SUMMARY

• Around 8 years of experience in Information Technology in implementation and providing Single Sign on across enterprise applications using Okta, Ping Federate, Active Directory Federation Services, CA Federation, CA SiteMinder with Policy stores as Active Directory, Sun One User directory and other components.
• Worked on Enterprise Users Single Sign On through browser and through services with third party application hosted in enterprise or cloud using Okta.
• Created Authorization rules in sign on policy to authorize the users based on their location and prompt the user for re - authentication or multi factor authentication.
• Experience in migrating applications from ISAM, F5, WEBSEAL,PINGIDENTY,CA SITEMINDER,CYBERARC to OKTA.
• Experience in using SAML 2.0, OIDC, WS-FED, OAUTH2.0 to implement SSO to external web applications in ADFS, OKTA and AZURE AD.
• Configured OKTA as an identity provider to provide single sign on using SAML 2.0, OAuth 2.0 and secure web authentication for different on-premise and cloud applications.
• Configured SSO to allow users to access different enterprise applications through OKTA portal page.
• Migrated Legacy applications from reverse proxy and agent-based authentications to SAML based authentication.
• Experience in implementing SSO and created Multi Factor Authentication for additional security.
• Worked on WS Security to send the saml between webservices using Okta.
• Worked on both Token Generator and Token Processor in Ping Federate.
• Implemented OAUTH in Okta to access the protected API with Access Token by using Authorization Code, Implicit, Resource and client credential Grant Types.
• Implemented ID Token to send the user information as part of Scope in grant types.
• Implemented OpenID connect (OIDC) and OAuth solutions using and Integrated internal Applications, SAAS based applications using SAML 2.0,OAuth 2.0.and OIDC.
• Worked on SCIM, JIT provisioning.
• Experience in installing, configuring Web agents, Sun One Directory server (LDAP) and various Web & Application servers on Multiple platforms like windows, Unix (Solaris), rhel.
• Working as a part of Single Sign on team, Protecting Web applications with Standard/Custom Authentication Schemes and educating the application team about authentication/authorization processes.
• Worked in Tuning the environment and setting up High availability with LDAP. Experienced with, Failover, Load Balancing and other Administration tasks.
• Implemented Single Sign-On on single/multiple cookie domains for Web applications. And integrated SSO with SunOne LDAP and MS Active Directory and eDirectory.This also includes Federation both inbound and outbound using SAML 2.0.
• Experience in implementation of IAM solution from scratch.
• Hands on experience in IAM requirement analysis and SAML, OAUTH and OIDC based integrations.
• Worked on JWT tokens which are being used to authenticate the user using Ping Access, developed custom code to decode the JWT token for the session validation.
• Experience with LDAP Architecture includes DIT and Replication Mapping between replica hub/consumer, Multi-Master/Single-Master in Sun One Directory server.
• Experience in collaborating with teams to determine systems requirements and functionalities needed in new or legacy LDAP.
• Experience working with Sun Directory Server, AD LDAP and good understanding of the LDAP concepts.
• Experience in redesigning the existing LDAP schema with some custom attributes and object classes.
• Experience in developing a system that uses data from LDAP and local templates to dynamically provision and re-provision virtual domains.
• Experience in implementing LDAP security models.
• Experience in creating Custom Authentication Schema both for NTLM and Form based.
• Experience in Developing Web Applications using HTML, CSS, JavaScript, MySQL involving cookies and sessions and also developed java applications.
• Experience in developing applications using java, j2ee and using databases oracle 10g.
• Excellent communication skills and good Interpersonal skills helped me to keep productive and positive working relationships with staff from varying technical backgrounds and skill levels.
• Provided On-call coverage and demanding 24x7production support for high priority issues.

TECHNICAL SKILLS

Identity Management Tools: SAML 2.0, OAuth 2.0, Ping Federate, Oracle Access Manager, Novell Access Manager, OKTA

Technologies: Web Services, JSP, JAVA, SQL, BASH, HTML / DHTML/ XHTML.

