SUMMARY

• 6 Years of experience which includes demonstrated work experience in the design, development, testing, implementing enterprise wide security applications using CA SiteMinder, Ping Identity, Ping access, Okta, Cyberark and LDAP Directory.
• Expertise in implementing, integrating and supporting Okta cloud SSO, MFA and enterprise SaaS technologies into complex IT environments across heterogeneous operating environments.
• Expertise in integrating various web applications with Single Sign On.
• In - depth and Strong knowledge of Identity and Access management products - CA SiteMinder Access Manager.
• Expertise in implementing, integrating and supporting Okta cloud SSO, MFA and enterprise SaaS technologies into complex IT environments across heterogeneous operating environments.
• Expertise in Okta provisioning, SSO and MFA.
• Expertise in implementing RSA token Authentication and good exposure in implementing the SAML based Single Sign-on (SSO) and Single Log-Out (SLO) involving service with third party applications.
• Experience in administration of LDAP Servers
• Streamlined and Automated the New Hire Onboarding and Offboarding Process via Workday/OKTA/Active Directory, it was popularly known as 'One Click On-Boarding/Off-Boarding. The framework also included Provisioning/Deprovisioning of SaaS base applications.
• Involved in architecture designing for OKTA.
• Supporting IT operations for OKTA Support, production change control, performance
• Worked on OKTA Access Gateway, OAuth, OpenID/OIDC, SAML 2.0, IWA.
• Integrated more than 50 applications into OKTA in different environments.
• Active directory federation service (ADFS) and AzureAD connect configuration and upgrades.
• Setup and configure two AzureAD connect servers for synchronization.
• Knowledge of virtual machines to virtual networks using Azure portal. knowledge in Azure Virtual networks, DCP,Network security group, load balancer, Application Gateway.
• Experience with Microsoft Azure AD Administration, virtual machines storage account and resource group.
• Provided Tier 2 and Tier 3 (L2/L3) support for applications after the business hours.
• Expertise in Installation, Configuration, Deployment and Maintenance of SiteMinder Components like the Policy Server, Web Agent, Policy Store and Key Store.
• Configured, tested and troubleshoot SiteMinder, LDAP, SAML and other single sign-on issues.
• Experience in troubleshooting issues related to SAML implementation.
• Experience in configuration and administration of SiteMinder Policy Servers, Policy Stores
• Experience in the environment rebuilds.
• Excellent understanding and knowledge on Role based access control RBAC
• Created Run Book for the standards to be followed during Installations and configurations.
• Operational work with 24/7 on-call availability and providing Level 2-3 support to the customers
• Good problem-solving ability, documenting the resolutions.
• Analyzed causes of production problems and developed methods for improvement
• Ability to learn and Experience in handling critical tasks in different situations, problem solving, critical thinking, troubleshooting, root-cause analysis, and good documentation skills.
• Fine-tuned and set up High availability with LDAP and SiteMinder. Tested and implemented backup recovery.
• Supported ADFS AWS build and migrated applications from ADFS DXC to ADFS AWS.
• Experience working directly with the Architects, Project Managers, and ADM and QA team on gathering the requirements and delivering the projects/ provide support post the application is live.
• Experience supporting Production changes and Go-live.
• Good knowledge of Audit and audit compliance
• Worked on integrating and setting up cloud based environments like AWS,Azure running applications from Radiant logic.
• Experience in installation of Radiant logic virtual Virtual directory server(VDS)
• Experience working in Disaster Recovery/Read Only Environment
• Good understanding of networking fundamentals
• Excellent communication skills and good Interpersonal skills helped me to keep productive and positive working relationships with staff from varying technical backgrounds and skill levels
• Experience handling multiple projects, tasks and changes and good at time management
• Automated day-to-day activities using the Rest API’s provided by CA for both Federated based and Web Agent SSO Integrations with processing the inputs provided by the Developer and creating the JSON templates as an Input to the API calls.

TECHNICAL SKILLS

Products: OKTA Access Gateway, OAuth, OpenID, SAML 2.0, IWA, API.

