Access Management Manager
Resume:
Narsa Reddy
CIAM Forgerock Consultant
Email: ad23r8@r.postjobfree.com
Mobile: 832-***-****
Summary:
•Having 9+ years of experience in Managed Enterprise Security Services with solid knowledge in designing, implementing and administering Identity and Access Management solutions using Tivoli Access Manager (TAM), Oracle Access Management (OAM), Oracle Identity Manager (OIM),IBM Security Identity Manager (ISIM), IBM Security Access Manager (ISAM), CA Siteminder, ForgeRock Open AM and ForgeRock Open IDM.
•Experienced in implementing and administering LDAP-based directories such as: IBM Tivoli Directory Server, Sun One Directory Server, and Active Directory.
•Having experience on Oracle Identity Cloud Services, EBS Asserter and Oracle Enterprise Directory.
•Have strong knowledge in DB2 database administration and maintenance involving health checks, monitoring, backup, running Reorg and Runstats.
•Extensive knowledge on HADR(High Availability Disaster Recovery).
•Ability to work independently, delegate and coordinate several tasks simultaneously.
•Experience in setting up single sign on (SSO) environment as required by the clients.
•Experience in JAVA, Servlet, JSP, JDBC, web service XML and relational databases like DB2, ORACLE and SQL Server.
•Thorough understanding of all the phases of Software Development Life Cycle (SDLC) and specialized in Agile, and Waterfall.
•Expertise in Identity/Access Management Suite of Enterprise Applications including Directory (LDAP) Server, TAM (Tivoli Access Manager), WebSEAL, Web Logic, Tivoli Directory Integrator (TDI).
•Used java scripts to run the assembly lines in TDI.
•Having strong knowledge on Web Sphere Application Server Administration.
•Handled issues based on priority and achieved 100% SLA in the projects.
•Developed Custom Adaptors.
•Created custom Object classes and custom attributes in Tivoli Directory Server from LDAP.
•Worked on OKTA IAM tools worked on setting Aith0 for different applications.
•Good understanding of Jason Web Token (JWT), Kerberos tokens, Secure Token Service (STS), WS-Trust and Open tokens.
•Worked on Tivoli Federated Identity Manager (TFIM).
•Having knowledge on System for Cross Domain Identity Management (SCIM).
•Having experience in Web Access Management (WAM), by protecting web-based applications with standard federation protocols.
•Worked on Aprereo CAS (Central Authentication Service) to OKTA migration, used DUO and OKTA verify for multifactor authentication.
•Having strong experience on working federation protocols such as SAML, OAUTH2 OIDC AND WS FED.
•Created runbooks, data flow diagrams, architecture diagrams, Incident responses and RCA's to knowledge transfer for concerned application support and L2 IT support.
•Used REST API’s and JSON in OAUTH2 protocol.
•Worked on Ping IAM tools like Ping Identity, Ping Federate, Ping Directory, Ping Access and developed Ping One API’s.
•Having knowledge on Radiant Logic and implemented System for Cross-domain Identity Management (SCIM).
•Established a relying party trust between ADFS and Azure AD using WS-FED, this was done to implement a hybrid infrastructure where for Azure AD protected applications authentication handled by ADFS and authorization was handled by Azure AD.
•Customized claims in ADFS policies as per the application requirement.
•Working experience with Azure Core Services, AWS Identity Management.
•Worked on LDAP authentication like (e.g., OAuthv2, OpenID Connect, SAML).
•Experienced in integrating Active Directory, CRM, Salesforce, Databases, LDAP, web services and REST API based applications
•Used Splunk and other log management tools for alerts and risks.
•Experienced in technologies such as Java / J2EE, LDAP, SSL, RDBMS and Linux.
Technical Skills
Identity Management Technologies
Forgerock Open IDM, Sailpoint Identity IQ 6.3, IBM Security Identity Manager, Tivoli Identity Manager, IBM Security Directory Integrator, Tivoli Directory Integrator, .