Build Management Tools: Maven, GIT, Eclipse.

Tools: Splunk, Web Debugging Proxy (Telerik Fiddler, SAML Tracer).

Operating Systems: Solaris, Linux and Windows.

Web Servers: Apache, IIS, HIS.

Application Server: Oracle WebLogic, IBM WebSphere.

Database: Oracle, LDAP, AD, ADAM, PL/SQL.

PROFESSIONAL EXPERIENCE

Confidential, TX

OKTA Migration Lead

Responsibilities:

• Worked on migrated more than 50 applications using saml2.0., OIDC and OAUTH from on-prem to AWS cloud.
• Migrated multiple applications from PING FREDRATE, Ca siteminder, One IDM to Okta.
• Managed day to day activities creating and managing OKTA sign-on policies and IDP discovery rules including SAML and OIDC applications.
• Deployed MODE AUTH OIDC and OKTA SDK’s on Apache servers to communicate with okta.
• Worked on enterprise extranet legacy SAML IDP analysis for new EU EE deployment.
• Gathering requirements from stake holders and provided architecture for all the applications..
• Worked on modification of HTTPd.Conf files as part of migrating from PING IDENTITY to OKTA.
• Worked on analysis of the security scopes of each application and added the required in bound and out bound rule polices.
• Lift and shift on prem applications to AWS cloud.
• Worked on Chef Scripts to automate the application integration and infrastructure spinning.
• Validating REST API’s in postman and resolving the Issues.
• Created alerts in splunk for change/update in IDP routing rules.
• Worked on Browser SSO using SAML and webservice SSO using WS-Security.
• Worked on OAUTH and OIDC to allow access to Protected API’s for OAuth Clients by getting Access Token from Authorization Server using various Grant Types.
• Enabling services and applications with OIDC and SAML using OKTA API Gateway.
• Configured OKTA as an identity provider to provide single sign on using SAML 2.0, OAuth 2.0 and secure web authentication for different on-premise and cloud applications.
• Design and implemented legacy onprem portal applications to AWS cloud which involves LIFERAY.
• Worked on installing IAM infrastructure and applications and databases from ground up and spinning multiple instances.
• Compared and modified XML objects during the upgrade of IAM.
• Involved in the development and customization of user provisioning solution from ONE IDM as the identity manager to workday and service now.
• Worked on IAM performance to optimize roles, tasks and identity policies.
• Developed and executed Identity Management related test plans.
• Worked in IAM design activities for systems high availability, securing the IAM environment.
• Assisted Infrastructure, platform teams during patching and incidents. On board the applications and provided seamless authentication and SSO using OKTA.
• Responsible for end-to-end single-sign-on OKTA implementation for integrations using SAML, SWA and OAuth OIDC.
• Experience with API, setting up OKTA API tokens using Postman application.
• Corporate-Wide implementation of Single Sign On using OKTA. Administration and configuration of OKTA SSO on multiple AD domains.
• Created services accounts in on-perm LDAP and connection to setup as part of migration of applications.
• Configuring User Authentication Stores and Policy Authorization Stores on LDAP.
• Coordinate with the neighboring teams and analyze the data that is used for user lookup and attributes required for mapping.
• Developed and managed LDAP schema in database to communicate with OKTA LDAP .
• Installed, configured proxy servers with LDAP as the primary backend and provide transparent seamless authentication to users.
• Configured Open LDAP with UNIX and enabled users to authenticate against LDAP.
• Installed and Configured Multi-Data Center Authentication Servers.
• Installed Sun one LDAP Directory server and also upgraded to 11g.
• Provided 24/7 on call support for solving Tickets on a rotating basis with other team members.
• Executing Backups and Recovery strategies for directory data (DIF), resolving back up and recovery
• Issues in a High availability environment.
• Implemented SSO across multiple domains, and created Multi-Factor authentication using DUO for additional Security.