CA Site Minder Access Manager, CA Federation (WAOP), CA Release Automation, Active Directory Federation Services AWS, CA Access Gateway, CA Advanced Authentication,AWS

IAM Tools: OKTA,SiteMinder(R12.5/R12.51/R 12.52/12.6/12.7/12.8 ),PingFederate,PingAccess,Keycloak,ADFS,Radiant logic

OS Platforms: Windows XP/ 2000/2003/2007 , Red Hat Linux 5.x/6.x/7.x, AIX

Cloud Platforms: Aws,Azure

Ticketing Tools: Jira,Service Now

Databases: SQL Server 2005/2008/7.0 , MS MySQL 5.0, IBM DB2

Directory Services: CA Directory Server, LDAP, MS Active Directory, Sun One Directory Server,Azure AD, Active Directory, Radiant logic Virtual Directory system (VDS)

Application Servers: Web Sphere 7.x/8.x/8.5x, Tomcat 5.x/6.x/7.x, Jboss

Monitoring Tools: Splunk, SUMOLOGIC, EMP

CI/CD Tools: GitHub, Jenkins, SharePoint, Bamboo

Scripting: Shell Scripting,Terraform,HTML,XML,SQL,Python

PROFESSIONAL EXPERIENCE

Confidential

IAM ENGINEER

Responsibilities:

• Implementing, integrating and supporting Okta's cloud SSO and enterprise SaaS technologies into complex IT environments across operating environments.
• Worked on OKTA Access Gateway (OAG), OAuth, OpenID, SAML 2.0, IWA, API.
• Integrated Office 365 with the OKTA environment.
• Configured MFA policies and MFA Factors to application access such as Okta verify, SMS Authentication & Voice call authentication.
• Written tenant level as well as App level MFA policies to secure applications integrated with Okta.
• Generating API Keys and providing to Application teams to integrate with Okta over OpenID protocol.
• Integrated more than 150 applications into OKTA in different environments.
• Involved in architecture designing for OKTA.
• Integrated Okta provisioning for various applications like BOX, AWS etc. using API calls.
• Creating Password Policies or Sign on Policies as and when requested by customers.
• Deployed self service functions like Password Reset, unlock accounts to end users.
• Experience with OKTA API's; Setting up OKTA API tokens.
• Generating API Keys and providing to Application teams to integrate with Okta over OpenID protocol.
• Configuring and managing Network rules within Okta (both IP as well as Dynamic Zones).
• Upgrading Okta AD Agents on a quarterly basis.
• Creating Managed Service Accounts in Active Directory for Application teams.
• Generating and analyzing Okta failed logins and notifying management.
• Managed an Active Directory (AD) clean-up effort to remove disabled users/service accounts, mailboxes and distribution lists by identifying the usage through reports generated through PowerShell Scripts
• Manage Azure AD directory roles, Azure resources, Approve request and review access.
• Provide support during the migration of applications and worked on enabling MFA for the applications.
• Provide on Call Support 24 X 7 on a rotational basis
• Responsible for migrating the legacy applications from Legacy platform to new SiteMinder 12.8 platform from Development through Production.
• Integrated IDM with CA SSO, Providing Authentication and Authorization to IDM.
• Integrated new applications with SiteMinder and configured them to work under SSO.
• Responsible for provisioning users across endpoints like Active Directory, LDAP, Unix, and RACF/Mainframe.
• Configure both IDP initiated and SP initiated federated flows.
• Configured Service Provider Federated flows.
• Well versed in troubleshooting the issues by analyzing the logs generated by SiteMinder and Web agent.
• Documenting the workflow and procedure to be followed while configuring through the higher environments
• Serve as internal liaison for RBAC/IAM issues with representatives from application solution owners and information security.
• Coordinate with application owners during UAT post RBAC deployment.
• Involved in RBAC resource groups in active directory.
• Experience with identity management systems such as Radiant logic VDS.
• Experience in Radiant logic RadiantOne and LDAP directories.
• Work closely with the QA team to test the test cases and help resolve any issues that may arise.
• Analyzing requirements for existing applications enhancements.
• Work with multiple teams involved such as Application team, QA team, PES team and AD team to get the application integrated to work under SSO.
• Support the build of new Active Directory Federation Services in AWS platform and migration of the applications to ADFS AWS from ADFS.
• Integrating new applications with ADFS AWS and renewing the Certificates for Token signing by collaborating with App teams.
• Experience with Change Management following the ITIL standards.
• Experience working with IWA based integrations.
• Worked on Automating day-to-day activities using the Rest API’s provided by CA for Federated based SSO Integrations. This reduced the time spent on manual configuration and avoid manual errors.
• Working on Automating day-to-day activities using the Rest API’s provided by CA for WebAgent based SSO Integrations.

