IAM Engineer
Resume:
Srikanth Jarpala
IAM Engineer
*******.**@*****.*** +1(650) 407- 9991
Linkedin:- http://linkedin.com/in/srikanth-j-b05b5a130
PROFESSIONAL SUMMARY:
Around 8+ years of experience in the design, development, testing and implementation of enterprise-wide security applications using PingFederate, Ping Access, Ping One, Ping One Risk Management, Okta, Azure, Beyond Trust, Ping Directory, LDAP, Active Directory.
Expert in installation, configuration, troubleshooting and migrating of Ping Federate 8.x.9.3, 11.x Ping Access 3.x, Ping One 2.x and OKTA on Windows and Linux Operating System.
Strong Knowledge in Customer IAM, multi-factor authentication, access security, single sign-on, federated identity management, mobile identity security, API security, identity & access management, SAML, OAuth, OpenID, SCIM, WS-Federation, WS-Trust, and MFA.
Provided solution, implementation, tuning, and troubleshooting in Single Sign On such as OKTA, Ping Federate and LDAP Directories such as AD, and OUD.
Build adapters and plugins to integrate PingFederate and Ping One with third party products / services
Deployed several Ping federate integration kits for Apache, Coreblox, Atlassian, Java, PHP, Symantec VIP, Agentless, IWA, etc., to establish the “first- and last-mile” implementation of a federated identity.
Strong Knowledge in implementing Single Sign On solution using Kerberos constrained delegation with Forms authentication
Experience in Production support of Directory Services LDAP, PKI Authentication, PING Federation, UUM (Unified User Management).
Strong experience in working with various authentication schemes like Form based RSA token and PKI certificates based in configuring Single Sign on with ping access.
Troubleshooting integration/environment specific issues and supporting Operations team to troubleshoot integration issues in higher environments.
Implemented Inbound Federation and developed customization to support.
Installed and configured sites, policies for authentication, virtual hosts, web sessions and responsible for backup and restoration of data in Ping Access.
Using Ping DaVinci to automate the apis and policy.
Extensively involved in policies, selectors, policy contracts, adapter mapping and sessions for authentication process in both production and non-production environment.
TECHNICAL SKILLS:
SINGLE SIGN ON
OKTA, Plain ID, PingFederate, Ping Access, Ping One, Azure AD.
DIRECTORY SERVERS
OUD,Ping Directory and Microsoft Active Directory
WEB and APP SERVERS
Apache 2.0 / 2.2, IIS 7.5, Tomcat
OPERATING SYSTEMS
Linux, Windows
MONITORING TOOLS
SPLUNK, Dynatrace.
TOOLS
LDAP Browsers, Visio, SSH, WinSCP, Putty, SAML Trace, Postman, Splunk, Apache Directory Studi, Fiddler Trace.
EDUCATION:
Master's in information technology, Campbellsville University Kentucky USA - 2018
Bachelor from, Alagappa University, Hyderabad AP India - 2012
PROFESSIONAL EXPERIENCE:
Client: SEIC Aug 2023- Current
Responsibilities: -
Deploying agent in Web server and protect the application using agent
Creating a rule in Ping Access for root protected application and user authorization rules
Redirecting the application to PingFederate as a token provider using OAuth client from Ping access
Creating a policy using different selectors and adapters to set up user authentication flow
Implementing SAML SSO across different domains and creating a federation hub
Using PingFederate acting as SP and Idp using open token
Using Apache integration kit and agentless integration kit in PingFederate
Protecting the URLs in Apache with agent deploying lode modules in Httpd
Onboarding a one application with multiple idp
Having experience in Kubernetes pods and dockers
Making changed in master file by git push and git pull in GitHub
Creating Api's to post user management in Ping Directory
Creating and data sync between AD and Ping Ping Directory
Using Ping One risk management for risk analysis based on weights and creating a policies
Using different MFA methods TOTP and FIDO and using Phone call and SMS using Ping One MFA
Migrating application from SiteMinder to PingFederate
Upgrading PingFederate in all environments
Using Coreblox for applications sessions which is listed as hyperlink
Using elastic search for logs
Environment: : Ping Federate 11.0, Ping Access 7.0, Ping Directory, Ping API Administrator, Ping One,Ping Riskmanagment, Azure AD, Active Directory, Secret Server, Beyound Trust, Database, Kubernetes, Github.
Client: Cognizant Dec 2022 – Aug 2023
Role: IAM Engineer
Responsibilities: -
Working on Azure AD, Onboarding application, Troubleshooting, Creating CA policies based on business requirement
Creating custom control for MFA solutions in Azure AD
Implementing Ping federate and Ping One and Ping One risk management as a primary IDp solutions Using different protocols like SAML, OAuth / OIDC.
