Role purpose

Deliver hands-on workforce identity provider outcomes for customers. This role bridges strategy and implementation: designing secure, operable identity architectures; integrating apps and directories; and enabling teams with clear documentation, automation, and knowledge transfer.

What success looks like

• Workforce SSO/MFA and lifecycle are implemented with minimal user disruption and strong security posture.
• Directory + HR source integrations (e.g., AD/LDAP, HRIS/ITSM) are stable, observable, and well-documented.
• Customers can operate the system independently (runbooks, change process, admin training).
• Risk is surfaced early (policy gaps, device posture issues, migration constraints, scaling limits) with clear options and tradeoffs.

Key responsibilities

• Discovery & solution design
  • Lead technical discovery: identity sources, app inventory, authentication methods, device posture, compliance constraints, and admin operating model.
  • Produce implementation-ready designs: flows, policy decisions, attribute contracts, group strategy, and rollout plans.
• Implementation & configuration
  • Configure SSO and federation across common patterns (SAML, OIDC, OAuth 2.0) and complex enterprise edge cases.
  • Implement MFA and access policies aligned to risk and usability (step-up, phishing-resistant factors, conditional access/device signals where applicable).
  • Build lifecycle management: provisioning/deprovisioning, SCIM integrations, and directory/HR-driven automation.
• Integration engineering
  • Integrate with existing infrastructure: Active Directory/LDAP, Azure/Entra, AWS, VPN, HR systems, and key SaaS apps.
  • Troubleshoot and resolve authentication/provisioning issues end-to-end (IdP, app, directory, network, and user data).
• Automation & tooling
  • Build and maintain automation using platform-native tooling (e.g., Okta Workflows) and custom scripts/services when needed.
  • Use APIs and logs to validate behavior, reconcile state, and support migrations and bulk operations.
• Migration & rollout
  • Plan and execute migrations (tenant consolidation, app cutovers, factor enrollment changes, legacy IdP transitions).
  • Define phased rollout strategies, testing plans, rollback paths, and stakeholder comms checkpoints.
• Documentation & enablement
  • Deliver high-quality artifacts: HLD/LLD, integration guides, runbooks, troubleshooting playbooks, and admin training.
  • Create reusable templates and patterns that improve delivery consistency across projects.
• Client leadership
  • Partner with stakeholders (IT, Security, HR, app owners) to drive decisions and unblock progress.
  • Provide clear status updates, identify risks early, and propose options with scope/time/cost tradeoffs.

Required knowledge, skills, and abilities

• 3–7+ years delivering IAM / workforce identity solutions in consulting, customer-facing engineering, or internal IAM teams.
• Deep understanding of workforce identity concepts: authentication, authorization, provisioning, directory services, and policy design.
• Strong protocol fluency: SAML 2.0, OIDC, OAuth 2.0, SCIM, and practical debugging of these integrations.
• Working knowledge of common enterprise environments: AD/LDAP, Azure/Entra, AWS, SaaS app ecosystems, networking basics.