Post Job Free
Sign in

Active Directory Access Control

Location:
United States
Posted:
June 03, 2025

Contact this candidate

Resume:

Manas

Green Card Holder

SailPoint IAM Engineer

Email: ****.*****@*****.*** Phone: +1-408-***-**** https://www.linkedin.com/in/sai-manas-0097b3334/

PROFESSIONAL SUMMARY

Over 7 years of experience in Identity and Access Management (IAM) and Cybersecurity, specializing in IAM products like SailPoint IdentityNow, SailPoint IdentityIQ, and Okta.

Extensive experience in crafting end-to-end IAM solutions using the SailPoint IAM suite and Okta, encompassing requirement gathering, analysis, design, integration, development, testing, maintenance, and upgrades.

Strong expertise in various SailPoint IAM concepts, including identities, account aggregation, identity refresh, rules, correlation, multiplexing, escalations, revocation, certifications/account reviews, SSB, SOD, and integration configuration deployment.

Comprehensive working knowledge of IAM modules, covering User Management, Account Management, Entitlement Management, Role Management, Password Management, Life Cycle Management, Multi-Factor Authentication (MFA), Single Sign-On (SSO), and Directory Services.

Proficient in designing and configuring certification and Life Cycle Management processes and implementing solutions using the Provisioning Engine in SailPoint IdentityIQ.

Skilled in installing, integrating, and deploying IdentityIQ and IdentityNow products in various client environments.

Expertise in implementing Role-Based Access Controls (RBAC), Attribute-Based Access Control (ABAC), Policy-Based Access Control (PBAC), role mining, and entitlement analysis.

Experienced in building out the Okta platform to support customers' cloud architecture.

Proficient in implementing Single Sign-On for single/multiple cookie domains for web applications and integrating SSO with Sun One LDAP and MS Active Directory, including Federation both inbound and outbound using SAML 2.0.

Experienced in automating provisioning and de-provisioning processes using Okta lifecycle management (LCM) workflows.

Skilled in working with SailPoint out-of-the-box (OOTB) and various connectors, including Delimited File, JDBC, LDAP, AD, Azure AD, SAP, and Oracle Applications.

Adept at integrating SailPoint with Azure, Active Directory, ServiceNow, SAP, cloud systems, and the PAM integration module.

Capable of building custom workflows, rules, policies, and provisioning in IAM. Experienced in creating quick links and custom forms.

Proficient in using the Audit Configuration to specify actions collected for audit logs. Experienced in using the Audit Search tab to generate searches for audit records for specific time periods, actions, sources, and targets.

Skilled in creating custom email templates and configuring target applications. Knowledgeable in major data compliance standards such as SOX, GDPR, HIPAA, PCI DSS, PIPL, and CCPA.

Strong understanding of core Java concepts and J2EE technologies, including servlets, Struts, JDBC, JSP, JSF, Spring Core, Spring AOP, Spring Security, Spring MVC, and Hibernate. Expertise in developing RESTful web services and microservices.

Proficient in design, development, and coding within the computing domain using tools like J2SE, J2EE, and BeanShell. Results-oriented professional with a proven track record in IAM solution delivery utilizing Agile or Scrum methodologies.

Highly skilled in collaborating with cross-functional teams and ensuring timely delivery of projects within schedule constraints.

PROFESSIONAL EXPERIENCE

T-Mobile, Texas March 2023 – Present

SailPoint IAM Engineer

Responsibilities:

Implemented and managed synchronization processes to ensure account data consistency across Okta, Active Directory, and SailPoint, ensuring data integrity and accuracy across all platforms.

Utilized connectors such as Delimited File, Salesforce, Okta, On-Premises Active Directory, and Azure Active Directory to integrate various data sources, enhancing the IAM infrastructure.

Configured and optimized Identity profiles to build Identity Cubes, prioritizing data from multiple authoritative sources for accurate identity management.

Developed both simple and complex transforms, rules, and generators to convert data from one format to another, facilitating seamless data integration and manipulation.

Established automated job scheduling and monitoring tools to ensure tasks were executed as planned, improving efficiency and reliability in IAM operations.

Created and implemented a comprehensive incident management process, detailing how incidents are reported, assessed, prioritized, and resolved within specified SLA timelines to minimize downtime and enhance security.

Developed a support framework to promptly address access issues such as user authentication problems and permissions errors, ensuring uninterrupted access and security compliance.

Automated the onboarding process for applications using Roles, Access Profiles, and Entitlements, streamlining access management and enhancing operational efficiency.

Configured event-based and role-based provisioning into downstream applications like Okta and Active Directory, ensuring timely and accurate access provisioning.

Implemented Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) through strategic role assignments and access profile criteria to enhance security and compliance.

Leveraged audit configuration capabilities to specify the actions collected for audit logs, ensuring thorough monitoring and compliance with security policies.

