P Sumanth

I am a Federation Consultant with around 8+ years of experience in various Access Management and Identity Management products. About three years of hands-on experience in Okta as an access management solution. The Access Management product includes working experience with Okta, CA Siteminder, CyberArk, CA Identity Manager (CA IDM), Tivoli Access Manager (TAM), Tivoli Federated Identity Manager (TFIM), and knowledge of other access management products like Saviynt, OAM, Privileged Access Management Solutions (PAM), SailPoint, and Ping Federation. I worked on supporting user life management in Okta. Additionally, I configured the Single Sign-On (SSO) service for applications integrated in Okta. Worked on Okta to set up SSO for OIDC and SAML applications. Configured Okta SSO with internal and external applications. Configured multiple MFA factors to use with Okta. Worked on configuring OAuth 2.0 and SAML applications in Okta. Worked on integrating Active Directory with Okta as a directory service. Used Okta as an access management solution. Experience in the installation of PingFederate 9.X. Worked on PingFederation for Multi-Factor Authentication in Dev and Prod environments, and worked on PingFederation to set up SSO. I worked on CyberArk to use it as a privileged account and password vault. Performed password job runs, and maintained scheduled reset password activities for privileged accounts in CyberArk. Configured CA Siteminder as an Identity Provider and Service Provider with HTTP-POST and HTTP-Artifact Profiles. Integrated CA Privileged Access Manager with CA IDM for more access control and management of privileged user password management. Configured various federation features, like encryption, signing, attribute mapping, SSO, and SLO. Worked on various Siteminder authentication schemes, such as HTML forms, SAML 2.0 templates, and also custom-based schemas. Good experience in troubleshooting the issues related to Siteminder, Federation, directory service components, and expertise in troubleshooting SAML 2.0 Federation-related issues. Installed CA Siteminder R12 and CA SOA WAM-UI on Windows-based servers. I installed the SOA Agent by setting up IIS in the JBoss application server, and I also configured the SOA Agent configuration. Experience in upgrading Webagent to SOA Webagent. Deployed Siteminder Web Agents on various web servers, like Apache 2.x, IIS 6.0, and IIS 7.x. Web Agent Option Pack on the app server, like Servlet Exec, and troubleshooting the issues encountered during the registration. Configured CA Siteminder to use customized databases for user authentication. Installed the web agent option pack in login servers supported for federation, affweb services. Installing the SOA Webservice client (DCC) to support web service calls with Siteminder integration. Importing the IAM certificate file to the SM-Key database. Using SOAP UI to check responses from web service calls protected by Siteminder. Performing a policy store SMDIF backup by implementing scheduled tasks to run the backup at a particular time. Integrating new applications in Siteminder, installing/configuring web agents across different web servers, and configuring cross-domain single sign-on (SSO) between the applications that are integrated with the policy server. I installed CA Identity Manager in a Windows-based environment and connected it with app servers and databases. Adding attributes to the IDM user store and IDM console as per the new requirement. Integrating CA IDM with CA SiteMinder. Using CA IDM for role-based access control. Having a very good understanding of CA Identity Minder policy, express/admin tasks, admin roles, and related CA IDM components. Configured CA IDM to a multi-stage approval process for approving user access role requests. Running scripts against the Oracle DB for deleting old, pending, and finished worklist items from the CA IDM console. Set up SAML 2.0 Identity Federation between various IDM products by performing individual research. Configuring ACIs for the functional IDs, and providing the read/write permissions on application-specific attributes. Configured Siteminder to use custom login pages for desktop SSO and Win SSO. Providing 24/7 support for applications integrated with Siteminder. Performed TAM/TFIM configurations and guided implementation and development teams as required. Implementing Federated SSO between the applications using the SAML 2.0 protocol and OpenID. Worked on VDS (Virtual Directory Service), which is used to connect one endpoint from multiple end systems, protecting applications with SSO and MFA, which are external-facing and internal-facing. Worked on Apache to create reverse proxies for hosting multiple applications on a single web server. Managing user entries by adding, modifying, and deleting user records using the LDAP commands. Good knowledge of directory services, like CA Directory R12.x and Active Directory. Good working knowledge in UNIX (Sun Solaris, Linux), and Windows 2003/2008 platforms. Knowledge of other IAM products, like Oracle Access Manager and OKTA Identity and Access Manager, and attended training on Saviynt Identity Governance and Administration (IGA).