Environment: OktaCloud,AzureAD,OAG,OAuth,OpenID, SAML 2.0, IWA, API, CA SiteMinder r12.52/r12.7, Web agent r 12.52/12.50 , Jboss2.0.1.GA, XML, SAML 2.0, MS Active Directory, ADFS, LDAP, WAS 7.x/8.x/8.5xApache 6.x/7.x, Red Hat Linux 6.x/7.x, SharePoint, Service Now, CA Advanced Authentication, GIT, Bamboo, CA Release Automation, JIRA, CA Identity Manager, CA API GATEWAY, CA Access Gateway.

Confidential

IAM Engineer

Responsibilities:

• Created policies, realms, rules and responses to protect the applications and configure them to work under the SSO environment
• Experience in implementation of Federation for multiple organizations by creating custom domains.
• Implementation of Single-Sign-On with third party vendors, both as Service Provider and Identity Provider through the federation Services (SAML 2.0) of CA SiteMinder.
• Worked on installing, configuring and administering CA SiteMinder r12.5,12.7 and 12.8 and Sun One LDAP 6.3. Designed, architecture and implementation CA IDM (Identity portal, Identity suit)
• Integrated Applications with CA Identity Manager r12.6
• Led a migration effort at Confidential to move 350+SSO enabled applications from siteminder to azure ad and ping federate based on applications type.
• Worked with microsoft products team to come up with custom ADAL libraries as per internal requirements and defined patterns for server side /client /spa/mobile/hybrid application migrations from siteminder to Azure AD working on Microsoft Azure environments, involved in Azure ADconnect configuring virtual machines, storage accounts and Azure resource group. perform migration between on-premises and Azure AD throughADconnect.(Azure AD users,groups,and devices.
• Perform automation tasks in powershell, Azure CLI and JSON from ARM templates.
• Automated Identity Management tasks such as user provisioning and application access based on each user's relationship with role within our organization using CA Identity manager.
• Used CA Wily Introscope monitoring tool to generate performance reports of siteminder policy servers and other LDAP servers
• Experienced in Radiant Logic VDS.Deploy new LDAP views,update attributes mappings,create virtual OUfor SSO and federation
• Responsible for migrating applications from Siteminder to ping federate.
• Built custom solutions as part of migration for the legacy applications which don’t support SAML and other federation protocols.
• Work on federating third party apps with vendors making both inbound and outbound calls exchanging the attributes in SAML both as identity and service provider using Ping Federate.
• Created multiple Connections with the third-party applications both as Idp and Sp initiated SSO.
• Working on multiple adapters like open token, html, core blox authenticate the users and provide the identity in SAML.
• Implemented OAUTH using Ping federate for the mobile applications as oAuth Client to get the access token in order to access protected Rest API’s.
• Working on Ws- Federation to do single sign on in Soap based services using STS tokens.
• Implemented ID Token to send the user information as a part of scope with the access token.
• Worked on Authorization, implicit, resource, client credentials Grant types.
• Provide both inbound and outbound federation, Use SiteMinder for identity provider and SAML consumer.
• Involved in provisioning RBAC Resource Groups in the Local Groups.
• Responsible for creating RBAC templates for windows,SQL.
• Worked on PingFederate High availability trying both the cloud and in-house databases.
• Implemented the secure connection between Ping Access and PingFederate using OAuth.
• Worked on both Gateway and Agent models while protecting the applications using Ping Access.
• Working on POC to Migrate some of the applications from SiteMinder to Ping Access.
• Working on SiteMinder Policy Server R12.52sp1cr5, this includes installing, configuring on windows2008 server.
• Worked on AD as Policy Store for both Internal and External facing Policy Servers.
• Developed Perl scripts to get the status of Policy Server
• Developed a few batch and Perl scripts to automate the dump process when the process fails during its normal run.
• Migrate Policy store and key store from AD to CA Directory.
• Installed and Configured CA Directory server and DXManager to monitor the DSA’s.
• Installed PingFederate and configured in cluster to support high availability.
• Created multiple connections with the vendors for the IDP initiated and SP initiated SSO.
• Automated the SiteMinder Agent installation and configuration.

Environment: PingFederate 6.0/7.0/8.0, Ping Access, Azure AD,CA SiteMinder R12.7/R12.52, Web agents 4.x,5.x,6.x, R12/R12.5, Active Directory, CA Directory R12.0.18, IBM HTTP Web Server, IIS6.0/7.0/7.5/8.0/8.5.