Active Directory Information Technology
Resume:
Muhammad Sami
************.***@*****.***
202-***-**** Alexandria, VA
PROFESSIONAL SUMMARY:
●Around 10+ years of experience in Information Technology in implementation IAM Solution and providing Single Sign on across enterprise applications using Ping Federate, NetIQ's Access Manager, Active Directory Federation Service, CA Federation.
●Proficient in deploying, configuring, and maintaining CyberArk Privileged Access Management (PAM) solutions, with a focus on CCP and secure credential delivery.
●Worked on Enterprise Users Single Sign On through browser and through services with third party application hosted in enterprise or cloud using Ping Federate, Ping One.
●Proven track record in deploying, managing, and optimizing CyberArk PIM Suite, including Enterprise Password Vault (EPV), Privileged Session Manager (PSM), and Central Policy Manager (CPM).
●Participate in all SailPoint deployment activities - connector configuration, custom rule development, workflow configuration and development, third party system integration.
●Demonstrated experience in integrating Central Credential Provider (CCP) with diverse applications, middleware, and enterprise systems for secure and dynamic credential provisioning.
●Expertise in designing, implementing, and optimizing Privileged Access Management (PAM) architectures, ensuring robust security for critical assets and compliance with industry standards.
●Skilled in integrating CyberArk solutions with multi-cloud environments, Active Directory, and DevOps tools to streamline privileged access governance.
●Successfully integrated CyberArk CCP and Conjur with cloud platforms (AWS, Azure, GCP) and hybrid environments.
●Experience in user Directory Administration and System Administration.
●Support Single Sign-On using Active Directory Federation Services with Multifactor Authentication
●Managed infrastructure of ForgeRock Open AM, Open DJ and OpenIDM.
●Working knowledge of AD Directory Server, Azure AD and LDAP Directory Integrator
●Integrating new application with SailPoint and ForgeRock as per requirements.
●Good working knowledge for cloud platforms like AWS and Azure.
●Integrated a technology risk management program with the company's enterprise-wide operational risk management program.
●Experienced on Cloud based Identity and Access Management Solutions likeOKTAandPing One.
●Facilitated a balanced and rational set of risk-based IT general controls including formal risk registers and SDLC checkpoints.
●Installing, configuring, and customizing ForgeOps, ForgeRock products (Open AM, Open DJ, OpenIDM)
●Engaged to help client design and implement a Single Sign on Solution using the ForgeRock stack using Open AM and Open DJ for a billion users, with a rapidly changing software base using an Agile model and continual build / test process.
●Expertise in using J2EE technologies like JSP, Servlets, EJB, JDBC, Java Beans, JMS, RMI JNDI, XML and Web services (RESTful and SOAP).
●Active Directory Federation Services (ADFS), SAML, web Single Sign-on (SSO), related authentication technologies.
●Experienced in application configuration with Ping Access and defining Ping Access Sites, Site Authenticators, Virtual hosts, Policies and Rules.
●Experience in Active Directory ass2ist in design and changes to Group Policy. Also familiar with Active Directory Federation Services (ADFS).
●Experienced in configuration of Ping Access both as Proxy Gateway to decode the JWT tokens, and by installing the agent on application server to communicate with PingFederate server.
●Experienced in SAML based authentication 1.1 and 2.0 using PingFederate, SiteMinder Federation and integrate with SiteMinder authentication and another adapter.
●Protected Restful API’s using OAuth in PingFederate so that it can be accessed only with Access Tokens.
●Experienced in installing PingFederate on both Linux and Windows Platform
TECHNICAL SKILLS
Products: OKTA Access Gateway, OAuth, OpenID, SAML 2.0, IWA, API.
