Birlasoft, a global leader at the forefront of Cloud, AI, and Digital technologies, seamlessly blends domain expertise with enterprise solutions. The company’s consultative and design-thinking approach empowers societies worldwide, enhancing the efficiency and productivity of businesses. As part of the multibillion-dollar diversified CKA Birla Group, Birlasoft with its 12,000+ professionals, is committed to continuing the Group’s 170-year heritage of building sustainable communities.
Role Summary We are hiring an IAM SME to lead a secure SSO implementation of Entra External ID. Key duties include migrating from Azure AD B2C to Microsoft Entra External ID, establishing federation with external client portals (SAML/OIDC), providing reference SSO integration, and ensuring strong security, documentation, and knowledge transfer.
Key Responsibilities
Organize discovery workshops to assess existing authentication methods, workflows, and types of external users.
Evaluate Azure tenant readiness, licensing, security and compliance requirements, and establish a project plan with milestones and RACI assignments.
Identify prerequisites such as network configuration, required ports, and environment setup strategy, collaborating with application teams to address dependencies.
Develop an authentication architecture for external users with
Entra External ID .
Define user registration and login processes, IdP federation strategies (SAML/OIDC), and tailor branding and UX for user journeys.
Design Conditional Access and MFA policies, including
bypass options
for partner-initiated flows when necessary (in partnership with app teams).
Create architecture diagrams and high/low-level design documents.
Prepare the development environment, configure the
Entra External ID tenant , and register required applications.
Set up federation and integration patterns for external client portals.
Apply session and token management best practices to ensure smooth portal navigation and proper sign-out behavior.
Establish a migration strategy and tools using
Microsoft Graph APIs , along with scripts and infrastructure.
Plan and conduct pilot migration, then advance to full-scale migration readiness.
Maintain attribute mapping and ensure identity data integrity during migration.
Lead UAT validation, manage issue triage and remediation tracking, and refine policies and UX from feedback.
Verify conditional access/MFA enforcement versus bypass scenarios, and test end-to-end SSO functionality.
Create comprehensive documentation covering configuration, federation, migration steps, and operational runbooks.
Host working sessions and transfer knowledge to enable internal teams to manage additional client SSO integrations independently.
The
Entra External ID tenant
was configured with necessary app registrations and policies.
The
pilot migration
was completed and user authentication flows were verified.
A functional
reference SSO integration
is in place for at least one client portal, supporting both web and mobile flows.
High/low-level design documents, architecture diagrams, UAT reports, issue logs, and KT documentation are delivered.
Required Skills & Experience
10+ years in
Identity & Access Management
with hands-on SSO and federation implementations.
Strong expertise in:
Microsoft Entra External ID
Application registrations, redirect URIs, certificates/secrets, custom domains concepts
Experience with
Azure AD B2C
and migration patterns to Entra External ID.
Working knowledge of
Microsoft Graph API
for user migration and identity operations.
Practical experience designing and implementing
Conditional Access + MFA
strategies.
Strong documentation and stakeholder management skills; ability to run workshops and KT sessions.
Nice-to-Have
Familiarity with Identity Governance/RBAC best practices for least privilege access.
Experience hands on experience migrations at large scale.
Preferred Certifications (nice to have)
Microsoft Certified:
Identity and Access Administrator Associate
Microsoft Certified:
Cybersecurity Architect Expert
Soft Skills
Strong analytical, problem-solving, and troubleshooting skills.
Excellent communication and stakeholder management abilities.
Ability to work independently and collaboratively in a fast-paced environment.
#J-18808-Ljbffr
Role Summary We are hiring an IAM SME to lead a secure SSO implementation of Entra External ID. Key duties include migrating from Azure AD B2C to Microsoft Entra External ID, establishing federation with external client portals (SAML/OIDC), providing reference SSO integration, and ensuring strong security, documentation, and knowledge transfer.
Key Responsibilities
Organize discovery workshops to assess existing authentication methods, workflows, and types of external users.
Evaluate Azure tenant readiness, licensing, security and compliance requirements, and establish a project plan with milestones and RACI assignments.
Identify prerequisites such as network configuration, required ports, and environment setup strategy, collaborating with application teams to address dependencies.
Develop an authentication architecture for external users with
Entra External ID .
Define user registration and login processes, IdP federation strategies (SAML/OIDC), and tailor branding and UX for user journeys.
Design Conditional Access and MFA policies, including
bypass options
for partner-initiated flows when necessary (in partnership with app teams).
Create architecture diagrams and high/low-level design documents.
Prepare the development environment, configure the
Entra External ID tenant , and register required applications.
Set up federation and integration patterns for external client portals.
Apply session and token management best practices to ensure smooth portal navigation and proper sign-out behavior.
Establish a migration strategy and tools using
Microsoft Graph APIs , along with scripts and infrastructure.
Plan and conduct pilot migration, then advance to full-scale migration readiness.
Maintain attribute mapping and ensure identity data integrity during migration.
Lead UAT validation, manage issue triage and remediation tracking, and refine policies and UX from feedback.
Verify conditional access/MFA enforcement versus bypass scenarios, and test end-to-end SSO functionality.
Create comprehensive documentation covering configuration, federation, migration steps, and operational runbooks.
Host working sessions and transfer knowledge to enable internal teams to manage additional client SSO integrations independently.
The
Entra External ID tenant
was configured with necessary app registrations and policies.
The
pilot migration
was completed and user authentication flows were verified.
A functional
reference SSO integration
is in place for at least one client portal, supporting both web and mobile flows.
High/low-level design documents, architecture diagrams, UAT reports, issue logs, and KT documentation are delivered.
Required Skills & Experience
10+ years in
Identity & Access Management
with hands-on SSO and federation implementations.
Strong expertise in:
Microsoft Entra External ID
Application registrations, redirect URIs, certificates/secrets, custom domains concepts
Experience with
Azure AD B2C
and migration patterns to Entra External ID.
Working knowledge of
Microsoft Graph API
for user migration and identity operations.
Practical experience designing and implementing
Conditional Access + MFA
strategies.
Strong documentation and stakeholder management skills; ability to run workshops and KT sessions.
Nice-to-Have
Familiarity with Identity Governance/RBAC best practices for least privilege access.
Experience hands on experience migrations at large scale.
Preferred Certifications (nice to have)
Microsoft Certified:
Identity and Access Administrator Associate
Microsoft Certified:
Cybersecurity Architect Expert
Soft Skills
Strong analytical, problem-solving, and troubleshooting skills.
Excellent communication and stakeholder management abilities.
Ability to work independently and collaboratively in a fast-paced environment.
#J-18808-Ljbffr