Developed custom plugins for additional access requests and contract creation using Java/J2EE, enhancing the functionality and customization of SailPoint solutions.

Created custom integrations between Ping Identity and various applications/systems using Java, facilitating seamless data flow and access management.

Developed PowerShell scripts for automating routine tasks such as data loading and system monitoring within the SailPoint environment, improving operational efficiency.

Utilized Java Server Faces (JSF) for web application development, contributing to the creation of robust and scalable IAM solutions.

Configured governance groups and segments in the request portal, enhancing access request features and ensuring efficient access management.

Conducted certifications such as Role Composition, Access Item, and Uncorrelated Accounts Certification to improve data security and ensure compliance with audit and regulatory requirements.

Designed and implemented workflows to define action sequences performed within IdentityIQ, optimizing IAM operations and automating key processes.

Defined and configured event triggers to automate actions within IdentityIQ, enhancing responsiveness and operational efficiency.

Implemented Multi-Factor Authentication (MFA) across all scoped applications using Okta, including Okta Push, Okta Verify, SMS authentication, voice call authentication, and security questions to enhance security.

Utilized AWS S3 buckets for storing configuration files, backups, logs, and other essential data, ensuring durability and accessibility for SailPoint IAM deployments.

Managed IAM configurations and customizations in GitHub repositories, ensuring version control, traceability, and collaboration across development teams.

Provisioned and managed AWS EC2 instances to host SailPoint IdentityIQ servers, ensuring optimal performance and availability of IAM services.

Executed certification processes in IdentityIQ, including Role Composition and Uncorrelated Accounts Certification, enhancing data security and compliance.

Integrated IdentityIQ with external systems such as Azure, Active Directory, ServiceNow, SAP, and cloud systems, centralizing identity and access management and fostering seamless communication.

USAA, Austin, Texas Dec 2021 –Feb2023

SailPoint IAM Engineer

Responsibilities:

Worked on integrating SailPoint with various connectors, including custom connectors, to enhance IAM capabilities and streamline identity management processes.

Developed a Business RPA ROI Dashboard for business leaders to track investments and returns, providing valuable insights into the effectiveness of RPA initiatives.

Implemented a custom solution allowing end-users to request roles and applications through a request portal with governance groups acting as approvers, streamlining the access request process.

Collaborated with project managers and stakeholders to evaluate the organizational impact of RPA solutions, ensuring alignment with business goals and optimizing resource allocation.

Implemented provisioning features in SailPoint IIQ and IdentityNow using various connectors like LDAP, Azure AD, and Workday, ensuring efficient and accurate access provisioning.

Implemented Multi-Factor Authentication (MFA), Single Sign-On (SSO), and access management solutions, enhancing security and simplifying user access.

Worked with the UI Path team to automate processes in RPA, improving operational efficiency and reducing manual workload.

Maintained an up-to-date Standard Operating Procedures (SOP) Runbook in SailPoint IdentityIQ, ensuring consistent and reliable operations.

Actively engaged in all Scrum ceremonies, including daily stand-ups, sprint planning, sprint reviews, and retrospectives, ensuring effective agile project management.

Coordinated with development and operations teams to schedule and execute tasks supporting deployments and releases, ensuring timely and efficient project delivery.

Designed and implemented SailPoint IdentityNow solutions using Java, developing multiple Identity Profiles for onboarding authoritative sources and customizing workflows for provisioning and de-provisioning accounts.

Integrated IAM solutions seamlessly with various systems and applications using Java, optimizing interoperability and efficiency.

Implemented Privileged Access Management (PAM) services through SailPoint, creating users and containers in CyberArk and configuring roles, policies, and certifications for governance compliance.

Designed and implemented Windows PowerShell scripts for Active Directory using SQL and SailPoint, addressing audit requirements and cleaning up stale/inactive accounts.

Installed Okta AD agents in Active Directory domains, automating user group membership via Group Rules and integrating Okta for SSO, MFA, and provisioning.

Monitored user access for suspicious activity using Azure, preventing unauthorized access from external networks, users, and services.

Managed joiners, movers, and leavers processes for high-risk business areas, ensuring secure provisioning and de-provisioning of accounts.

Experienced with SSO and federation using SAML 2.0, OAuth 2.0, OpenID Connect (OIDC), and WS-Federation, enhancing secure and seamless access management.

Configured logging mechanisms using the Log4j framework, ensuring comprehensive monitoring and troubleshooting capabilities.

Integrated cloud-based applications with Azure Active Directory, utilizing Azure enterprise applications to meet business needs and enhance IAM capabilities.

Worked on cloud migration of SailPoint to AWS, automating compliance and adhering to audit requirements through effective IAM solutions.

Implemented RESTful web services to connect various applications with SailPoint, ensuring efficient data transfer and system integration.

