Cloud Consultant

About Company :

They balance innovation with an open, friendly culture and the backing of a long-established parent company, known for its ethical reputation. We guide customers from what’s now to what’s next by unlocking the value of their data and applications to solve their digital challenges, achieving outcomes that benefit both business and society.

About Client:

Our client is a global digital solutions and technology consulting company headquartered in Mumbai, India. The company generates annual revenue of over $4.29 billion (₹35,517 crore), reflecting a 4.4% year-over-year growth in USD terms. It has a workforce of around 86,000 professionals operating in more than 40 countries and serves a global client base of over 700 organizations.

Our client operates across several major industry sectors, including Banking, Financial Services & Insurance (BFSI), Technology, Media & Telecommunications (TMT), Healthcare & Life Sciences, and Manufacturing & Consumer. In the past year, the company achieved a net profit of $553.4 million (₹4,584.6 crore), marking a 1.4% increase from the previous year. It also recorded a strong order inflow of $5.6 billion, up 15.7% year-over-year, highlighting growing demand across its service lines.

Key focus areas include Digital Transformation, Enterprise AI, Data & Analytics, and Product Engineering—reflecting its strategic commitment to driving innovation and value for clients across industries.

Job Title:

Location: Bangalore

Experience:

Job Type:

Notice Period:

Key responsibilities

We’re looking for an Azure AD resource to manage enterprise identity strategy across cloud and hybrid environments. Resource will be responsible for creating and maintaining secure identity solutions using Microsoft Entra ID (Azure AD), SCIM provisioning, token management, and modern authentication standards.

________________________________________

What You’ll Do

Authentication & Authorization

• Implement OAuth 2.0 and OpenID Connect (OIDC) flows:

o Authorization Code Flow with PKCE

o Client Credentials Flow

o Hybrid & Device Code Flows

• Manage token lifecycle securely:

o Access Tokens, Refresh Tokens, ID Tokens, and Primary Refresh Tokens (PRT)

• Create passwordless sign-in experiences using Windows Hello for Business (WHfB)

• Set up and maintain Self-Service Password Reset (SSPR) and password writeback to on-prem AD

• Create Single Sign-On (SSO) configurations for internal and third-party apps using OAuth, OIDC, and SAML

• Onboard and troubleshoot applications using OpenID Connect, OAuth 2.0, and SAML-based integrations

• Apply knowledge of all major authentication methods, including password-based, certificate-based, federated, multi-factor, passwordless, and biometrics

• Implement device registration and PRT issuance for both Azure AD Joined and Hybrid Joined devices

• Troubleshoot token renewal across browsers, Office apps, and background services

Azure AD Connect (AAD Connect)

• Lead deployments, updates, and troubleshooting efforts

• Create and manage sync configurations:

o Source anchors, sync rules, OU filtering, writeback settings

• Implement staging mode servers for failover and high availability

• Monitor sync health and resolve issues proactively

SCIM Provisioning & Identity Lifecycle Automation

• Set up SCIM-based provisioning and deprovisioning between Microsoft Entra ID and SaaS apps

• Work with SCIM-compatible services (e.g., Slack, GitHub, ServiceNow) and custom APIs

• Create attribute mappings and manage group-based provisioning

• Troubleshoot SCIM API errors, sync failures, and schema issues

• Support custom SCIM connector development and onboarding

Security Policies & Identity Governance

• Create and apply Conditional Access policies based on risk signals, location, and device posture

• Use Azure AD Identity Protection to detect and address identity-based threats

• Onboard and manage application permissions using scopes, consent models, and secure API access

• Implement governance tools: Access Reviews, Entitlement Management, and PIM

• Set up and manage Password-hash synchronization, Pass-through Authentication (PTA) for secure credential validation

________________________________________

Tech Stack & Tooling

• Identity Platforms: Microsoft Entra ID (Azure AD, On-prem AD (Basic knowledge)

• Provisioning: SCIM 2.0, Microsoft Entra provisioning service, custom SCIM connectors

• Scripting & APIs: PowerShell, Azure CLI, Microsoft Graph API

• Diagnostics: Postman, Fiddler, JWT & PRT token inspection tools, provisioning logs

• Security Monitoring: Azure Sentinel, Kusto Query Language (KQL)

________________________________________

Required Qualifications

• 5+ years in Identity and Access Management (IAM) or cloud identity platforms

• Strong experience with OAuth 2.0, OIDC, PKCE, and secure token handling

• Hands-on experience with Primary Refresh Tokens (PRT), WHfB, and device registration

• Experience onboarding and troubleshooting OpenID Connect, OAuth 2.0, and SAML-based applications

• Solid understanding of all major authentication methods, including federated, passwordless, and MFA

• Deep knowledge of Microsoft Entra ID provisioning, especially using SCIM

• Solid experience managing Azure AD Connect (sync rules, writeback, staging mode)

• Strong understanding of Conditional Access, Identity Protection, and SSO for apps