Access Management Technologies
Forgerock Open AM, Forgerock Open IG, CA Siteminder 12x, IBM Security Access Manager, Tivoli Access Manager, Privileged Access Management (PAM), Tivoli Federated Identity Manager, Azure AD.
Middleware
Websphere Application Server, Apache Tomcat Server, Weblogic
Operating System
UNIX, Windows, Linux.
Languages
SQL, C/C++, J2EE and Java.
Web Technologies
HTML, Java Script, GroovyBean shell script.
Databases:
DB2, SQL DB and Oracle DB.
Directory services & Web Services.
Forgerock Open DJ, IBM Security Directory Server, Tivoli Directory Server, Oracle Enterprise Directory, Active Directory, Sun One Directory, Active Directory Web Services (ADWS), Enterprise Directory Web Services(EDWS).
Authentication Protocols
WS FED, SAML, OIDC, OIDC/OAUTH2.0, Jason Web Token (JWT), Secure Token Services (STS), Kerberos and Shibboleth
MFA tools
Entrust Identity Guard, MS Authenticator, DUO and Okta Verify.
Work Experience
Price WaterHouse Coopers – Tampa, FL Nov 2017 to Present
Forgerock IAM Consultant
Responsibilities:
•Work directly with project stakeholders and subject matter experts to elicit business requirements.
•Develop and enrich application codebase to support industry standard Federation protocols, such as SAML, OIDC, WS-FED and OAUTH2 and guide Development teams to support said changes.
•Provide Active Directory API permissions to internal users for registering external users to control their access permissions according to business requirements.
•Support application owners for migrating from various legacy applications and integrate them with Optimal IDM and Azure cloud platform.
•Supporting Business teams in sending feed files consisting of PwC HR Data to External vendors by using secure methods such as Secure File Transfer Protocol (SFTP).
•Working on migrating legacy .Net applications to integrate them with Forge Rock Open AM by using Accelerator method and helping application team for the code changes in application “web.conf” file in order make the application federation ready.
•Working on migrating applications to Forge Rock Open AM by implementing Open IG method (Reverse Proxy Solution) and assisting application team and network teams to make the DNS/Firewall changes.
•Working on creating configurations on the Forge Rock Open AM admin console for the applications which are implemented with Agent method, Open IG, Accelerator and Federation methods.
•Installed and implemented Forgerock (Open AM, Open DJ, Open IDM, Open IG).
•Worked on SSOAdmin and used Amster for importing configuration from one environment to other environment.
•Implemented Single Sign-On, Access management, Identity Federation, Multi-factor authentication, Risk-based authentication using Forgerock stack.
•Joined Identity Providers and Service Providers through Circle of Trust in Open AM admin console.
•Experience on Open AM upgrade from 6.5 to 7.3.
•Configured Open IG routing mechanism using Application base URL, Request filters, Response Filters and Handlers.
•Implemented ForgeRock as the Authenticator and integrated with CA SiteMinder protected applications for coexistence (session coexistence).
•Hands-On experience with ForgeRock UI customization, writing scripts and developing code to fetch assertion values form multiple data sources.
•Worked on ForgeRock OpenIDM (Identity management) system for On-time provisioning / de provisioning and user life-cycle management.
•Experience in cloud deployments such as Azure and AWS.
•Worked on Connector development, writing scripts and building of ForgeRock workflows using Open IDM.
•Connected to multiple authorized "sources" through installation/configuration of Out of the box or Custom Connectors to destination "targets" with clear definition and configuration of User Attributes, experience on User, Process and Resource definition forms by using Forgerock Open IDM.
•Experience in Directory services integration with ForgeRock stack.
•Implemented and managed identity and access management solutions using ForgeRock Identity Cloud.
•Configured and customized ForgeRock Identity Cloud to meet specific organizational requirements.
•Designed and implemented user authentication and authorization processes using ForgeRock Identity Cloud.
•Integrated ForgeRock Identity Cloud with various third-party applications and systems for seamless identity management.
•Developed and maintained user provisioning and de-provisioning workflows within ForgeRock Identity Cloud.
