Access Management Control
Resume:
AJAY RAIKANTI
********.***@*****.*** 530-***-****
https://www.linkedin.com/in/ajay-r-5aab85300
PROFESSIONAL SUMMARY
Identity and Access Management (IAM) Engineer with up to 5 years of experience in designing, implementing, and managing enterprise Identity and Access Management solutions. Hands-on expertise in Okta, PingFederate, PingAccess, SailPoint, and Microsoft Entra ID. Extensive experience in configuring and deploying MFA solutions, FIDO2 WebAuthn, OAuth 2.0, OpenID Connect, SAML, and JWTs for secure authentication and authorization. Proficient in configuring and optimizing PingFederate for authentication and security needs, integrating with various identity providers, directories, and applications. Expertise in leveraging Okta for SSO and MFA, Sailpoint for identity governance, and Microsoft Entra ID for privileged access management. Experienced in deploying PingFederate, PingAccess, and Okta for advanced access control, identity governance, and risk-based authentication. Experienced in Linux and Windows administration and scripting. experience in creating, managing, and interfacing with Identity Providers (IdPs) and Service Providers (SPs). A dedicated IAM Expert, passionate about enhancing security, streamlining access management, and driving automation to improve enterprise identity solutions. CERTIFICATIONS
OKTA CERTIFIED ADMINISTRATOR - https://www.credly.com/go/cDiy1qjE OKTA CERTIFIED PROFESSIONAL - https://www.credly.com/go/7jwc8ybl TECHNICAL SKILL SET
IAM Tools : Okta, PingFederate, PingAccess, ForgeRock, Microsoft Entra ID, SailPoint IdentityIQ
SSO & Protocols : SAML 2.0, OAuth 2.0, OpenID Connect (OIDC), SWA, WS-Fed, JWT, FIDO2 WebAuthn Operating Systems : Windows Server 2008/2012/2016, RHEL, UNIX Directories : Active Directory, LDAP, PingDirectory, Workday Languages/Scripting : Java, Python, OGNL, Shell Script, PowerShell, JSON EXPERIENCE
IAM ENGINEER
Apr 2024 - Present Delta Air Lines, Georgia
● Designed and deployed secure identity solutions using PingFederate, PingAccess, and PingID across multiple environments (Dev, Stage, Prod).
● Architected access control and multi-factor authentication (MFA) solutions using PingFederate, integrating with Active Directory (Cloud) in Azure using RBAC and security protocols.
● Integrated Entra ID with enterprise HR systems to enable automated provisioning/de-provisioning and lifecycle management.
● Designed and implemented enterprise-wide identity and access management solutions using Microsoft Entra ID, ensuring secure access to cloud and on-prem applications.
● Developed custom adapters, JWT-based token solutions, and advanced authorization policies using PingAccess.
● Streamlined CI/CD deployment for CIAM workflows using REST APIs and automation pipelines..
● Implemented SSO solutions across multiple web-based and API-based applications using PingAccess and PingFederate.
● Developed real-time monitoring and logging mechanisms for IAM security events, using SIEM tools to enhance incident detection and response.
● Migrated 40+ apps from Implicit Grant to Authorization Code with PKCE, boosting security posture.
● Conducted Web Services Federation (WS-Fed) implementations for seamless cross-enterprise authentication.
● Integrated Microsoft Entra ID with Conditional Access, B2B sync, and identity governance for secure collaboration.
● Integrated 70+ enterprise and SaaS apps with Okta using SAML, OIDC, OAuth2.0, and WS-Fed for seamless SSO.
● Integrated Office 365 with Okta using WS-Fed SSO and provisioned users with Okta-Mastered and Directory-Mastered accounts. ● Integrated Auth0 with Azure AD B2C and Okta for federated logins, supporting clients that require flexible IdP choice.
● Configured Session Policies with idle timeout, max lifetime, and token revocation in high-sensitivity apps.
● Administered and delegated permissions using Role-Based Access Control (RBAC) and Policy-Based Access Control (PBAC) for Azure subscriptions and resources.
● Implemented Org2Org integrations to centralize identity governance across multiple Okta tenants.
● Built custom login experiences in Auth0 with Universal Login and Actions to handle token enrichment and claims manipulation.
● Developed PowerShell scripts for bulk user provisioning in Okta, AD object sync, and access audits.
● Led CIAM implementations using Auth0 and Okta for customer-facing apps with external IdP federation.
● Worked on Auth0 test tenant to create custom rules and hooks for token enrichment and logging.
● Built custom email templates and branding for consistent user experience during self-registration, password reset, and MFA enrollment.
● Integrated social identity providers and enterprise IdPs using OIDC/SAML to enable seamless SSO for consumer-facing applications.