Environment: Windows Server 2003, 2008, 2012, MS SQL 2005/2008,Active Directory, JBoss 5.2, Apache 1.x/2.x, IIS 6,7,7.5 JDK 1.6, J2EE, EJB, JSP, Oracle 11g,AWS,SCLAR

Confidential, NY

SR IAM Consultant

Responsibilities:

• Worked on Integrating more than 180 applications using saml2.0., OIDC and OAUTH both on-prem and cloud based.
• Migrated multiple applications from F5, ISAM, Web seal to Okta.
• Managed day to day activities creating and managing OKTA sign-on policies and IDP discovery rules including SAML and OIDC applications.
• Implemented MOBILE SSO and Desktop Cert based authentication (CBA) firmwide by passing Mobile iron.
• Worked on enterprise extranet legacy SAML IDP analysis for new EU EE deployment.
• Worked on POC for O365, BOX, slack and multiple applications firm wide.
• Worked on enabling Persistent user session in Okta.
• Worked on analysis of the security scopes of each application and added the IDP routing rule polices.
• Worked on site-to-site connectors and Org to Org connector setup.
• Configured new EKM workspace for Certificate Based Authentication (CBA) and setup new repo for group management.
• Configured new okta preview instances to integrate with Azure AD DS test instances.
• Created alerts in splunk for change/update in IDP routing rules.
• Worked on Browser SSO using SAML and webservice SSO using WS-Security.
• Worked on OAUTH and OIDC to allow access to Protected API’s for OAuth Clients by getting Access Token from Authorization Server using various Grant Types.
• Enabling services and applications with ADFS and SAML using API Gateway.
• Configured OKTA as an identity provider to provide single sign on using SAML 2.0, OAuth 2.0 and secure web authentication for different on-premise and cloud applications.
• Design, Implement and troubleshoot applicationAPIGatewaysfor Company wide application services.
• Worked on installing IAM infrastructure and applications and databases from ground up.
• Compared and modified XML objects during the upgrade of IAM.
• Involved in the development and customization of user provisioning solution using SCIM and JIT.
• Worked on IAM performance to optimize roles, tasks and identity policies.
• Developed and executed Identity Management related test plans.
• Worked in IAM design activities for systems high availability, securing the IAM environment.
• Assisted Infrastructure, platform teams during patching and incidents. On board the applications and provided seamless authentication and SSO using OKTA.
• Responsible for end-to-end single-sign-on OKTA implementation for integrations using SAML, SWA and OAuth.
• Experience with API, setting up OKTA API tokens using Postman application.
• Corporate-Wide implementation of Single Sign On using OKTA. Administration and configuration of OKTA SSO on multiple AD domains.
• Configuring User Authentication Stores and Policy Authorization Stores on LDAP.
• Coordinate with the neighboring teams and analyze the data that is flowing to LDAP.
• Developed and managed LDAP schema.
• Installed, configured proxy servers with LDAP as the primary backend and provide transparent seamless authentication to users.
• Configured Open LDAP with UNIX and enabled users to authenticate against LDAP.
• Installed and Configured Multi-Data Center Authentication Servers.
• Installed Sun one LDAP Directory server and also upgraded to 11g.
• Provided 24/7 on call support for solving Tickets on a rotating basis with other team members.
• Executing Backups and Recovery strategies for directory data (DIF), resolving back up and recovery
• Issues in a High availability environment.
• Implemented SSO across multiple domains, and created Multi-Factor authentication using DUO for additional Security.

Environment: Windows Server 2003, 2008, 2012, MS SQL 2005/2008,Active Directory, JBoss 5.2, Apache 1.x/2.x, IIS 6,7,7.5 JDK 1.6, J2EE, EJB, JSP, Oracle 11g.

