NEWPosted 1 hour ago

Job ID: JOB_ID_8419

Role Summary

We are hiring an IAM SME to lead a secure SSO implementation of Entra External ID. Key duties include migrating from Azure AD B2C to Microsoft Entra External ID, establishing federation with external client portals (SAML/OIDC), providing reference SSO integration, and ensuring strong security, documentation, and knowledge transfer.

Key Responsibilities

  • Organize discovery workshops to assess existing authentication methods, workflows, and types of external users.
  • Evaluate Azure tenant readiness, licensing, security and compliance requirements, and establish a project plan with milestones and RACI assignments.
  • Identify prerequisites such as network configuration, required ports, and environment setup strategy, collaborating with application teams to address dependencies.
  • Develop an authentication architecture for external users with Entra External ID.
  • Define user registration and login processes, IdP federation strategies (SAML/OIDC), and tailor branding and UX for user journeys.
  • Design Conditional Access and MFA policies, including bypass options for partner-initiated flows when necessary (in partnership with app teams).
  • Create architecture diagrams and high/low-level design documents.
  • Prepare the development environment, configure the Entra External ID tenant, and register required applications.
  • Set up federation and integration patterns for external client portals.
  • Apply session and token management best practices to ensure smooth portal navigation and proper sign-out behavior.
  • Establish a migration strategy and tools using Microsoft Graph APIs, along with scripts and infrastructure.
  • Plan and conduct pilot migration, then advance to full-scale migration readiness.
  • Maintain attribute mapping and ensure identity data integrity during migration.
  • Lead UAT validation, manage issue triage and remediation tracking, and refine policies and UX from feedback.
  • Verify conditional access/MFA enforcement versus bypass scenarios, and test end-to-end SSO functionality.
  • Create comprehensive documentation covering configuration, federation, migration steps, and operational runbooks.
  • Host working sessions and transfer knowledge to enable internal teams to manage additional client SSO integrations independently.
  • The Entra External ID tenant was configured with necessary app registrations and policies.
  • The pilot migration was completed and user authentication flows were verified.
  • A functional reference SSO integration is in place for at least one client portal, supporting both web and mobile flows.
  • High/low-level design documents, architecture diagrams, UAT reports, issue logs, and KT documentation are delivered.
  • Define standards and reusable patterns for onboarding future external applications and partners.
  • Perform security reviews for identity flows, token lifetimes, claims issuance, and federation trust boundaries.
  • Support cutover planning, rollback strategies, and postmigration stabilization.
  • Collaborate with security operations teams to ensure logging, monitoring, and auditability of authentication events.
  • Provide ongoing advisory support during early operations (hypercare) post golive.

Required Skills & Experience

  • 10+ years in Identity & Access Management with hands-on SSO and federation implementations.
  • Strong expertise in: Microsoft Entra External ID, OAuth2 / OIDC, SAML 2.0, JWT, token/session management, Application registrations, redirect URIs, certificates/secrets, custom domains concepts.
  • Experience with Azure AD B2C and migration patterns to Entra External ID.
  • Working knowledge of Microsoft Graph API for user migration and identity operations.
  • Practical experience designing and implementing Conditional Access + MFA strategies.
  • Strong documentation and stakeholder management skills; ability to run workshops and KT sessions.
  • Experience handling large external user populations with high availability and performance considerations.
  • Strong understanding of identity lifecycle management for external identities.
  • Ability to troubleshoot complex federation, token, and claims-related issues.
  • Familiarity with security logging, audit requirements, and identity-related incident response.

Preferred Certifications (nice to have)

  • Microsoft Certified: Identity and Access Administrator Associate
  • Microsoft Certified: Cybersecurity Architect Expert

Soft Skills

  • Strong analytical, problem-solving, and troubleshooting skills.
  • Excellent communication and stakeholder management abilities.
  • Ability to work independently and collaboratively in a fast-paced environment.

Special Requirements

Remote (PST time only)

Compensation & Location

Salary: $120,000 – $180,000 per year (Estimated)

Location: Remote

Recruiter / Company – Contact Information

Email: ankitleadit@gmail.com

Interested in this position?
Apply via Email

Recruiter Notice:
To remove this job posting, please send an email from
ankitleadit@gmail.com with the subject:

DELETE_JOB_ID_8419

to delete@join-this.com.