanking Elena.

Elena Seiple:  Thank you.

Speaker 1:  For her time today and the extended team of MGM here with us.

Is Identity core to improving your organization’s security posture? For MGM, Identity is the foundation of everything—not just for its 62,000+ employees, but also its patrons through its M life loyalty program. In this session Elena Seiple, MGM’s Executive Director of Security Operations, will give an inside view into how MGM is tackling Identity today, tomorrow, and its vision for the future.