Onboarding application in PingFederate, Troubleshooting and creating authentication policies with different adaptors (HTML Form, Kerberos, Ping ID, Identity first adaptor)
Migrating Ping servers with newer versions and setting up all environments from scratch.
Experience in upgrading to Ping latest versions and server patching
Deploying and configuring gateway, web access, and agent web access managements in Ping
access.
Creating new policies in Ping One risk management and configure with PingFederate for user risk-based behavior
Implementing Zero Trust across all the sites / Applications.
Setting up Ping ID with Azure and Ping Federate for MFA
Working on MFA project to implement MFA across organization with different methods.
Working on YubiKey as an MFA solution for particular use cases
Worked on PAM solution with Beyond Trust and Secret Server to check out secrets for NPA accounts and do jump servers with BT.
Configuring Ping fed with Ping DaVinci
Creating workflow using Ping DaVinci
Creating nodes / connectors for implementing workflow in Ping DaVinci
Importing Json to create a new flow studio in Ping DaVinci.
Environment: : Ping Federate 11.0, Ping Access 7.0, Ping Directory, Ping API Administrator, Ping One,Ping Riskmanagment, Azure AD, Active Directory, Secret Server, Beyound Trust, Database, Kubernetes, Github.
Client: Mphasis -Pfizer, New York (Remote) May 2022 – Dec 2022
Role: PING Engineer
Responsibilities:
Installing PingFederate from starch
Onboarding application with different protocols like SAML, OAUTH OIDC
Successfully upgraded Ping Federation Services from 9 to 11.
Created SP/IdP connections using Ping Federate with external partners.
Implemented SAML Protection with Digital Signature
Involved in integration and configuration of Ping Federate to act as identity provider and service provider with other identity provider service, provider clients for SSO.
Work with various applications teams and recommend technical solutions for SAML 2.0, WS-Fed, OAuth based federations and claims based and header-based authorizations.
Strong experience in Ping Federate SSO for providing customer and organization secure single sign on to their cloud-based applications.
Worked on Ping access admin authentication, log levels, class and enabling cookie logging
Deploying and configuring gateway, web access, and agent web access managements in Ping
access.
Extensively involved in policies, selectors, policy contracts, adapter mapping and sessions for authentication process in both production and non-production environment.
Configured and supported SAML based Identity & Service Provider connections with several SaaS Partners
Implement MFA for applications containing sensitive information
Creating a policies for user authentication.
Working on different adaptors, selectors and policy contracts
Work with various applications teams and recommend technical solutions for SAML 2.0, WS-Fed, OAuth based federations and claims based and header-based authorizations
Managed Group Polices, Security groups, and file shares for enterprise applications
Environment:- Ping Federate 11.0.1, Ping Access 6, Ping One, Ping Risk Managment, Ping Directory, Active Directory Server, Database, Lunix, Splunk, Snow, Jira.
Client: -Pan America Life Insurance Group, Remote Sep 2021 – May 2022
Role: IAM Ping Engineer
Responsibilities:
Implementing cloud-based application Using Ping One
Deployed Ping One in Cloud and integrated with PingFederate on premise as identity bridge
Building PingFederate and Ping Directory environments in AWS from scratch
Onboarding application with different protocols like SAML, OAUTH OIDC
Creating a data synch between AD and Ping Directory
Working on System for Cross-domain Identity Management
Doing Federation hub between two environments (WIAM - CAIM)
Creating an authentication Policies based on Ping Risk Management weights
Working on Automating ping using Ping Api's
Created SP/IdP connections using Ping Federate with external partners.
Implemented SAML Protection with Digital Signature.
Developed Custom adapter IdP and SP Adapters, created adapters to prevent DOS attack.
Working on beyond trust for onetime password creating
Monitoring all activities in Qrader for logs.
Working on SP application for configuring SSO.
Using Ping Access as token provider
Experience in Production support of Directory Services LDAP, PKI Authentication, PING Federation, UUM (Unified User Management).
PingFederate Performance tuning for supporting heavy traffic.
Designed, deployed and supported highly available and scalable PingFederate infrastructure in
AWS and On-premises that provides single-sign-on (SSO) and federation solutions for internal
Customizing the LDAP schema for the client needs
Implemented Directory and authorization mapping for authentication on Lightweight directory access Protocol (LDAP) and authorization on active directory.