•Worked on LDAP directories like OpenDJ and Active Directory. Created custom Object Classes and custom attributes as per business requirement.
•Proficient in Java Programming.
•Implemented Replication setup, created password policies, indexing etc. in OpendJ.
•On boarded Applications with forgerock using WS-Fed, WS Trust, SAML, Radius, Oauth2/OIDC mechanism.
•Worked on different OAUTH flows like implement, Auth code, Client credentials and Resource owner password Grants. Configured PKCE for native mobile applications.
•Hands on experience with LDAP, PKI, SSL and implemented System for Cross-domain Identity Management (SCIM).
•Worked on implementation of Authentication chains and Authentications trees for various authentication flows.
•Developed custom authentication nodes, defined java classes, registered plug-ins, defined utility, implementation and model packages.
•Created various mappings, assignments, roles and reconciliation needs.
•Implemented B2B and B2E Identity management systems.
•Worked on MFA implementation and its policies, API invocations, directory integrations, user management within desktop integration.
•Worked in developing Open IDM connectors and data migration from legacy stores.
•Used ForgeRock OpenIDM (Identity management) system for On-time provisioning / deprovisioning.
•Developed Identity Manager design forms to support different provisioning and entitlement catalog use cases.
•Migrated Siteminder & Forefront Identity (FIM) and Optimal IDM & Microsoft Identity (MIM) Infrastructure's to Forgerock suite and Sailpoint IIQ.
•Used Splunk as part of logs monitoring, data gathering by installing Splunk agents on Open AM servers.
•Executed Jenkins build job for new code commits in the Git repository.
•Deployed code changes/war/jar files onto actual instance/server using Jenkins deploy job.
•Working experience on configuration management tools like Ansible.
•Worked on Ansible playbooks, Inventory, Ansible Tower, Jenkins and CI/CD pipeline.
•Worked on code repo tools such as JIRA, GitHub, maven, Eclipse, and confluence etc.
•Worked on various Certifications, task and reports. Worked on Agile Methodology.
•Worked on incident management, configuration management, problem management and change management for break fix, cause analysis, problem analysis and to resolve issues raised by end users through Service Now.
Environment: CA Siteminder, Optimal IDM, Forge Rock Open AM 7.3, Forge Rock Open IDM 7.1.1, Forge Rock Open DJ 7.1.0, Sailpoint Identity IQ 6.3, CyberArk, MYSQL, Java, J2EE, Java script, Bean shell script, jQuery, ApacheDirectoryStudio-2.0, Jxplorer, Softerra, Microsoft Forefront Identity Manager 2010 R2, Microsoft Identity Manager 2016 R2, Oracle Enterprise Directory, Active Directory, Azure AD, Active Directory Web Services (ADWS), Enterprise Directory Web Services(EDWS), Forge Rock Open AM Web Services, SQL DB, Forge Rock Open DJ, Forge Rock Identity Governance (IG) 7.1.1, Entrust Identity Guard, API Security, Privileged Access Management (PAM), Jenkins, Eclipse, Maven, GitHub.
Avnet Inc. - Phoenix, AZ Sep 2015 to Sep 2017
ISIM/ISAM Consultant (IAM)
Responsibilities:
ISIM:
•Primary role was to Implementation & Administration of the ISIM provisioning solution.
•Technical Requirement Gathering: was responsible for gathering the user provisioning requirement for all the end points of ISIM.
•Selection, installation, and configuration of End point Agents for ISIM.
•Installation and configuration of multiple instances of ISIM (Dev, QA, Prod, LAB etc).
•Configuration and Administration of ISIM
•Design org tree structure
•Create provisioning and de-provisioning policies.
•Implementation of id policies, password policies
ACI
•Reconciliation
•Password Synchronization
•Service definition for End point Agents
•Workflows
User Accounts
•Provided Audit reports from ISIM based on the requirement.
•Role and User based account provisioning to multiple systems.
•Customizing views, Policy defining, user and group modification.
•Creating Identity feed for synchronizing the data between HR system and ISIM.
