-
Configure and manage Okta (policies, routing rules, app integrations, Device Trust, MFA/Adaptive MFA, Groups, Lifecycle Management, Workflows).
-
Implement secure federation (SAML/OIDC), token policies, consent and scopes, and PKCE where applicable.
-
Integrate with Active Directory / LDAP, govern group design, and rationalize permissions to least privilege.
-
Define and enforce password vaulting patterns for non-federated apps and privileged identities (e.g., CyberArk/HashiCorp/1Password Enterprise).
-
Build and maintain access review, joiner/mover/leaver (JML) automation, and policy-as-code where feasible.
-
Partner with app owners to onboard applications to SSO/MFA and eliminate legacy/basic auth.
-
Hands-on expertise with Okta (tenant administration, federation, SSO/MFA, Lifecycle Management, Workflows, SCIM, device posture).
-
Strong working knowledge of SSO, federation, SAML 2.0, OAuth 2.0, OpenID Connect, SCIM, and secure token handling.
-
Proficiency with Active Directory (domain trusts, OU/group strategy, GPO basics, identity hygiene) and directory sync concepts.
-
Demonstrated M&A integration experience: discovery, Day 1 readiness, SSO cutover, identity consolidation, and decommissioning legacy IdPs.
-
Password vaulting/Privileged Access exposure (e.g., CyberArk, HashiCorp Vault, BeyondTrust, or enterprise password managers).
-
Applied least privilege and Zero Trust design; familiarity with NIST CSF, CIS Controls, or ISO 27001 principles.
-
Experience in AWS and/or GCP (federation, RBAC, service accounts, workload identity).
-
Strong verbal and written communication; ability to interface with execs, security, app owners, and engineers.
-
Scripting for automation (e.g., PowerShell, Python, Okta APIs/SDKs) and comfort with Git-based workflows.