Installed on premise servers for single sign on (SSO) and directory synchronization
Working on AD and Ping Directory creating an roles and password reset
Environment -: Ping Federate 11.0.1, Ping Access 6, Ping One, Ping Risk Managment, Ping Directory, Active Directory Server, Database (SQL/Oracle).
Client: TELUS - Remote June 2020- Aug 2021
Role: Ping Federate Support Engineer
Responsibilities:
SSO Application Integration and Provisioning setup in OKTA
Work with OKTA support to resolve product issues related to user provisioning
Worked on creating group rules for Okta groups to generate reports for Okta Usage which includes
Onboarding application with different protocols like SAML and OAuth
Migrating Cloud based applications from Ping to Okta
Setting up calls with application owner and understanding the used case and implementing
Supporting and troubleshooting users' issues and application in Okta
Designed, deployed and supported highly available and scalable Pingfederate infrastructure in
AWS and On-premises that provides single-sign-on (SSO) and federation solutions for internal
accesses.
Designed and deployed migration of SAML partner connections from Oracle Identity Federation & Simple SAML systems to PingFederate
Implemented OAuth & OpenID Solutions using Ping Federate.
Integrated internal Applications, SAAS based applications using SAML 2.0, SAML 1.1, WSFED and
OAuth 2.0
PingFederate Performance tuning for supporting heavy traffic.
Involved in migrating SiteMinder to PingFederate
Implemented SAML Protection with Digital Signature.
Developed Custom adapter IdP and SP Adapters, created adapters to prevent the DOS attack.
Deployed Ping One in Cloud and integrated with PingFederate on premise
Assisted developers with integration of Mobile Apps using OAuth/SAML in PingFederate
Developed custom Ping Agent using Ping SDK.
Deploying and configuring gateway, web access, and agent web access managements in Ping
access.
Implemented Directory and authorization mapping for authentication on Lightweight directory access Protocol (LDAP) and authorization on active directory.
Installed on premise servers for single sign on (SSO) and directory synchronization
Environment: : Ping Federate 8.0, Ping Access 2.x,3.x, Ping One, Active Directory Server, Database (SQL/Oracle).
Client: Change Health Care, Emeryville CA August 2018– June 2020
Role: SSO/ Ping Federate consultant
Responsibilities:
Design and implement SSO solution for mobile and web applications using Ping Federate, PingAccess and Ping one
Configured and administrated Ping Federate 5.x/6.x for SSO across multiple web-based enterprise applications and upgraded Ping Federate from 6.8 to 7.2.0. and 7.x to 8.x.
Installed and configured sites, policies for authentication, virtual hosts, web sessions and responsible for backup and restoration of data in Ping Access.
SSO Application Integration and Provisioning setup in OKTA
OneLogin work through and its functionalities compared to Okta
Analyze application integration method in OneLogin and discuss how it can be improved in Okta in terms of security.
Assign application that would be on Okta instances depending on app use and data.
Implement MFA for applications containing sensitive information
User and Group management in Active Directory and GroupID.
User provisioning for certain applications in Okta.
Application Integration in Okta
Extensively involved in policies, selectors, policy contracts, adapter mapping and sessions for authentication process in both production and non-production environment.
Strong experience in Ping Federate SSO for providing customer and organizations secure single sign-on to their cloud-based applications.
Worked on Ping access admin authentication, log levels, class and enabling cookie logging.
Experience in SSO Login page concepts, Ping federation, RSO concept using new authorization standards like OAuth, OpenID and PKI authentication services
Responsible for all levels of support from initial setup and configuration to handling production down calls as well as on-the-fly changes to customer production environments.
Troubleshooting of customer environments, including issues with AD attribute retrieval, IIS, and Kerberos, as well as issues with Mac and Linux environments.
Work with OKTA support to resolve product issues related to user provisioning
Involved in integration and configuration of Ping Federate to act as identity provider and service provider with other identity provider service, provider clients for SSO.
Work with various applications teams and recommend technical solutions for SAML 2.0, WS-Fed, OAuth based federations and claims based and header-based authorizations.
Extensively worked as a part of Architecture team in designing communication flows for Seamless SSO implementation and Federation implementation
Worked on User, Group Management, Provisioning and deprovisioning
Managed Group Polices, Security groups, and file shares for Grainger enterprise
Environment: Ping Federate 6.x/7.x/8.x,Ping Access, Ping One, OKTA, Active Directory Server, Sun Solaris 2.8, Windows, and IBM HTTP Web Server, IIS 5.0 and 6.0 and 7.0, Sun Java System Web Server 6.0,7.0., Sun Identity Manager, Sun Access Manager, Tivoli Directory Server, NDS/Novell eDirectory, and Sun One Directory Server, Database (SQL/Oracle).
