- To play a key role as a team player looking for further knowledge in becoming an Identity & Access Management (IAM) in Web Application Security (SSO), and help set the performance standards for the company allowing my professional growth.
- 7+ Years of professional exposure in Identity and Access Management (IAM) and diverse range of skills in Information Security Domain and having a very good record of implementation, administration, maintenance & support on IAM products.
- Well versed with integration of administration, maintenance & support on IAM tools like Ping Federate, Ping Access, Ping Directory, CA tools, Linux SAML spring servers, Azure AD, Active directory, ADFS, and various identity as a service tools (IDAAS).
- Supporting overall Company IAM Infrastructure which includes various IAM technologies, listed below:
- Full Ping Identity Stack (PingFederate, PingAccess, PingID, Ping Directory).
- Active Directory, Active Directory Federation Server, Azure AD, Azure AD Connect.
- Steal Belted Radius Server (NPS).
- Hands on experience in IAM requirement analysis, implementation of Access Gateways and SAML, Oauth, RBAC, Open ID based integrations and web access management(WAM)
- Implemented more than 150+ applications for Multifactor authentication using Azure AD and writing conditional policies.
- Implemented 500+ single sign on authentication from Ping Federate Server and Azure AD, SAML spring severs. Users are generated on the fly using LDAP import with their corresponding role based access. Worked on Dynamic, Static, Alt SAML ID, federation type of SP and IDP SSO connections.
- Manage Identity Access management of Azure Subscriptions, Azure AD, Azure AD Application Proxy connectors, Azure AD Connect, Azure AD Pass through Authentication, ADFS, ADDS, ADCS.
- Resolved Azure AD issues relating to Office 365, Active Directory to Azure AD, resolving the Sync issue Microsoft Managed Services Service Provisioning Provider (MMSSPP).
- Experience in doing Web service federation (WS) between two web services using SAML and by creating connection between the two soap service clients.
- Experience in working with various web application development teams to assist them to integrate their application with SSO. Privilege access manager (PAM) on cyber ark.
- Worked on Data loads (eDB), Oracle based platforms, made portal GUI changes running data loads through Putty/Winscp, without impacting the existing configurations.
- Advanced Knowledge in Microsoft 2008/2012/2016 servers, VMware Enterprise, Firewalls, ACL's, DMZ zones & TCP/IP networks.
- Performed Requirements Gathering for a Proof of Concept to be implemented into their environment in development for Azure AD, PingFederate and Microsoft Active Directory server.
- Experience in Replication, Chaining, Load Balancing and other Administration tasks involving Netegrity/CA SiteMinder, Pingfederate Policy Server, Active directory, Azure AD in both Production and Non - Production environments.
- Expertise in Developing, Configuration, Deployment, Troubleshooting and Management of Enterprise Applications for Pingfederate, Azure AD and CA e-trust Directory server.
- Solid understanding of Identity Access Management architecture and exposure to entire features of CA SiteMinder (Policy Servers & Web Agents), PingFederate 7.1.2, 8.4, 9.1.3 and later versions, Azure AD, AD, ADFS. ADDS, ADCS.
- Azure Active Directory (AAD) configuration and management, policies and provisioning, Azure AD Connect, Azure AD, Multi-Factor Authentication, ADFS, AD DS, AD CS.
- Troubleshooting issues related to SSO, authentication and authorization, as well as troubleshooting LDAP issues.(TID,LID mapping methods)
- Worked on Single Sign on (SSO) to implement security polices and handle LDAP, Pingfederate and Webserver on Solaris environment. Also maintenance of RSA256 SecureID.and OAEP Algorithm.
- Worked on load balancing methods, SSL certs, PKI, X-509 certs, persistence profiles, SNAT IPs, client/server profiles while configuring VIPs and customizing them as per the applications needs.
- Provided guidance in the planning, gathering requirements, recommendations, and implementation of data migration to Office 365, and configuration best practices.
- Having Experience on creating and updating the various PowerShell Scripts for windows, Active Directory, Azure AD and O365.
- Experience on Azure Multifactor authentication using NPS extension.
- Configured Network policy server (NPS) in Prod and Non Prod, and NPS extension with Azure tenant for MFA.
- Worked on F5 Access policy Manager (APM), enable SAML module on F5 and integrate SAML assertion with Azure AD. Server by server and region by region .created Proof of concept before going to live.
- Connecting NPS servers to AD - Domain controllers for Azure extension to trigger MFA challenge.