Confidential

SR IAM Consultant

Responsibilities:

• Worked on ping federate both inbound and outbound calls using saml2.0.
• Worked on Browser SSO using SAML and webservice SSO using WS-Security.
• Worked on OAUTH to allow access to Protected API’s for OAuth Clients by getting Access Token from Authorization Server using various Grant Types.
• Worked on Ping Access POC to authenticate the users using Ping Federation Session.
• Enabling services and applications with ADFS and SAML using API Gateway.
• Design, Implement and troubleshoot applicationAPIGatewaysfor Company wide application services.
• Worked on installing IAM infrastructure and applications and databases from ground up.
• Compared and modified XML objects during the upgrade of IAM.
• Involved in the development and customization of user provisioning solution using IAM.
• Worked on IAM performance to optimize roles, tasks and identity policies.
• Developed and executed Identity Management related test plans.
• Worked on Ping Access Gateway to send all the traffic through a proxy server and get the JWT token.
• Worked in IAM design activities for systems high availability, securing the IAM environment.
• Developed custom code to decode the JWT token of Ping Access Server.
• Configuring User Authentication Stores and Policy Authorization Stores on LDAP.
• Coordinate with the neighboring teams and analyze the data that is flowing to LDAP.
• Developed and managed LDAP schema.
• Provide support for AD LDAP (Multi-master, supplier-consumer) in Solaris environment.
• Installed, configured proxy servers with LDAP as the primary backend and provide transparent seamless authentication to users.
• Installed and Configured Multi-Data center Authentication Servers.
• Installed Sun one LDAP Directory server and also upgraded to 11g.
• Provided 24/7 on call support for solving Tickets on a rotating basis with other team members.

Environment: Windows Server 2003, 2008, 2012, MS SQL 2005/2008,Active Directory, JBoss 5.2, Apache 1.x/2.x, IIS 6,7,7.5 JDK 1.6, J2EE, EJB, JSP, Oracle 11g.

Confidential, Chicago

IAM Consultant

Responsibilities:

• Developed a new environment and deployed Novell Access Manger 4.2 for implementing OAuth 2.0.
• Configured OAuth 2.0 to test different grant types. Used OAuth play ground to retrieve access token and refresh token.
• Documented and presented different OAuth flows to different teams.
• Upgraded Novell Access Manager from 3.2 to 4.2 to enable OAuth 2.0.
• Worked with different teams to implement single sign on using SAML 2.0, OAuth 2.0.
• Identified different SAML 2.0 issues and fixed the issue in NetIQ Access Manager 3.2.
• Worked on ping federate both inbound and outbound calls using SAML 2.0.
• Migrated SAML and OAuth connections from NetIQ Access Manger to Ping Federate in staging Environment.
• Lead the team to move legacy applications from access gateways to SAML.
• Involved in troubleshooting and resolving the issues and implemented changes to enhance the performance.
• Worked on OAuth to allow access to Protected API’s for OAuth Clients using various Grant Types.
• Extended E-directory attribute schema and populated the values for all the users using Apache Directory Studio.
• Configured SAML 2.0 in NAM to integrate with different external applications.
• Supported and maintained the Applications in Production.
• Configured and maintained Proxy services for legacy applications.
• Enabled Captcha for all external applications to avoid Brute-Force attack.
• Created new service accounts for modifying user attributes in Novell e-directory.
• Installed Splunk agents on identity server to export logs for data analysis.
• Imported customer accounts from production e-directory to staging e-directory.
• Enabled two-factor authentication for existing SAML applications.
• Virtualized OAUTH services for all Non-Prod environments.

Environment: NetIQ Access Manager 3.2,4.2, Ping Federate 7,7.3, MS SQL 2005/2008, Active Directory 2012, Novell E-directory, Windows 2012, JSP.

