SUMMARY:

• Around 10+ years of experience in IT field including Installation, Configuration, Development, Deployment, Administration, Trouble Shooting and network security, database systems, and Enterprise Document Management in large scale organizations.
• Worked access control policies in ADFS to control access to office 365.
• Worked on seamless SSO in domain joined machine
• Deep knowledge of Cyberark
• Well experienced in maintaining CyberArk infrastructure with the latest security, new features and healthy.
• Extensive experience in bean shell development, workflows, rules, access s, forms and policies within SailPoint IdentityIQ.
• Deployed & Configured SailPoint IdentityIQ Connectors for different target systems.
• Hands on experience in concepts of Identity management including provisioning, role - based access control, access request,, reporting & auditing.
• Strong experience in onboarding & integrating various applications into SailPoint IdentityIQ including Active Directory, Delimited files, LDAP, Service NOW & JDBC applications.
• Experience in configuring and customizing access reviews within IdentityIQ including validating and developing content for notifications.
• Strong knowledge in working with SQL & various database management concepts.
• Experience in gathering requirements for user provisioning & application on boarding by conducting interviews with various teams.
• Proficient in customizing the UI and branding depending on customer requirements.
• Strong experience in using HTML, JavaScript, CSS and AJAX technologies in web development.
• Excellent communication, interpersonal skills and capable of working individually with minimal supervision.
• Ability to handle multiple tasks and work in multiple projects simultaneously.
• Ability to work in a fast-paced environment and excellent team player, ability to work under pressure and meet tight deadlines
• Installations and Upgrades (Windows/Linux/AWS)
• Experience in Hybrid Deployment of On Premises Active Directory to Azure Active Directory.
• Experience in Synchronization of objects from Active Directory to Azure AD.
• Experience in Password write back and MFA and SSPR.
• Experience in Password Hash Synchronization, Pass through Authentication and ADFS.
• Experience in AD Connect Health for AD Sync server, ADFS and ADDS.
• Perform MFA against on premises MFA server solution when authenticating to ADFS.
• Achieved Single Sign On (SSO) solutions among the enterprise application by installing, configuring, deploying different products like Ping Federate/Ping Access/ CA SiteMinder on windows as well as on Linux servers based up on the requirement.
• Hand on experience in implementing SSO concepts like SAML 2.0, Open Token, WS - Fed, Open ID connect (OIDC) and OAuth 2.0 for enterprise and customer facing applications.
• Accomplished Federation protocols to establish the trust relationship between Identity Provider (IDP) and Service Provider (SP) by implementing different protocols like SAML1.1, SAML2.0, WS-Federation, OAuth2, Open ID Connect (OIDC), WS-Trust.
• Experienced in installing and configuring Server Administration, Attribute Mapping, SSO Connections, OAuth 2.0 Configuration, Open ID Connect Configuration, Logfiles using PingFederate.
• Experience in implementing SSO and Multi Factor Authentication using Ping Federate and Ping ID.
• Experience on setting up SAML flow for applications with custom IDP chaining requirements. Adept at OIDC, OAuth 2.0 flows and helped organizations move from legacy protocols to modern authentication.
• Have led application migration efforts from on-premises to cloud environments.
• Good working knowledge for cloud platforms like AWS and Azure.
• Proficient in provisioning and de-provisioning users to various applications in OKTA.
• Experience in setting up infrastructure for Secure Proxy Server which would act as both reverse proxy as well as the federation engine for external applications.
• Configured various applications with ADFS for Single Sign On (SSO).
• Experience in using web agent option packs to build and maintain Federation infrastructure to provide SSO functionality to external applications.
• Experience in syncing objects, users, groups, from on-premises activedirectory to Azure Active Directory(AAD)
• Experience in ActiveDirectoryFederation Services (ADFS), SAML, web Single Sign-on (SSO), OAuth and related authentication technologies

PROFESSIONAL EXPERIENCE:

Confidential, New York, NY

IAM Consultant

Responsibilities:

• Design, implemented a solution which manage the Identity lifecycle of almost all applications with the enterprise, without directly controlling the identity store within the application.
• Development of identity federation connectors from SailPoint to target systems, along with subsequent access control by SecureAuth.
• Ensure requirements gathered, processes defined, and use cases documented follow out of the box configuration vs. customization as much as possible
• Develop SailPoint deployment and solution architectures
• Developed LCM events in SailPoint IIQ.
• Participate in all SailPoint deployment activities - connector configuration, custom rule development, workflow configuration and development, third party system integration.
• Involved in creating custom reports, s to cater various data feeds.
• Involved in approvals process workflow design and rule creations using bean shell and xml.
• Achieved SOX and PCI compliance by building a flexible and scalable framework to provide authentication and authorization services while supporting rules/roles/languages requirements for various International countries.
• Analyzed the application before on boarding to get extract of application with the user unique ID, access levels and permission and do deep dive sessions.
• Implemented Self-service feature, Password feature, Provisioning feature and policies in SailPoint.
• Maintained user account workflows using form Joiner, Mover and Leaver.
• Involved with existing Provisioning Team for the application in order to make it fit in to IIQ and to get the existing User Access Management (UAM) model.
• On-boarded applications using Provisioning application’s requests in IIQ.
• Implemented and Scheduled various type of User Entitlement Reviews for applications and databases in a timely manner to all the business areas across the organization.
• Performed exhaustive audit of the Active Directory infrastructure via Windows PowerShell
• To implement Change Requests in IIQ, Drawing Scheduling of Events and Shape of the weekend for Business check Outs.
• Developed Role Model Templates based on the applications on boarding by getting engaged with various business people and TS also.
• Designed SailPoint deployment activities - connector configuration, custom rule development, workflow configuration, development and third-party system integration.
• UsedJSONfor data exchange between browser and serve
• Developed Composite Applications using SailPoint IIQ.
• Designed and implemented SailPoint build processes, code migration, and source control use.
• Deployed several custom-developed Sailpoint connectors to connect various client systems.
• Configured application agents on PeopleSoft, WebSphere, WebLogic.
• Responsible for developing Docker Images to configure API Gateway, my sql and migrating gateway and joining individual images to make complete automation.
• Developing Adaptor, Scheduler, Connector with the Help of API.
• Developed LCM events Joiner, Mover, Leaver, Update, and Event based s in SailPoint IIQ.
• Designed and implemented scalable, secure cloud architecture based onAmazon Web Services(AWS).
• Provides provisional user access, manages applications, and assigns roles utilizing LCM.
• Involved in Configuring Gateway cluster and auto provision a Gateway.
• Involved in requirements gathering discussion with Workday app team and helped them utilize Okta’s SSO feature for Workday.
• Utilized Windows PowerShell to create a master table of contents page for the desktop support knowledge base, allowing for expedited troubleshooting and research of reoccurring desk side issues
• Creation and maintenance of digital s to be integrated with PING Federate for integrity of assertion.
• Implementation of different direct/custom connectors to connect Mainframe (RACF)
• Installed and configured RACF SailPoint connector to integrate with Mainframe systems
• Configured workflows and Integration for life cycle events.
• Installed and configured IAM solution components
• Installation and updates of the prerequisite databases and LDAP directory servers Created and modified workflows for implementing business flows
• Performance tuning and problem determination for IAM solution
• Troubleshoot any system failures, identify root cause and fixed issues.
• Worked with business and Analysts to document system requirements for IdentityIQ.
• Demonstrated role based user provisioning that leads to implementation of IIQ. Centralized identity data, roles, business policy and risk modeling to support compliance initiatives and user lifecycle management.
• Control over user access to sensitive applications data while streamlining the access request. Re-, Connector Development process using SailPoint Identity IQ
• Worked on Application connector configurations like delimited, JDBC, AD.etc
• Gathered requirements billing application back-end and creating business and technical documentation
• Customization of the SailPoint IIQ product to implement enterprise security and access control.
• Developed workflows for life cycle events joiner and leaver.

Confidential

IAM Consultant

Responsibilities:

• Interacted with the SME’s to gather information about project related requirements.
• Requirement gathering for password management.
• Created power point presentation for business SME to facilitate requirements gathering
• Implement CA Governance Minder and CA identity Suite software. Independent responsibilities included the installation, configuration, customization, and ongoing maintenance of CA Governance Software in cloud platform.
• Migrated SAML Based SSO partners from CA Single Sign-On federation to Ping Federate 7.
• Hands on CA Site Minder Primary Security Operations.
• Used Ping API to deploy and create SAML changes.
• Implemented Design Security Network on CA Single Sign On.
• Good knowledge on Docker Security
• Configured and supported SAML based Identity & Service Provider connections
• Implemented open ID and OAuth solutions using Ping Federate.
• Extremely capable at developing custom SSO integration in PHP, C#, Java, Node.js and Meteor
• Skilled at project management, documentation, communication, and providing technical support
• Implemented JWT token instead of traditional http headers.
• Created Custom Adapter Replacing Site Minder 3.0 Ping Federate Identity Provider adapter.
• Expertise in open source and commercial SAML Identity Provider and Service Provider implementations (Shibboleth, Simple SAML php and ADFS)
• Resolve complicated IDM issues and health checks for IDM system.
• Utilized IAM protocols such as SAML, O auth, OpenID
• Support enterprise data backup (VTL) Backup Exec, Net Backup, and HP Open view, HP data protector
• Design and implement Identity Manager 3.6 with different drivers (AD, Notes, LDAP, Exchange, SOAP, JDBC, Active Directory, directory), analytics with SCP, HANA Modelling
• Developed custom PingFederate adapters and PingFederate custom data source drivers using PingFederate Java SDK (IdpAuthenticationAdapterV2 / Custom Data Source Driver / Password Credential Validator)
• Performed Proof of concept for Open AM, Ping Access 3 and CA Single Sign-On R12.52.
• Maintenance of Pingfederate deployment including performing upgrades, patches, and ensuring availability.
• Define and configure policies for Pingfederate
• Clustering with Pingfederate for high availability and high performance
• Configuring provisioning failover and configuration synchronization
• Integration of Ping with OpenID Connect, SAML, SOAP, WS-Security and OAuth
• Coordinating application onboarding to Ping deployment
• Work with vendors on troubleshooting and platform upgrade activities

Confidential, Atlanta, GA

IAM Consultant

Responsibilities:

• Highly dynamic environment with sprint teams using agile methodology.
• Involved in the development of Solution Design Overview document and technical document.
• Development of identity federation connectors from SailPoint to target systems.
• Created Custom tasks, Custom Objects to update the entities in the system which are scheduled every week.
• Built Joiner, Mover and Leaver workflows to maintain user accounts
• Involved in creating custom reports, s to cater various data feeds.
• Participated in all SailPoint deployment activities - connector configuration, custom rule development, workflow configuration and development, third party system integration.
• Analysis of the specifications provided by the client and help Project Manager to estimate the effort required
• Developed Rules like Build Map, Correlation, Exclusion, Policy Violation, Policy Formatting etc., as part of connector development.
• Designed and implemented custom solution for end users to request Identity IQ capabilities following proper approval and auditing process. This feature is not available to end users by out of box.
• Implementing the provisioning feature of SailPoint IIQ by using various connectors like LDAP, Workday, etc.
• Involved in Configuration and development of SailPoint Life Cycle Events (LCM).
• Configuring various roles and policies in SailPoint.
• Implemented Restful web services to connect the AC and SailPoint applications and fetch the data into portal application.
• Installed and configured Password Reset Administrator tool to reset the passwords from Care team.
• Perform Installation and configuration of SailPoint IdentityIQ
• Develop custom SailPoint BuildMap Rules and Workflows as per the business needs.
• Setup applications Active Directory, LDAP, Oracle and Flat Files.
• Providing solutions for the changing business requirements.
• Implement REST classes using SailPoint Rest Application.
• Using IIQConsole for operations such as checkout, import, connector Debug etc.,
• Used IQService as part Identity IQ for Active Directory (AD) provisioning.
• Setup direct connectors for AD, LDAP, MySQL, Oracle, EPIC
• Configuration of Roles, Policies and s for governance compliance

Confidential, Indianapolis, IN

IAM Consultant

Responsibilities:

• Set up Confidential policy server on 4 environments (Dev, QA, UAT & Production)
• Developed build map rule, creation rule and customization rule to create Employee and Contractor user accounts into SailPoint from their current application’s exported feed file.
• Developed a custom form in the SailPoint UI so that various admins can create Employee/Contractor user accounts manually through UI and provision users
• Manage client requirements and configure connectors for 50+ applications
• Created and ran the aggregation task to bulk load authoritative source data from Active Directory, Exchange and LDAP
• Developed a creation rule to run update, terminate and rehire transactions on specified Employee and Contractor user accounts based on the feed file data.
• Developed a scheduler using Java that will periodically run to terminate contractors on their specified contract end date.
• Set up SailPoint IIQ policy server on 4 environments (Dev, QA, UAT & Production)
• Developed build map rule, creation rule and customization rule to create Employee and Contractor user accounts into SailPoint from their current application’s exported feed file.
• Developed a custom form in the SailPoint UI so that various admins can create Employee/Contractor user accounts manually through UI and provision users
• Created and ran the aggregation task to bulk load authoritative source data from Active Directory, Exchange and LDAP.
• Developed a creation rule to run update, terminate and rehire transactions on specified Employee and Contractor user accounts based on the feed file data.
• Developed a scheduler using Java that will periodically run to terminate contractors on their specified contract end date.
• Developed a code that will send expiration notification to Contractors.
• Developed a scheduler that would periodically check for Name change requests in the feed file data and will change the name of respective Employee account.
• Developed a java code that will consolidate role details of user accounts into a CSV file and send to HR or Application Admin. The admin can then act upon the access of users accordingly.
• Involved in design and implementation of IdentityIQ solution in FDIC, configuring Active Directory, and Shared Folders.
• Established measures, metrics, and goals to drive performance as per business, security, and IT needs.
• On boarded various applications like delimited file, AD etc.
• Developed BuildMap rules, Pre-Iterate rules and Customization rules
• Developed Delegation rules, customized s to send email notifications as per client needs.
• Writing unit tests using N-Unit and Involved in Test Plans and wrote Test Scripts for Manual and Automation Testing.
• Designed and deployed Identity & Access Management solution to improve user experience, meet compliance, and reduce costs.
• Involved in creating custom reports, s in order to cater various data feeds.
• Implemented Forms Authentication using database for Usernames/Passwords.
• Validation controls were used to accept or reject input before additional processing.
• Client form validations are done using HTML, Java Script.

Confidential, NY

IAM Consultant

Responsibilities:

• Implemented and Customized Manage Access and Manage Identity modules as per customer requirements in SailPoint IIQ.
• Designing and implementing applications integration with PingFederate/ PingAccess /Ping ID in both Non - Production and Production. Working with application's business and technical teams to gather requirement to integrate application with PingFederate/PingAccess/Ping ID for Single Sign On.
• Integration of third-party applications with various Single Sign On matrix like Open Token, Agentless and SAML based services, created both WS-Fed and SAML 2.0 protocol Service Providers endpoints using Ping Federate.
• Exporting Metadata, creating Adapters, Service Provider connections, Identity Provider connections, replicating configuration archive, importing and exporting SSL s using Ping Federate, Configured Ping Gateway to Authenticate the users and API’s through Ping Access and Ping Federate.
• Installation and Configuration of OKTA LDAP Agent for delegated authentication with okta.
• Configuring OKTA Directory settings in OKTA - Directory Mappings, user search, attributes, groups/roles and username format.
• Migrate Users from LDAP and Active Directory to OKTA Universal Directory. Translated massive data sets into actionable business results.
• Implemented the foundation for entitlement for users to address regulatory compliance and audit requirements.
• Collaborated with technical resources to develop workable solutions that meet customer expectations.
• Gathered and analyzed application data provided by application owner.
• Translated business requirements into technical requirements and assist other team members in implementing the solution.
• Provided direct technical evaluation of third-party products for inclusion in IAM solutions and define software development processes.
• Set up an automated application user campaign for approval of the access and privileges for .
• Generated reports for each application for audit purpose.
• Setup the workflows for requesting, granting and revocation of the user acces
• Working with IBM team to gather requirement to migrate Junction based application from IBM to Ping Access. Designing and implementing solution to migrate junction-based application from IBM to Ping Access.
• Worked on Ping Federate Clustering with Engine and console servers being part of cluster by maintaining multiple clusters for the high availability, Configured Ping Federation Environment for SAML Federated Authentications for users coming from partner sites by configuring ID Provider/Consumer using SAML 2.0 POST binding. Configuring Ping Access logout and sharing the URL with Application team.
• Migration of data and policies from legacy solutions to Ping deployment
• Migrated all SSO Apps configured currently in CA Site Minder to Okta Platform to leverage the combination of SSO and Contextual MFA.
• Integration of Oauth, OpenID Connect with IAM systems on both Windows and Unix/Linux platforms
• Integration of Ping products like Pingfederate, Ping ID and Ping One
• Installing Ping Access in clustered and high-availability mode
• Configuring SSO with Ping Access using authentication schemes such as form based, based etc