CA Site Minder Access Manager, CA Federation (WAOP), CA Release Automation, Active Directory Federation Services AWS, CA Access Gateway, CA Advanced Authentication, AWS
IAM Tools: OKTA, SiteMinder (R12.5/R12.51/R 12.52/12.6/12.7/12.8), PingFederate, Ping Access, ADFS, Radiant logic
OS Platforms: Windows XP/ 2000/2003/2007, Red Hat Linux 5.x/6.x/7.x, AIX
Cloud Platforms: Aws, Azure
Ticketing Tools: Jira, Service Now
Databases: SQL Server 2005/2008/7.0, MS MySQL 5.0, IBM DB2
Directory Services: CA Directory Server, LDAP, MS Active Directory, Sun One Directory Server, Azure AD, Active Directory, Radiant logic Virtual Directory system (VDS)
Application Servers: Web Sphere 7.x/8.x/8.5x, Tomcat 5.x/6.x/7.x, JBoss
Monitoring Tools: Splunk, SUMOLOGIC, EMP
CI/CD Tools: GitHub, Jenkins, SharePoint, Bamboo
Scripting: Shell Scripting, Terraform, HTML, XML, SQL, Python
PROFESSIONAL EXPERIENCE
Charter Communications Stamford, CT (Remote) Oct 2023 to Present
Sr. IAM Engineer
●Experience in analyzing IAM logs, IAM application server logs, provisioning server logs to troubleshoot various authentication/endpoint related issues.
●Plan, install, and configure CCP components, ensuring seamless integration with CyberArk Vault and supported applications.
●Implemented enterprise IAM solutions utilizing SailPoint IIQ and Okta, enhancing security and streamlining user access processes for 50,000+ users.
●Configure and maintain CyberArk and Conjur solutions in multi-tenant or multi-environment architectures to support large-scale organizations.
●Worked on the deployment and implementation of CyberArk Privileged Access Management (PAM) solutions for large-scale enterprise clients, securing critical infrastructure and mitigating access risks.
●Managed end-to-end deployment and integration of CyberArk PIM Suite across enterprise systems.
●Performed privileged account administration for Windows and UNIX environments, ensuring seamless integration with CyberArk.
●Designed and configured CyberArk Privileged Identity Management (PIM) architecture to align with client-specific compliance requirements and IT security policies.
●Incorporate CyberArk and Conjur solutions into a broader zero-trust security strategy, ensuring seamless identity validation and least privilege enforcement.
●Configured and deployed Okta for SSO and MFA across 300+ applications, reducing password-related helpdesk tickets
●Implemented automated access reviews and certifications, ensuring compliance with organizational policies.
●Integrated CyberArk PAM solutions with Active Directory, cloud platforms (AWS, Azure, GCP), and DevOps tools to centralize and secure privileged account management.
●Configured and integrated CyberArk components, including EPV, PSM, and CPM, to secure privileged accounts and manage session monitoring.
●Migrated legacy applications to modern authentication protocols like SAML, OAuth, and OIDC using Okta.
●Automated onboarding and offboarding processes through SailPoint workflows and Okta user lifecycle management, reducing provisioning time.
●Design, implement, and support CyberArk Central Credential Provider (CCP) integrations to securely deliver credentials to applications and systems.
●Migrated on-premises AD environments to Azure AD, ensuring seamless hybrid identity integration.
●Established governance models using Azure AD Privileged Identity Management (PIM) to enforce least privilege access.
●Developed and customized workflows and connectors in SailPoint IdentityIQ to meet complex provisioning requirements.
●Established RBAC policies and scoped claim-based access models to support dynamic authorization requirements for cloud and on-premises applications.
●Establish monitoring frameworks for CyberArk Vault and Conjur to proactively identify performance issues or security anomalies.
●Designed and developed branding separately for admin and users for Client Identity IQ UI using JavaScript, XML, CSS, and HTML etc.
●Writing and modifying Shell scripts to perform automated LDAP administration tasks.
●Create ACI, Roles and Groups for application integrations.
●Configured SSO for internal applications with Active directory as user directory.
●Designed and implemented the Oracle Directory server 11g schema modifications & migrate authorization groups and external users.
●Collaborated with stakeholders to document installation procedures and Standard Operating Procedures (SOPs).
●Developed custom Ping Agent using Ping SDK and Implemented SAML Protection with Digital Signature.
●Designed, deployed, and supported highly available and scalable Ping Federate infrastructure in AWS and On-premises that provides single-sign-on (SSO) and federation solutions for internal accesses.
●Experience with the ForgeRock suite of IAM products
●Build and Configure Sail Point tasks like aggregation, ID refresh, schedule tasks, correlation, etc.
●Responsible for preparing documentation for each application and providing the Run Book to the Operations team to troubleshoot issues.
Bank of America TX May 2020 to Sep 2023
Sr. IAM Engineer
●Implementing, integrating, and supporting Okta's cloud SSO and enterprise SaaS technologies into complex IT environments across operating environments.