Confidential, CA

SiteMinder and LDAP Consultant

Responsibilities:

• Installed Policy Servers R6sp5 and also One View monitor to monitor the statistics of Policy Server.
• Upgraded the SiteMinder Policy Server from R6 SP1 to R6 SP6, R6 SP5 to R6 SP6.
• Installed Policy Server R6 SP2 against Novell eDirectory user store. And created POC for R6SP5 to R6 SP6 upgrade
• Configured policies on CA SOA Security Gateway Server R6 against R6Policy Server.
• Configured CA Wily Enterprise Monitoring tool against Apache webserver, WebLogic Server and Policy Servers.
• Involved in upgrade of Novell eDirectory server from 8.8.1 to 8.8.5 SP5.
• Installed Option pack for Policy server and Web agent for configuring the Federated Security Services and User Identity between partner sites.
• Installed and configured Apache, Microsoft IIS and Sun iPlanet web servers, Weblogic application servers, with Netegrity Siteminder authentication, and Sun One LDAP Directory Server.
• Migrated SiteMinder protected environment from Unix Solaris 10 to Linux SUSE 10.
• Implemented SSO across multiple domains and created two level of authentication for additional security.
• Migrated large amount of LDAP data across the environment to create a identical production environment to support load testing.
• Monitoring of SiteMinder server logs for identifying problems with Authentication and authorization of users.
• Involved in Master, hub, consumer Replication of userstore from one Directory Server to other.
• Redesigned the existing LDAP schema with some custom attributes and object classes.
• Worked on backup, recovery of userstores in Sunone LDAP Directory Server and configured Load Balancing, Failover mechanisms.
• Responsible for providing 24x7 on call Site minder support.

Environment: Windows Server 2003/2008, SiteMinder R6 SP1/SP5/SP6, iPlanet Web Server 6.0, Novell eDirectory server 8.8.1/8.8.5 , CA SOA Server R12 SP2, CA Wily Enterprise Monitor, WebLogic 8/10, JBoss 5, Apache 1.x/2.x, IIS 6, JDK 1.6, J2EE, EJB, JSP, Oracle 11g.

Confidential

SiteMinder Engineer

Responsibilities:

• Managed User Certificates in LDAP directories for authenticating users. Andconfigured authentication support for X.509 certificates over SSL for validating the users.
• Analyzed the environment and gathered information on the environment to decide the best design and architecture.
• Configuration manager for migrating to a new code repository. Implemented SiteMinder Security Zoning for an internal web portal for web applications accessed thru web portals.
• Configured web agents to protect and manage access to enterprise resources.
• Worked with application teams to configure web server to integrate with SiteMinder plug-in.
• Configuring User Authentication stores and Policy Authorization stores on LDAP.
• Configured User Directory object and Directory mapping object and cookie provider.
• Created user directories, rules to provide authentication and authorizing access to enterprise resources.
• Searching, modifying attribute definitions of LDAP, and troubleshooting synchronizations issues for User Directories. Created scripts for maintenance of user accounts and group existence in LDAP.
• Executing Backups and Recovery strategies for directory data (DIF), resolving back-up and recovery issues in a High availability environment.
• Conducted Analysis and planning for LDAP implementation, Mapping applications and data sources to default or supported schema in both LDAP and non-LDAP environment.
• Integrated secured applications with SiteMinder Policy Server. And implemented disparate authentication and authorization for applications.
• Configured Authentication and Authorization to support Higher availability, Fail-over, Load balancing. And Executed Recovery and Backup strategies for directory data (DIF).
• Implemented Replication mapping between replica hub/consumer directory servers. And monitored of replication status for synchronization and conflicts.
• Troubleshooting Web Agent and SiteMinder Policy Server issues and Supported production environment for resolving the tickets. Resolved various production issues related to Single Sign-On for web application with High availability.
• Coordinated with CA support team to resolve the issues came across in development and other environments.

Environment: Sun Solaris 2.8, Windows 2000,2003, Netegrity SiteMinder 5.5 6.0, Web Agents 4.x,5.x,6.x, Sun One directory server 5.1,5.2, IIS, IPlanet Web Server5.0, IBM Http Web Server.