Client: Novartis, Cambridge, MA Aug 2016 – April 2017
Role: IAM Engineer
Responsibilities:
Successfully upgraded Ping Federation Services from 6 to 7.
Designed, deployed and supported highly available and scalable Ping federate infrastructure in AWS and On-premise that provides single-sign-on (SSO) and federation solutions for internal accesses.
Implemented OAuth & OpenID Solutions using Ping Federate.
Integrated internal Applications, SAAS based applications using SAML 2.0, SAML 1.1, WSFED and OAuth 2.0
Designed common framework for Single Sign-On implementation for partners using PingFederate.
Involved in migrating Siteminder to Ping Federate.
Configured and supported SAML based Identity & Service Provider connections with several SaaS Partners
Designed and deployed migration of SAML partner connections from Oracle Identity Federation &SimpleSAML systems to Ping federate
Created SP/IdP connections using Ping Federate with external partners.
Implemented SAML Protection with Digital Signature.
Developed Custom adapter IdP and SP Adapters, Created adapters to prevent the DOS attack.
Assisted developers with integration of Mobile Apps using OAuth/SAML in Ping federate
Developed shell scripts for backing up current setup and upgrading between different Ping federate versions
Developed shell scripts for Automating command-line utility,Config-Copy to export and import connections and other configurations tool between different Pingfederate environments in AWS and On-premise.
Created Shell Scripts for monitoring and reporting Siteminder, SPS, CA Directory, Webagent, and Tomcat services and accordingly perform failovers or Scale services.
Worked in troubleshooting issues like debug message and console logging, OAuth transactions server start up and Resolving URL related issues, server related issues and runtime issues in both production and non-production environment.
Deploying and configuring gateway, web access, and agent web access managements in Ping access.
Implemented Directory and authorization mapping for authentication on Lightweight directory access Protocol (LDAP) and authorization on active directory.
Implemented Ping identity manager solutions for work flow provisioning delegated administration generating audit reports to be security regulations.
Worked in integration kits and Token kits Translators for integrating identity enabled and web enabled SSO environment.
Responsible for providing 24x7 service on call ping federate support.
Environment: Ping Federate 6.0/5.0,Ping Access 2.x,3.x, Ping One, Active Directory Server, Sun Solaris 2.8, Windows, and IBM HTTP Web Server, IIS 5.0 and 6.0 and 7.0, Sun Java System Web Server 6.0,7.0.
ZionTech Solutions, India Jan 2014 – July 2015
Role: IAM Consultant
Responsibilities:
Installed, Configured and Maintained SiteMinder, Web agents.
Worked on Migration of SiteMinder Infrastructure from r6 to r12.
Installed and Configured IBM WebSphere Application Server 5.0 on Solaris.
Used SiteMinder Policy Server which provides policy management, authentication, authorizationand accounting.
Worked on Directory integration involving LDAP, ODBC, Active Directory, Win NT and Custom directories
Used SiteMinder which provides several caches that can be configured to maintain copies of recently accessed data to improve system performance.
Used SiteMinder to ensure user's ability to access information quickly and securely.
Web Agents store contextual information about user access privileges in a session cache. Worked on optimizing performance by modifying the cache settings.
Enabled single sign-on across Web servers in a single cookie domain or across multiple cookie domains without requiring users to re-authenticate.
Worked with Agent Resource Cache which stores a record of accessed resources, Agent User Cache maintains users' encrypted session tickets.
Configuring the single sign on with single and multiple cookie domains
Installing patches on policy servers
Customizing the LDAP schema for the client needs
Configuring the multi master replication in iPlanet directory server
Worked on Creating for security policies for the SiteMinder.
Involved in creating and managing the cells using Network Deployment Manager.
Managed Connection Pooling and registering web applications on WebSphere.
Written shell scripts to automate the maintenance process of the WebSphere and recovered the backed up WebSphere configuration using XML configuration tool.
Involved in configuration of WebSphere Application Server resources like JDBC Data Sources, JDBC Providers and Connection Pooling to connect to the DB2.
Environment: J2EE, JSP, Servlets, EJB, JDBC, JMS, XML, Siteminder 5.5/6.0/12.0, LDAP 5.5/6.3,Oracle9i, WebLogic Server 8.1x, Windows2000 AS, Windows 2003, Linux, Rational Clearcase, Tuxedo 8.1, MQ 6.0, F5 and Array.
Contact this candidate