Identity and Access Management (IAM) Specialist
Resume:
Neeraj Konda
*************@*****.*** +1-737-***-****
LinkedIn URL:- https://www.linkedin.com/in/konda-neeraj-9b8b1b245 Richardson, TX
Identity and Access Management (IAM) professional with 6 years of hands-on experience designing, implementing, and supporting enterprise-scale SSO and IAM solutions across Linux, Solaris, Windows, and AWS environments.
Proven expertise in ForgeRock (OpenAM, OpenDJ, IG), Ping Identity (PingFederate, PingAccess, Ping Directory), and CA SiteMinder, including large-scale migrations, upgrades, and platform modernization initiatives. Strong background in SAML 2.0, OAuth 2.0, OpenID Connect, and federation-based authentication for B2B, B2C, and B2E applications.
Extensive experience with LDAP architecture, directory design, replication, schema management, and performance tuning. Adept at building highly available, clustered, and load-balanced IAM infrastructures across multiple environments.
Technical Skills:
IAM Product Suites:
SiteMinder Policy Server 5x/6.0/R12.x, Ping Identity, Ping Access 6.0, Ping Directory, SiteMinder Web Agent 5x/6.0/R12.x, SiteMinder secure Proxy server, ForgeRock OpenAM, Open IG.
Directory Servers:
CA Directory Server, Sun Directory Server 5.x/6.x/7.x, MS Active Directory, LDAP, ForgeRock OpenDJ
Programming
C, C++, .NET, HTML, Perl
Operating System
Windows 2000/2003/xp/2008, Solaris/Linux. AWS
Web Servers
Sun One web server, Apache (Vfabric & JWS), IIS 5x/6x/7x, IBM HTTP server
Application Servers
Tomcat (TcServer & JWS), IBM WebSphere
Experience Summary :
—Responsible for installing and setting up the new Access management environment across multiple environments(Dev, QA, Pre-Prod, and PROD).
—Involved in designing and building ForgeRock OpenAM & OpenDJ environments from scratch as part
of the migration from SiteMinder infrastructure for B2B & B2E portals.
—ForgeRock SAML-Based Authentication with a SP and IDP ID.
—Setting up separate ForgeRock replication server instances.
—Managing the certificates and authentication policy on PingFederate.
—Worked closely with ForgeRock implementation partners during migration.
—Setting up policies, creating an agent, and whitelisting URLs in ForgeRock OpenAM for all applications.
—Once ForgeRock infrastructure has been built, work on migrating different applications(SAML-based, Agent-based (different flavors like Apache, Windows), IG, etc) from CA Siteminder to ForgeRock.
—Demonstrated success in leading migrations from SiteMinder to ForgeRock/Ping, onboarding hundreds of applications, and coordinating with cross-functional teams and vendors.
—Strong troubleshooting skills using logs, SPLUNK, and monitoring tools, with a track record of reliable production support and on-call ownership.
—Provide federation SSO services for various business applications that are accessed from within the network using SAML 2.0
—Planned and executed the application migration from Dev to Prod accordingly.
Provided the on-call support as required by the team.
Project & Experience:
SVSIT systems, Jan 2026 till present
●Key resource on IAM team who manages ForgeRock & SiteMinder access management.
●Work with clients to gather requirements for doing sso where apps are configured using federation, agent based sso, openid connect or OAuth.
●Responsible for exchanging metadata and setup federation agreements using saml and WS federation protocols.
●Collaborate & Work with clients, business and operation team to make sso go live smoothly.
●Key resource in Migration of applications from siteminder to ForgeRock access management.
●Install and configure ForgeRock AM on Docker Kubernetes as Proof of concept.
●Configure ForgeRock Auth Trees and Modules as per business needs with MFA and device save flows.
●Work with internal team to customize the auth nodes for MFA and Passkey authentications.
●Configure Applications using inbound and outbound OpenID connect flows where ForgeRock generates JWT token and consumes JWT.
●Installed and configured ForgeRock web and application J2EE agents on various platforms with web and application servers.
●Implemented and configured both IDP & SP connections using PingFederate (SAML).
Infosys, Richardson Agu 2025 - Jan 2026
Responsibilites:
Responsible for installation and setup the new Access management environment across multiple environemnets like (Dev, Qa, Pre-Prod and Prod).
