IAM SME - Entra External ID

IAM SME – Entra External ID

We are hiring an IAM SME to lead a secure SSO implementation of Entra External ID. Key duties include migrating from Azure AD B2C to Microsoft Entra External ID, establishing federation with external client portals (SAML/OIDC), providing reference SSO integration, and ensuring strong security, documentation, and knowledge transfer.

Key Responsibilities

• Organize discovery workshops to assess existing authentication methods, workflows, and types of external users.
• Evaluate Azure tenant readiness, licensing, security and compliance requirements, and establish a project plan with milestones and RACI assignments.
• Identify prerequisites such as network configuration, required ports, and environment setup strategy, collaborating with application teams to address dependencies.
• Develop an authentication architecture for external users with Entra External ID.
• Define user registration and login processes, IdP federation strategies (SAML/OIDC), and tailor branding and UX for user journeys.
• Design Conditional Access and MFA policies, including bypass options for partner-initiated flows when necessary (in partnership with app teams).
• Create architecture diagrams and high/low-level design documents.
• Prepare the development environment, configure the Entra External ID tenant, and register required applications.
• Set up federation and integration patterns for external client portals.
• Apply session and token management best practices to ensure smooth portal navigation and proper sign-out behavior.
• Establish a migration strategy and tools using Microsoft Graph APIs, along with scripts and infrastructure.
• Plan and conduct pilot migration, then advance to full-scale migration readiness.
• Maintain attribute mapping and ensure identity data integrity during migration.
• Lead UAT validation, manage issue triage and remediation tracking, and refine policies and UX from feedback.
• Verify conditional access/MFA enforcement versus bypass scenarios, and test end-to-end SSO functionality.
• Create comprehensive documentation covering configuration, federation, migration steps, and operational runbooks.
• Host working sessions and transfer knowledge to enable internal teams to manage additional client SSO integrations independently.
• Perform security reviews for identity flows, token lifetimes, claims issuance, and federation trust boundaries.
• Support cutover planning, rollback strategies, and post-migration stabilization.
• Collaborate with security operations teams to ensure logging, monitoring, and auditability of authentication events.
• Provide ongoing advisory support during early operations (hypercare) post go-live.

Required Skills & Experience

• 10+ years in Identity & Access Management with hands-on SSO and federation implementations.
• Strong expertise in:
  • Microsoft Entra External ID
  • OAuth2 / OIDC, SAML 2.0, JWT, token/session management
  • Application registrations, redirect URIs, certificates/secrets, custom domains concepts
• Experience with Azure AD B2C and migration patterns to Entra External ID.
• Working knowledge of Microsoft Graph API for user migration and identity operations.
• Practical experience designing and implementing Conditional Access + MFA strategies.
• Strong documentation and stakeholder management skills; ability to run workshops and KT sessions.

Preferred Certifications (nice to have)

• Microsoft Certified: Identity and Access Administrator Associate
• Microsoft Certified: Cybersecurity Architect Expert

Soft Skills:

• Strong analytical, problem-solving, and troubleshooting skills.
• Excellent communication and stakeholder management abilities.
• Ability to work independently and collaboratively in a fast-paced environment.