●Designed and deployed high-availability CyberArk architectures to ensure continuous protection of privileged accounts across hybrid cloud and on-premises environments.
●Designed and implemented Azure Active Directory (Azure AD) environments for hybrid and cloud-only organizations.
●Worked on OKTA Access Gateway (OAG), OAuth, OpenID, SAML 2.0, IWA, API.
●Customized CyberArk REST APIs to integrate privileged account workflows with enterprise automation tools, enhancing efficiency and scalability
●Integrate CyberArk and Conjur solutions with cloud platforms (AWS, Azure, GCP) to manage secrets and credentials in hybrid environments.
●Integrated diverse platforms, including LDAP providers, databases, Windows servers, and UNIX servers, with CyberArk solutions.
●Created and managed Safes, Platforms, and Owners for various organizational units.
●Automated routine administrative tasks using PowerShell and Bash scripts, streamlining operational processes.
●Conducted risk assessments and identified gaps in privileged access management to enhance compliance.
●Integrated SailPoint with applications and systems using APIs, streamlining identity synchronization.
●Configured Conditional Access Policies in Azure AD to secure access based on user and device context.
●Create identity Life Cycle workflows, defining life cycle events.
●Involved on Writing Java Bean Shell scripts, Rules.
●Monitored and fine-tuned CyberArk infrastructure performance, identifying and resolving bottlenecks to maintain optimal system operation.
●Develop and manage APIs to integrate CyberArk CCP and Conjur with custom applications and enterprise systems.
●Integrate on-premises Windows AD with Azure AD, configure multi factor authentication and federated single sign-on.
●Hands on experience with IAM products (Aveksa, SailPoint, Oracle IDM, IBM identity manager, ForgeRock, Ping identity, Cour ion, CA Identity)- Design and engineering experience, handling updates & patches.
●Established multi-factor authentication (MFA) for privileged access, adding an extra layer of security to critical accounts and systems.
●Automated user lifecycle management using Okta Workflows, improving onboarding and offboarding efficiency.
●Integrate Conjur with Kubernetes and Docker environments for secure secrets management in containerized workloads.
●Configured MFA policies and MFA Factors to application access such as Okta verify, SMS Authentication & Voice call authentication.
●Written tenant level as well as App level MFA policies to secure applications integrated with Okta.
●Generating API Keys and providing to Application teams to integrate with Okta over OpenID protocol.
●Integrated more than 150 applications into OKTA in different environments.
●Migrated legacy PAM solutions to CyberArk platforms, minimizing disruptions and ensuring a smooth transition for large-scale IT environments.
●Integrated Okta provisioning for various applications like BOX, AWS etc. using API calls.
●Creating Password Policies or Sign on Policies as and when requested by customers.
●Deployed self service functions like Password Reset, unlock accounts to end users.
●Experience with OKTA API's; Setting up OKTA API tokens.
●Generating API Keys and providing to Application teams to integrate with Okta over OpenID protocol.
●Configuring and managing Network rules within Okta (both IP as well as Dynamic Zones).
●Upgrading Okta AD Agents on a quarterly basis.
Liberty Mutual, Seattle, WA July 2017 to Apr 2020
IAM Engineer
●Installation and configuration of SailPoint IIQ as required by design solution.
●Designed and configured SailPoint IdentityIQ 6.3 to manage the identity and access of users to on-premises apps.
●Managed client requirements and configured SailPoint connectors for applications.
●Involved in design and implement Conjur policies to enforce least privilege and enable role-based access control (RBAC) for dynamic workloads.
●Work closely with application teams to integrate CCP with web servers, middleware, and backend systems using APIs or native connectors.
●Integrated Azure AD B2B and B2C for secure external user collaboration and customer identity management.
●Worked closely with SailPoint architect and engineers for design and solution architecture.
●Troubleshot complex Okta SSO/MFA integration issues, providing timely resolutions to minimize downtime.
●Created various reports like Role composition report, Identity Reports and Application attribute reports for IIQ.
●Evaluated SailPoint-IIQ by Life Cycle Management, Access Review/Certifications, Policy Management, Role-Based Access Control and Connector modules.
●Monitor and apply security patches and upgrades to CyberArk and Conjur environments to safeguard against emerging threats.
●Implemented CyberArk EPV, PSM, and CPM for secure management of privileged accounts.
●Implemented Azure AD Identity Protection to monitor, detect, and respond to identity risks in real-time.