Configured and customized Ping AIC authentication flows, policies, and application connections to support secure B2B and B2E access.
Connected to an external IDP and SP with Ping Federate.
Assisted in testing, rollout, and production support of new authentication features, including protocol changes, MFA enablement, and policy updates.
ForgeRock SAML Based Authentication with a SP and IDP id.
Worked on Microsoft Entra ID (Azure Active Directory) for identity and access management across cloud and hybrid environments.
Conducted upgrade in test environment from 6.2 to 7.2 Ping Directory.
Worked on IDM roles creation/update/provisioning, Configuring and customizing Ping Identity Cloud solutions.
Involved in Design and building ForgeRock OpenAM & OpenDJ environments from scratch as part of migration from SiteMinder infrastructure for B2B & B2E portals.
Configuring and customizing Ping Identity Cloud solutions.
Integrated on-premises Active Directory with Entra ID using Azure AD Connect (sync, password hash sync, and seamless SSO).
Supported SCIM-based user lifecycle management for cloud and SaaS applications, ensuring automated provisioning and deprovisioning.
Worked extensively with Ping Identity Cloud (Ping AIC) for cloud-based access management, integrating enterprise applications using SAML, OAuth 2.0, and OpenID Connect.Managing the certificates and authentication policy on PingFederate.
Worked closely with ForgeRock implementation partners during migration.
Settting up policies, creating agent, whitelisting URL in ForgeRock OpenAM for all applications.
Once ForgeRock infrastructure has been built, worked on migrating different applications(SAML based, OAuth/OIDC, Agent based(different flavors like Apache,windows), IG etc) from CA siteminder to ForgeRock.
Setting up Load Balancing,Clustering,High Availability, separate RS Replication servers for ForgeRock newly built infrastruce.
Performing system monitoring, analyzing and documenting performance and conducting trend analyses as required.
Being responsible for performance tuning, indexing, troubleshooting Replication and performance issues.
Client: Kaiser, CA, Dec 2024 to Aug 2025
Role: ForgeRock Engineer/IAM Administrator Responsibilities:
Responsible for installation and setting up the new Access management environment across multiple environments like (Dev, Qa, Pre-Prod, and Prod).
Involved in migration of Siteminder 6.X to 12.x on Solaris 10 LDOM’s with 100 + applications and 500 +
webagents
Connected to an external IDP and SP with Ping Federate.
Implemented PingOne integrations for application SSO and identity federation.ForgeRock SAML-Based Authentication with a SP and IDP id.
Conducted an upgrade in the test environment from 6.2 to 7.2 Ping Directory.
Conducted upgrade to 8.3 from the 7.2 version of directory/proxy/datasync.
Established “sync” between the attribute for SiteMinder Password Policy and Ping Directory Password Policy
Designed and supported multi-factor authentication (MFA) solutions using PingID, including step-up authentication and risk-based policies.
Involved in designing and building ForgeRock OpenAM & OpenDJ environments from scratch as part of the migration from SiteMinder infrastructure for B2B & B2E portals.
Version upgrade of Ping Federate to version 10.0
Implemented Just-In-Time (JIT) user provisioning during SAML/OIDC authentication flows.Managing the certificates and authentication policy on PingFederate.
Installed and configured Siteminder User Context Gateway on policy server and IIS web server to work with pc based applications.
Configured User Context Gateway to provide Single Sign-on with PC based applications like Citrix.
Worked closely with ForgeRock implementation partners during migration.
Setting up policies, creating an agent, and whitelisting URLs in ForgeRock OpenAM for all applications.
Acted as a technical liaison between customers, internal IAM teams, and vendors during onboarding and migration activities.
Worked on the Migration of applications from Siteminder to PingOne.
Once ForgeRock infrastructure has been built, work on migrating different applications(SAML-based, Agent-based (different flavors like Apache, Windows), IG, etc) from CA Siteminder to ForgeRock.
Setting up Load Balancing, Clustering, High Availability, and separate RS Replication servers for ForgeRock's newly built infrastructure.
Performing system monitoring, analyzing and documenting performance, and conducting trend analyses as required
Being responsible for performance tuning, indexing, troubleshooting Replication and performance issues.
Experience in Okta Authentication.
Worked on building and configuring servers with replication across multiple data centers globally for the Checkout environment using CA Directory using synchronous & asynchronous methods.
