Senior Identity Management & SSO Expert - Active Directory/Entra ID (8-15 yrs)

Job Title : Senior Identity Management(Azure AD/Entra IAM)

Experience : 8+ years

Engagement Type : Part-time, Long-term (Immediate joiners preferred)

Job Description :

We are seeking a Senior Identity Management Expert (IDM) with expertise in Federated SSO and IAM to design and implement secure enterprise-grade authentication for our integration platform. This role requires deep experience in Azure Active Directory (Azure AD / Entra), Identity Federation, and API Security.

You will be responsible for designing and configuring federated authentication and authorization mechanisms, integrating external identity providers (IdPs), and ensuring secure access management for both internal and external users.

Key Responsibilities :

1. Federated Single Sign-On (SSO)

- Design, configure, and manage federated authentication using OAuth 2.0, OpenID Connect (OIDC), and SAML 2.0.

- Integrate external IdPs with Azure AD B2B/B2C for seamless cross-organization authentication.

- Implement Azure AD External Identities (Azure Entra External ID) for customer and partner access.

- Enable cross-domain authentication, session persistence, and token caching for a seamless SSO experience.

- Work with reverse proxies (Azure Front Door, Azure App Services) to enforce authentication security.

2. Identity & Access Management (IAM) :

- Implement Role-Based Access Control (RBAC) for multi-tenant user management.

- Define and enforce Conditional Access Policies for device, location, and risk-based access controls.

- Set up Multi-Factor Authentication (MFA) and adaptive security rules.

- Manage user lifecycle automation (provisioning, deprovisioning, role changes) using SCIM.

- Ensure least privilege access, secure session handling, and data segmentation for multi-customer environments.

3. API Security & Integration :

- Secure API access with OAuth2.0, JWT (JSON Web Tokens), and API gateway integration.

- Configure API authentication and authorization mechanisms for external services.

- Implement SCIM-based user provisioning for external SaaS and partner systems.

4. Compliance & Security Hardening :

- Ensure compliance with SOC 2, PCI-DSS, GDPR, and other security standards.

- Enforce identity governance and auditing for access controls and security logs.

- Work with DevOps teams to implement Zero Trust security models across the platform.

Required Qualifications :

- 8+ years of hands-on experience in Azure Active Directory (Azure AD/Entra).

- Proven experience configuring and managing federated authentication using OAuth 2.0, OIDC, SAML 2.0.

- Strong expertise in Azure AD B2B/B2C, RBAC, and Conditional Access.

- Experience in user provisioning and identity governance (SCIM, lifecycle management).

- Deep understanding of API authentication, JWT, and API gateway security.

- Experience integrating external identity providers (Google, Okta, Ping, ADFS, etc.) with Azure AD.

- Hands-on experience with Azure Front Door, Azure App Services, and reverse proxies for authentication flow management.

- Fluent English communication skills, both written and verbal.

Nice to Have :

- Experience with hybrid IAM environments (on-prem AD integration with Azure AD).

- Exposure to Microsoft Defender for Identity, Azure Sentinel, or CrowdStrike for IAM security.

- Experience working in multi-tenant SaaS or integration platforms.

Enhancements & Key Focus Areas in this JD :

- Explicitly requires Federated SSO with OAuth2.0, OIDC, SAML.

- Clearly states API security requirements (JWT, SCIM, API authentication).

- Includes External IDP integrations (Google, Okta, Ping, ADFS, etc.).

- Adds Azure Front Door & Reverse Proxy security for SSO.

- Aligns IAM strategy with compliance standards (SOC2, GDPR, PCI-DSS).