Operating Systems: x64/x86 RHEL 7.x/6/5, CentOS, Microsoft Windows 2008, 2012R2, 2016, 2019/ Microsoft Windows 8.1, 7, and Windows XP
Office & Support Tools: MS Office 2000, 2003, 2007, 2010 & 2013. Open Office 3.0, Share Point Server Lync 2010, Power shell scripting Office 365, Service Now.
LDAP Directories: CA Directory etrust, Microsoft Active Directory, Oracle Virtual Directory (OVD), Azure Active Directory, AD
Identity Management: CA/Netegrity SiteMinder, PingFederate, CASy,eDB(Custom), Azure AD, AD
J2EE App servers: JBoss 7, WildFly 9.x, WebSphere 8.x, WebLogic, Tomcat
Web Servers: Apache 2.x, ngnix, IIS, IBM HTTP server, .Net framework
Virtual Environment: VMware vSphere ESXi Server 5.1, ESX 4.1, vFabric, VMware VCenter Server 5.5, Citrix Studio 7.5, Citrix receiver and MS Hyper-V
Network & Security: SAN / NAS (HP P4000), Hitachi & EMC, TCP/IP, NetApps, DNS, WINS, NFS, NIS, DHCP, Barracuda Web filter 410vx, Cisco Router 2600 & 3600 Symantec Endpoint Protection 12, McAfee, Kaspersky, Microsoft Security
Mail Server: MS Exchange 2013/2010/2007 & MS Outlook 2013/2010/2007 and 2003
Hardware: All Intel based Desktops & Laptops, Servers, Unified Computing System (UCS), HP ProLiant DL360 G7, BMC Blade, servers, IBM HS-22 server, Hubs, Switches, Bridges, CAT 5e cabling, Printers, IBM PC and Compatibles
- Deliver web and application development, maintenance of Azure AD services Like single sign on (SSO) and multifactor authentication (MFA) and also troubleshoot issues related to API web applications. Mainly focused on Azure MFA and other MFA solutions.
- Responsible to onboard/Integrate new applications to Azure AD and PingIdentity with SAML, OAuth and OpenID Connect standards.
- Build a Active directory server on prem on non-production and production environments and connected to Management UI while integrations with federations to web agents using NPS server extension with Azure AD for MFA.
- Build and configured, maintenance and support on Network policy server (NPS) in Production for MFA with Azure AD. (Troubleshooting MFA issues with NPS logs)
- Providing web applications Single-Sign on and Federation technology with Azure AD using protocols like, SAML, Oauth, Open ID Connect, WS-Federation.
- Integrating Microsoft Azure MFA with CyberArk, VPN, Oracle access manager, VDI and other third party tools.
- Connecting NPS servers to AD - Domain controllers for Azure extension to trigger MFA challenge.
- Perform on IAM/MFA development and solutions within Microsoft Azure and other cloud providers.
- Perform SSO connections in Azure AD technology standards with SAML 2.0 (SAML spring framework -backend coding)
- Execute with programming languages PowerShell scripting to pull data and force sync with Azure AD.
- Implementation on Access control, MFA, creating Active directory (cloud) for app services in azure management portal using RBAC other protocols.
- Azure - Azure Active Directory (AAD) configuration and management, policies and provisioning, Azure AD Connect, Azure AD, Multi-Factor Authentication, ADFS, AD DS, AD CS.
- Operations on Active directory management adding and configuring new workstations and adding up user accounts to provide authorization and authorization to web application.
- Manage Active Directory accounts which involved creating, modifying and deleting users, groups, computers and contacts for business involving .Set Up Active Directory Sites, Subnets & Site-Links to ensure network efficiency and Monitoring the Active Directory Replication status and the health of the Domain Controllers.
- Deliver provision for login issues, check log files, work with client and SAML Level 3 to find Root Cause Analysis of SSO problems, gather accurate useful information from end user for SSO/MFA issues
- Client interaction and facility maintenance engagement in Web Authentication and implemented Web Access Management Solutions using Azure/AWS or any Identity Access Management tools.
- Requirements Gathering for a Proof of Concept to be implemented into their environment in development for IDM tools, resembling Microsoft Azure AD and SAML/MFA servers.
- Design and develop solutions on Token Generator and Token Processor to establish a connection between two web services from different Enterprises, JWT tokens to authenticate the end users, with federation services.
- Maintain both QA/UAT and Production servers for Azure along with the cluster management and timely Replications to deploy changes to servers.
- Responsible for the overall performance and stability of the applications built using the Identity and Access Management products Microsoft Azure AD, Ping Identity.
- Engagement with service owners and business owners and explain them about SAML and Multifactor authentication to protect their applications, and migrate all the users to MFA group to get MFA challenge from Azure AD.