•Defining tasks using Tivoli Directory Integrator (TDI) Assembly Lines.
•Overall application troubleshooting and code error correction in custom modifications.
TDI:
•Installation and configuration of multiple instances of ITDI.
•Used for HRfeed, Initial load and did many jobs using with TDI assembly lines.
•Used TDI script to notify users of password expiration date.
TDS
•Installation and configuration of instances.
•Setting up CN, DN for users.
•Modify User attributes in LDAP.
•Importing Users from LDAP to TAM.
TAM
•Installation and Configuration of other TAM components.
•Tivoli Access Manager Policy Server
•Tivoli Access Manager Authorization Server
•Tivoli Access Manager WebSEAL Server
•Tivoli Directory Server
•Created ACL and attach ACL's to users and groups, created configured Webseal instances.
•Created WebSeal Junctions and configured with web applications and enabled authentication mechanism for various Applications.
•Created Fail-Over and provided analysis for Disaster Data Recovery and tested using LDAP's and Webseal's.
•Created and configured ITDS instances and created users in LDAP and imported to TAM.
•Modifying user profiles as requested and providing access to requested Applications.
•TAM restart for Maintenance activities, Start and Stop of DB2 and WAS for maintenance.
•Played Major Role in Migration of Webseal from Windows to Linux.
•Performed Disaster Recovery Test for every half year.
•Performing day-to-day administration and maintenance of LDAP/ISIM/TAM/TDI, daily health checks which involves disk space checking, TAM check, DB status etc.
•Generated reports for TAM and Related applications and provided 24 x 7 on-call technical support.
•Updated issues in both internal and external ticketing tools.
•Gathered information from end users related to Application/User issues.
•Handled issues based on priority and achieved 100% SLA in the project.
Active Directory:
•Checking users in Active Directory.
•Modify user information.
•Import data from Active Directory.
Environment: IBM Security Identity Manager 6.1, Tivoli Access Manager 6.1,IBM Security Access Manager 8.0, IBM Tivoli Directory Server 6.3, DB2 10.1, IBM Tivoli Directory Integrator 7.1.1, Windows 2012, Linux, WebSphere Application Server 8.5, Active Directory, J Explorer.
TD Bank - Mount Laurel, NJ Sep 2014 to Aug 2015
Tivoli Identity/Access Consultant
This project involves supporting ISAM and TFIM infrastructure, integrating all third party/vendor applications to portal via Web SEAL, using SAML 2.0 authentication.
Responsibilities:
•Implemented ISAM SSO to Oracle E-Business Suite of Applications.
•Provide support to ISAM functionalities such as fixes to custom code, maintaining Junctions, groups, and ACL creation/deletion/modification when needed.
•Tivoli Directory Server support including installing, configuring, maintaining data consistency, and application troubleshooting.
•Knowledge on SuSE Linux.
•Configure Single Sign On solutions for any new applications.
•Provide investigation/analysis/resolution of ISAM problems discovered and reported by the customer as Level 1 and Level 2 support for ISAM/TDS.
•Installing Fix packs / Security fixes on ISAM components as required.
•Provide function-based SSL certificate implementation, and maintenance.
•Provide routine WebSEAL log monitoring and log management.
•Involved in TFIM WebSEAL jar file deployment.
•Helped in TFIM disaster recovery.
•Created TFIM cluster’s in a clustered WebSphere.
•Created TFIM SAML workflows.
•Used to capture the SAML Assertion’s.
•Created custom SAML 2.0 assertion’s for SSO federated environments.
•Involved in troubleshooting SAML integration issues.
•Created new SAML federation and partner.
•Involved in TFIM fix pack installation 6.2.27 to 6.2.2.12.
Environment: IBM Security Access Manager 7.0, Tivoli Directory Server 6.3, SuSE Linux, SAML 2.0, Tivoli Federated Identity Manager 6.2.2, Softerra, IBM Tivoli Directory Integrator 7.0.
Education
Master’s in computer science Silicon Valley University
Contact this candidate