Mutual of Omaha, Texas Oct 2019 – Nov 2021

SailPoint IAM Engineer

Responsibilities:

Involved in application onboarding using connectors like delimited files, JDBC, and Active Directory, ensuring smooth integration with the SailPoint IAM infrastructure.

Worked on implementing and managing Identity Access Management (IAM) solutions, leveraging SailPoint to enhance security and access management.

Hands-on experience with the Microsoft Azure platform, utilizing its features to enhance IAM solutions and ensure secure operations.

Participated in SailPoint deployment activities, including connector configuration, custom rule development, workflow configuration and development, and third-party system integration.

Handled lifecycle management workflows, ensuring efficient provisioning and de-provisioning of user accounts and entitlements.

Implemented certifications such as Application Owner, Entitlement Owner, and Advanced Certifications, ensuring compliance with governance and security policies.

Developed custom reports for application data validation, validating accounts, entitlements, and account status post-aggregation.

Developed custom connectors tailored to integrate RPA-reliant applications, streamlining processes and enhancing automation capabilities.

Successfully implemented SailPoint integrations for new applications, including PagerDuty and Black Diamond, ensuring seamless data flow and access management.

Actively collaborated with cross-functional teams to design and execute integration solutions, leveraging IAM and integration development expertise.

Developed RESTful web services using Java frameworks like JAX-RS for building lightweight, scalable APIs, enhancing system interoperability.

Familiarity with Java microservices development using frameworks like Spring Boot and Dropwizard for building cloud-native applications, optimizing system scalability.

Proficient in Java XML processing APIs (JAXB and JAXP) and JSON processing APIs (Jackson and Gson) for data parsing, validation, and transformation.

Wells Fargo, Dallas, Texas June 2018 - Sept 2019

SailPoint IAM Engineer

Responsibilities:

Managed, maintained, and developed the IAM infrastructure using SailPoint and Okta tools, ensuring seamless and secure identity and access management across the organization.

Designed and developed Joiner, Mover, and Leaver workflows to automate user lifecycle management, improving efficiency and reducing errors in user provisioning and de-provisioning.

Drove the integration of new applications in SailPoint and Okta, ensuring smooth onboarding and secure access management for various enterprise applications.

Worked on increasing security on a cloud-based platform (AWS), leveraging best practices and advanced security features to protect sensitive data and applications.

Set up enterprise-level Role Mining, Role-Based Access Control (RBAC), Multi-Factor Authentication (MFA), Single Sign-On (SSO), and Identity Management, enhancing security and compliance across the organization.

Delivered Okta solutions on behalf of customers, providing tailored IAM solutions to meet specific business requirements and ensuring optimal performance and security.

Skilled in automating IAM operations leveraging Robotic Process Automation (RPA) technology, streamlining processes and reducing manual effort.

Used IQService as part of Identity IQ for Active Directory (AD) provisioning, ensuring efficient and accurate user provisioning and management.

Deployed several out-of-the-box SailPoint connectors to connect various client systems (LDAP, AD, databases, etc.), enhancing integration and interoperability.

Worked on different application platforms such as Citrix and Mainframes, developing several automation processes and VBOs to overcome limitations of the RPA tool, improving efficiency and reliability.

Developed PowerShell rules for Exchange and O365 provisioning and integrated them with Joiner workflows, automating and streamlining the provisioning process.

Built resource adapters, Identity Management, Single Sign-On (SSO), Provisioning and Identity Workflows, Access Management, RBAC, ABAC, PBAC, Authentication and Authorization technologies, ensuring robust and scalable IAM solutions.

Developed custom rules for aggregation and provisioning to SuccessFactors, ensuring accurate and efficient data integration and user management.

Configured and developed rules for web service connectors for create and delete operations, enhancing integration capabilities and ensuring seamless data management.

On-boarded delimited file, JDBC, and AD applications for access review, ensuring comprehensive and accurate access management.

Developed provisioning policies for different applications including AD, JDBC, and web service connectors, streamlining the provisioning process and ensuring consistency and accuracy.

Created a custom form and workflow for managing applications that are not connected to IdentityIQ, providing flexibility and enhancing the overall IAM infrastructure.

Developed and deployed custom connectors and rules for SailPoint, tailoring IAM solutions to meet specific business needs and requirements.

Reviewed test plans created by the quality assurance team, offering feedback and insights to perform testing more efficiently and ensure high-quality deliverables.

Partnered with the security team on identity governance audits and processes, ensuring compliance with security policies and regulations.

Guided application owners on best practices and standardization when tying applications into IAM systems, ensuring consistent and secure integration.

Supported various projects, lifecycle management, directory services, and security integrations, ensuring seamless and efficient operations.

Created exclusion rules and pre-delegation rules for certifications, enhancing the accuracy and efficiency of certification processes.

Customized email templates to ensure they are client-specific with appropriate body and branding, improving communication and user experience.

EDUCATION:

Bachelor’s in computer science from San Jose State University (SJSU)



Contact this candidate