●Analyzed the application before on boarding to get extract of application with the user unique ID, access levels and permission and do deep dive sessions.
●Creating Role Model Templates based on the applications on boarded by getting engaged with various businesspeople as well as with TS.
●Established multi-factor authentication (MFA) for privileged access, adding an extra layer of security to critical accounts and systems.
●Integrated Okta Universal Directory with external directories like Active Directory and LDAP for seamless identity synchronization.
●Involved in the installation of SailPoint and Upgradation from 6.3 to 6.3p3.
●Setup applications Active Directory, LDAP, Oracle and Flat Files.
●Implement REST classes using SailPoint Rest Application.
●Designed and deployed high-availability CyberArk architectures to ensure continuous protection of privileged accounts across hybrid cloud and on-premises environments.
●Evaluated IAM tools from the vendors like CA, IBM, Ping Federated, OKTA and ForgeRock products. Implemented POCs using ForgeRock Open AM and ForgeRock OpenIDM.
●Analyze and optimize CCP performance to handle high volumes of credential retrieval requests efficiently.
●Participated in the status meeting and & discussed issues related to SailPoint IdentityIQ with the group.
●Tracking the completion status of various certification types like manager, application owner, entitlement owner, advanced and so on.
●Involved with existing Provisioning Team for the application to make it fit into IIQ and to get the existing User Access Management (UAM) model.
●Performed Integration with multiple applications such as AD, RDBMS, Flat File and LDAP. Upgraded SailPoint from 6.0X to 7.0X.
●On-boarded applications using Provisioning application’s requests in IIQ.
●Implemented and scheduled various types of User Entitlement Reviews for applications and databases in a timely manner to all the business areas across the organization.
●To implement Change Requests in IIQ, Drawing Scheduling of Events and Shape of the weekend for Business check Outs.
●Specify and upload application data feed on to IIQ application.
●Management and maintenance of RSA Security Analytics suites.
Altria, Richmond VA Mar 2015 -June 2017
IAM Engineer
●Created policies, realms, rules and responses to protect the applications and configure them to work under the SSO environment
●Experience in implementation of Federation for multiple organizations by creating custom domains.
●Implementation of Single-Sign-On with third party vendors, both as Service Provider and Identity Provider through the federation Services (SAML 2.0) of CA SiteMinder.
●Assisted in deploying CyberArk EPV for privileged account management, integrating Windows and UNIX environments.
●Developed scripts in PowerShell and Python to automate Azure AD tasks and enhance operational efficiency.
●Worked on installing, configuring and administering CA SiteMinder r12.5,12.7 and 12.8 and Sun One LDAP 6.3. Designed, architecture and implementation CA IDM (Identity portal, Identity suit)
●Designed and implemented scoped policies and role-based access in Okta for fine-grained access control.
●Assist in updating (SailPoint IIQ) workgroups and Monitor SailPoint IIQ product functionalities.
●Responsible for migrating applications from SiteMinder to ping federate.
●Built custom solutions as part of migration for the legacy applications which don’t support SAML and other federation protocols.
●Work on federating third party apps with vendors making both inbound and outbound calls exchanging the attributes in SAML both as identity and service provider using Ping Federate.
●Worked on Out of the Box connectors provided by SailPoint IIQ and developed custom connectors using JAVA and Web Services to integrate with target applications
●Created multiple Connections with the third-party applications both as Idp and Sp initiated SSO.
●Working on multiple adapters like open token, html, core blox authenticate the users and provide the identity in SAML.
●Implemented OAUTH using Ping federate for the mobile applications as oAuth Client to get the access token to access protected Rest API’s.
●Worked with Microsoft products team to come up with custom ADAL libraries as per internal requirements and defined patterns for server side /client /spa/mobile/hybrid application migrations from SiteMinder to Azure AD working on Microsoft Azure environments, involved in Azure AD connect configuring virtual machines, storage accounts and Azure resource group. perform migration between on-premises and Azure AD through AD connect. (Azure AD users, groups, and devices.
●Perform automation tasks in PowerShell, Azure CLI and JSON from ARM templates.
●Automated Identity Management tasks such as user provisioning and application access based on each user's relationship with role within our organization using CA Identity manager.
Education Details
Bachelor of Computers Application from University of Punjab Pakistan 2013
MBA From Strayer university 2015
Contact this candidate