- Migration of all organization users to MFA group for external applications to trigger MFA challenge.
Environment: Windows, Active directory, Azure AD, O365, Network Policy server, Linux, configure gateway XML files, basic certificate import commands, stop/start gateway services, directory services, Ldap on softterra, service now, Azure AD, IAM, Apache Web Server 2, Oracle RDMS, Java/JDK 1.6, J2EE, JSP, Node.js, Servlets, Active Directory
Confidential, San Diego, CA
IAM Engineer-Analyst/ Directory services/Azure AD
- Deploying, configuring, implementing, integrate, customize rules of CA Etrust Directory products to meet customers’ requirements. Integrated Directory servers version upgrade, Federated major applications user policy store, key store and session stores.
- Migrated CA Siteminder and etrust to Azure AD SAML/WS Federate protocol, Good understanding in setting up SSO for cloud apps, worked on delegating app admin access, granting app access etc. Troubleshooting logins on IWA and AD agent issues, providing solutions for the external SSO using protocol SAML.
- Experience in setting up SAML Open ID connect, OAuth connection templates and working with app teams on deploying the apps to support next generation standards, Experience in deploying SaaS based connectors like AWS, Slack, Box and Salesforce many more depending on the new integration patterns. Implemented clients and generated client's secret in Oath.
- Generating new CSR to get keypair, for SSL certificate from external vendor.
- Troubleshooting crobjobs/logrotate to generate auto scripts of back up files to Atos and control M job agents.
- Build a directory server on lower and Higher environments and connected to Management UI while integration with federation web agents. (CA/Ping/Azure Products)
- Webservices migration on directory servers versions migration upgrade paired on LB, standalone servers.
- Certificate key-ssl, how to mainframe cert requests, mainframe cert requests, SSG Mainframe Certificate Refresh and Federation Services, manage Certificates and Private Keys.
- Checking High disk, memory cleaning on server utilization of CPU usage, VLANS, hostnames on webservers and application servers.
- Looking P1/P2 level issues on Web logic related issues, on DB servers and gateway related issues..
- Installing Web server (Apache, Tomcat, IBM HTTP Server and IIS) agents & configuration, Policy, Rules, Realms, Response and Auth Schemes set up
- Configure User Directory and Directory Mapping for Authentication and Authorization.
- Integrating new Web applications both in Site minder and Federation by following standardized procedures set up in operating manuals according to the requirements of the client.
Confidential, Grand rapids, MI
Systems Engineer/Azure AD
- Performed SSO connections in AWS and Azure technology standards with SAML 2.0 (saml spring framework -backend coding)
- Configuring new SAML Federations for external clients, interact with client to test and support SAML SSO.
- Providing support for login issues, check log files, work with client and SAML L3 to find RCA of SSO problems, gather accurate/useful information from end user for SSO issues
- Worked on Access control, MFA, creating Active directory (cloud) for app services in azure management portal.
- Worked on Global single sign on(IdP/SP), creating external user account provisioning for third party service provider applications.(KLT )
- Integrated SAAS applications, service now, tablueau, KLT with Azure production servers and AWS in Non production.
- Expertize in Azure AD user provisiong, creating resources and groups under the directory role blade.
- Worked on application Gateway while integrating SSO to IBM tiriga with Azure Portal (SSO header settings).
- Integrated Service now(SP) with Layer 7 gateway as identity provider.
- Hands on experience on understanding of SAML data flow, Look for root cause analysis in gateway SAML logs to troubleshoot SSO problems.
- Integrated cyberark saml/Duo access gateway with layer 7 for SSO access for internal and external users.
- Expertise in using third party tools like Okta, onelogin, Ping, CA SSO intergations.
- Driven on Linux servers to check the gateway, catalina and auth.logs,server logs and audit logs for SSO troubleshooting.
- Operated AWS/Azure Identity and Access Management (IAM) web service applications to securely control access to the portal with protected resources and user groups in AD. such as IAM users, applications, or AWS services such as EC2.
- Combined windows authentication/authorization, comparable ADFS single sign on, password based sign on, open ID, header based sign on.
- Worked on Password vaulting for single sign-on with Application Proxy hosted on Azure.
- Proficiency in deploying mid servers in azure and gateway applications on the production server.
- Worked VPN access and RSA secure ID access from any device, anywhere—to the applications they need, whether in the cloud or on-premises
- Worked on MFA authenticator provides additional security with 2-step verification.
- Working with different on premises and cloud identities for application proxy. Using on premises principle name and on premises SAM account name.