Configured various LDAP connectors to sync-up data between various LDAP servers as part of the
migration from Oracle ODSEE to ForgeRock OpenDJ LDAP environment.
Worked with different application teams and able to successfully migrated all applications to
OpenDJ LDAP without any issues.
Performing routines and preventative maintenance such as health-checks, maintaining Backups, writing shell scripts, utilization monitoring, and log file management
Onboarding applications for IG based, creating routes in IG, and creating a Java agent in AM
Implementing the Single Sign-On environment (SSO) in a mixed environment, which included Windows and Linux environments.
Re-designed, re-architected, and built the existing application using Java 11, Spring Boot, Spring Reactive Stack
Worked with the third-party Vendor PWC for the installation and setup of the environments.
Planned and executed the application migration from Dev to prod accordingly.
Provided the on-call support as required by the team.
ECLAT Engineering, Ahmedabad Oct 2019 to Aug 2023 Role: SSO/Ping Consultant
Responsibilities:
Install and configure Siteminder Federation security services on JBoss and Tomcat servers on various platforms.
Configure applications with ADFS where SiteMinder acts as the Service Provider and ADFS acts as the Identity Provider using SAML 2.0 in IDP-initiated method.
Configure applications with ADFS where Siteminder acting as Resource Partner and ADFS acting as
Account Partner using WS-Federation.
Installed and configured the Ping federate 6.x
Created various connections both IDP and SP using the ping federate.
Upgraded the ping federate engine from 6.x to 7.x
Involved in troubleshooting different Federation issues using the log files and supported day to day tasks accordingly.
Expertise in integrating and protecting web applications and other resources with Siteminder Policy Server and its components.
Defining the Realms, Rules, Responses, setting up response attributes as Cookie variables or HTTP variables, Defining User directories, Policies, and configure them to the given set of user DNs.
Proactively engaged in migration of the directory server from Sun DS 5.2 to the directory server 6.x
Configure different applications where siteminder is IDP & Ping Federate as SP using SAML 2.0 Post methods.
●Involved in writing the scripts like backup, replication monitoring and configuration statistics
directory server 6.x.
●Installed PingFederate and PingAccess from scratch and configured multiple instances of PingAccess.
Using Siteminder SDK, created an Assertion Generator Plugin which will take query parameters, inserting them to the SAML Assertion as per business requirements.
Can design and document the first-level support be given to the help desk team to improve efficiency
●Integrated SP and IDP SSO SAML request with Ping Federate.
Gather requirements to complete the successful installation and configuration of Siteminder SharePoint 2010 R12 SP3 agent and SiteMinder R12 on Windows.
Troubleshot issues and worked with CA to resolve them.
Troubleshooting day-to-day issues on LDAP servers and monitoring replication problems.
Abilitic Systems, Hyderabad June 2018 – Aug 2019
Role: SingleSignOn Administrator Responsibilities:
Supporting more than 400 applications in Dev, Qa, Model & production.
Installed and configured the Siteminder ERP Agent for SAP Applications.
Configured the Development LDAP Servers.
Installed Siteminder Web agent in IIS6.0, IBM Https, and Apache Web servers.
Configured ACIs and Password Policies in directory Server according to the requirement
Involved with SSO team in integrating the SAP ITS application by installing ERP agents.
Involved in installing Header to Pseudo cookie & Session Linker as per SAP ITS integration & worked on upgrading the ERP Agents from 4x to 5x.
Worked on upgrading the Web agent and switching CGI Password services to FCC Password Services.
Involved in Upgrading directory server 5.2 sp2 to sp4 in native distribution
Configured multi master replication between directory server 5.x
Duties as SSO admin included designing & extending schema according to enterprise needs, Replication of directories to make sure the directory services are accessible in highly available mode.
Implementing the Single Sign-On environment (SSO) in a mixed environment which included Windows, and Linux environment
Administered the LDAP directory servers in the different environments.
Configured LDAP directory servers as policy store, key store and user stores .
Involved in setting up the Load balancing between the LDAP servers using the Big IP load balancer.
Assisted the team in developing documentation for the installation and management of the Site Minder environment.
Worked with Computer Associates (CA) in troubleshooting issues on Siteminder.
Installed and configured Sun One directory server 5.x in different environments.
Involved in day-to-day activities on Siteminder & Directory server
Supported Sun One Directory server 5.x in production environments.
Contact this candidate