● Automated user lifecycle events (joiner, mover, leaver) using Okta Workflows integrated with Workday and AD.
● Managed SailPoint access reviews, automated provisioning/deprovisioning via SCIM, and ensured compliance with SOX/GDPR.
● Integrated Google Workspace with Okta for SAML-based SSO, enabling seamless and secure authentication and role-based access to Gmail, Google Drive, and other services.
● Managed Privileged Identity Management (PIM) to ensure just-in-time access for administrators and enforce approval workflows, access reviews, and time-bound role assignments.
● Automated quarterly access reviews using OIG and custom Workflows.
● Monitored and responded to identity-related security incidents, including credential abuse detection, privilege escalation prevention, and anomaly analysis.
● Collaborated with InfoSec, IT Ops, and application teams to establish IAM governance and secure authentication frameworks. IAM SECURITY ENGINEER
Sep 2019 - Jul 2022 Softcell Technologies, India
● Deployed and configured PingFederate, PingAccess, and PingDirectory to deliver scalable, high-availability identity solutions across hybrid cloud environments..
● Created custom authentication flows using PingFederate credential validators, selectors, and adapters.
● Developed PBAC policies using tools like PingAccess and custom policy engines to manage complex authorization rules aligned with business logic and compliance needs.
● Configured SAML and OAuth 2.0 integrations between IdPs and SPs.
● Delivered workforce SSO solutions with Okta and PingFederate across 50+ enterprise applications.
● Developed custom IAM integrations and API-based authentication solutions, improving security for SaaS applications, CRM systems, and cloud platforms.
● Integrated identity systems with LDAP and Microsoft Active Directory for authentication and directory services.
● Installed and configured PingAccess Gateways, protecting APIs and web applications with token-based authorization policies.
● Developed Groovy scripts in PingAccess to implement custom authorization rules for fine-grained access control.
● Configured Ping Directory and integrated it with Ping Federate for user attribute storage and management.
● Supported Autosys batch jobs for identity workflows, ensuring timely completion and error-free processing.
● Provided technical support for Okta-related incidents, ensuring timely resolution and conducting detailed root cause analysis. ● Integrated Ping and Okta in hybrid cloud environments; managed MFA, SSL, cert rotations, and SSO for AWS/Azure apps.
● Deployed Azure AD Connect for seamless synchronization between on-premises Active Directory and Azure AD in hybrid environments.
● Implemented and managed Conditional Access policies based on user risk, device compliance, geolocation, and sign-in behavior to meet Zero Trust security goals.
● Managed SSO and MFA infrastructure, collaborating with cross-functional teams on security, networking, and system operations.
● Developed custom authentication schemes in PingFederate based on business requirements.
● Provided support for mobile app integration using OAuth/SAML with PingFederate.
● Led IAM security assessments, risk analysis, and role mining activities, ensuring compliance with SOX, HIPAA, and GDPR regulations.
● Designed and implemented customized onboarding/offboarding logic using Python and JavaScript for identity processes.
● Streamlined IAM workflows with PowerShell and Python, improving efficiency and reducing incident resolution time.
● Enabled SAML/OAuth federation for external vendors and business apps.
● Configured and enforced Multi-Factor Authentication (MFA) across various user groups using Microsoft Authenticator and third-party providers.
● Performed certificate rotations and metadata syncs between SPs and IdPs for 30+ SAML integrations.
● Implemented and configured SSL, requested digital certificates, created self-signed certificates and imported/exported public/private keys.
● Built custom OIDC integrations with JavaScript clients and implemented token validation logic in secured microservices.
● Demonstrated HR event based triggers into IGA supported by RBAC, Access policy, and certification campaigns.
● Monitored and resolved authentication/authorization issues across IAM platforms, improving overall system reliability.
● Collaborated with cross-functional teams to gather requirements, design identity and access management solutions, and implement end- to-end user authentication and authorization workflows. SECURITY ENGINEER INTERN
Mar 2019 - Aug 2019 Softcell Technologies, India
● Assisted in deploying PingFederate, Azure AD, and configuring RBAC/MFA for enterprise applications.
● Integrated OAuth 2.0, OIDC, and SAML 2.0 protocols into legacy and SaaS applications for secure SSO..
● Assisted in integrating Ping Federate with legacy applications and cloud-based SaaS platforms.
● Maintained AD/LDAP directories and documented IAM workflows and policies for audit readiness.
● Created technical documentation for Okta application onboarding and access request flows.
● Worked with stakeholders and information technology teams to troubleshoot and resolve authentication and access management issues, ensuring uptime and performance stability.
EDUCATION
M.S. in Cyber Security, Saint Peter’s University, Jersey City, NJ — 2024 B.S. in Computer Science, Hindi Mahavidyalaya, Hyderabad, India — 2019
Contact this candidate