Confidential, Smithfield, RI
IAM Analyst / SSO Consultant/ Ping federate
- Worked on the migration of legacy SSO connections (CASy) to Pingfederate technology standards
- Convert business functional specifications into technology system design specifications.
- Participate in the definition of functional and non-functional system requirements.
- Updated requirements as per business user's feedback and changes in functionality of the applications.
- Handling/Documenting IM tickets related to SSO, providing information to problem management to solve RCA(root Cause Analysis)
- Worked on Token Generator and Token Processor to establish a connection between two web services from different Enterprises, JWT tokens to authenticate the user using Ping Federation.
- Extensive experience in Client interaction and support maintenance engagement in Web Authentication and implemented Web Access Management Solutions using Ping.
- Upgraded Ping Federate from lower to higher version both for Console and Engine server (From 6.4 to 7.3 and 7.3 to 8.2).
- Integrated Ping Access with Ping Federate System to get authenticated by Ping Federate and Authorized by Ping Access Servers using the Access Control Lists.
- Experience in Ping Federation using SAML and integrated with custom tool CASy authentication.
- Integrated both IDP and SP initiated SSO using Ping Federate with external partners.
- Experience in deploying SAML based highly available solutions using Ping Federate and other security products, can create and process the SAML to get tokens which can be processed by other Web Access Management Products.
- Experience in collaborating with teams to determine systems requirements and functionalities needed in new or legacy LDAP.
- Experience working with Active Directory using LDAP protocol and good understanding of the LDAP concepts.
- Created SP/IDP connections using Ping Federate with external partners via metadata.xml, URL's files and Manual connections.
- Migrated SAML Based SSO partners from old legacy servers to Ping Federate 8.2.
- Working as a part of SSO team, Protecting Web applications with Standard/Custom Authentication Schemes and educating the application team about the flow of SSO.
- Maintained both Test and Production servers for Ping Federate along with the cluster management and timely Replications to deploy changes to servers.
- Integrated CASy with Pingfederate using token translator to bridge the SSO gap between applications protected on either system.
- Configured Ping Federate 18.104.22.168 for SSO across multiple web based enterprise applications.
- Configuring all the applications to the centralized login page (SSO page) which come from the Login Servers and troubleshooting the login issues related to that.
- Involved in SAML 2.0 integration for new applications by being an IDP.
- Configuring SSO for different applications in different domains with Cookie Provider and troubleshooting issues related to them.
- Assisted in developing UI component library to provide reusable UI elements across Ping's suite of applications.
- Led front-end development efforts for redesign of Ping Federate, Ping Identity's flagship on-premise product.
- Worked on ping federate both inbound and outbound calls using SAML 2.0.
- Worked on Browser SSO using SAML and webservice SSO using WS-Security.
- Worked on OAUTH to allow access to Protected API's for OAuth Clients by getting Access Token from Authorization Server using various Grant Types. Used OAuth play ground to retrieve access token and refresh token.
- Configured Pingfederate audit logs and created reports as per the business security requirements.
- Executed platform upgrades for PingFederate.Installation and configuration of PingAccess.
- Installation and configuration of Agent and Agentless plugin in PingFederate on different Webservers.
- Involved in vendor evaluations for Multi Factor Authentication (MFA).
Security Consultant - IAM Analyst
- Worked for VMS project. Created and maintenance of VM Servers
- Server2003, Server2008 R2 and Server 2012.configuration and support.
- Executed platform upgrades for PingFederate Installation
- Installation and configuration of Agent and Agentless plugin in PingFederate on different Webservers.
- Analyze current network layout, services and resources to determine required access.
- Determine user roles and responsibilities, classifying like users into groups to ease maintenance and rule implementations controlling access to resources appropriate to user and group classifications.
- Troubleshooting Web Agent and SiteMinder Policy Server issues.
- Created Domains, Realms, Rules, Responses and Policies.
- Created User Directory for LDAP and AD.
- Provided complete L3 support for VMware virtual infrastructures.
- Provisioning new servers, imaging; handling other daily routines; leading new deployments from systems perspective by coordinating internal resources; performing systems backups and restore procedures.
- Handling the complete installation, configuration & maintenance of Microsoft Windows Servers; designing the Backup Strategy for sites and ensuring scheduled/unscheduled Backups as per backup plan and restoration; managing Server, Domain, AD, User Rights, etc…
- Active Directory and Group Policy Management.
- Configuration of IIS 7.0,Installations of Web Applications on IIS servers
- Security, health, management and performance features.
- Windows System Center Configuration Management Server