Amgen, 04/01/22 to Present, Specialist Senior IAM Engineer, Implemented the OKTA solution, which is a cloud-based identity management and access management service., Worked on Okta Classic & Okta Identity Engine., Upgraded Okta version from Okta Classic to Okta OIE., Configuring SAML 2.0 in Okta for CyberArk Password Vault web access., Configured SP Initiated flow for CyberArk with Okta., I was responsible for developing password policies within Okta., Worked on checking Okta logs for user login support issues and MFA troubleshooting., Performed regular audits of user access rights to ensure minimal exposure to sensitive data., Monitored and reviewed Okta system logs to ensure that access control policies were enforced effectively., Tested and validated OIDC connections to ensure that security standards were met., Helped troubleshoot and resolve issues related to user access and permissions., Ensured correct token scopes and claims were passed during the OIDC flow., Identified and helped resolve issues caused by misconfigured redirect URIs in OIDC applications., Worked with Okta’s APIs to validate and troubleshoot OIDC authentication endpoints., Diagnosed and fixed errors in OIDC flow, such as incorrect token exchange or scope mismatches., Monitored OIDC logs to identify and resolve issues related to token issuance and validation., Automated the onboarding process by integrating JIT., Implemented and managed Just-In-Time (JIT) provisioning in Okta to streamline user account creation and enhance security., Ensured session policies aligned with organizational security requirements., Supported troubleshooting and resolution of session-related issues., Configured application-specific authentication policies in Okta., Defined and implemented security policies for specific applications., Configured and managed global session policies across Okta., Troubleshot synchronization issues between Okta and AD., Monitored import jobs status to ensure successful execution and completion., Scheduled regular imports of user and group data from Active Directory., Provided reports on application usage and rate limit status., Installed and configured the Okta agent in the AD server., Monitored application rate limits to ensure optimal system performance., Analyzed application logs to detect potential rate limit violations., Utilized SAML Tracer to capture and analyze SAML requests and responses., Identified and resolved SAML authentication issues using decoded responses., Worked with stakeholders to troubleshoot and debug SSO-related issues., Configured user and group attributes information in SAML assertions for applications., Ensured the metadata export contained accurate configuration details., Shared metadata files to maintain secure communication between systems., Provided Okta certificates to partners and clients for integration., Providing Metadata to SP during SAML configuration., Worked on integrating SWA applications with Okta., Configuring multi-factor authentication to privileged accounts via Okta., Privileged accounts are given access with OKTA Multi-Factor Authentication., Installed Okta’s Active Directory agent to integrate AD with Okta., Worked on configuring Microsoft Office 365 with Okta., Integrated multiple applications into Okta using methods of SSO like SWA, SAML, OIDC and OAuth 2.0., Configuring a custom authorization server for OAuth applications., Configuring scopes, claims and policies for OIDC applications., Creating APIs in Okta for supporting API calls., Worked on providing administrative roles to application-specific service accounts in the Okta application., Created multi-factor authentication policies based on user location and groups., Worked on creating rules and sign-on policies for applications., Integrated internal applications using SAML and SWA., Integrated Okta with other external applications to allow users from external applications to access internal applications using SAML., Managed Okta groups, applications groups, and AD groups., Worked on troubleshooting SAML applications using SAML trace and Fiddler., Worked on monitoring and tracing issues in Okta., Manage CyberArk operations for privileged account and password management vault., Recovering passwords from CyberArk for privileged account logins., Running jobs for password-expired privileged accounts in CyberArk and making sure accounts are active., Worked on integrating CyberArk with Active Directory as a directory source., Working on Service now tickets and Service tasks and meeting SLAs., Ensured compliance with security policies while managing user access and permissions., Additionally, collaborated with cross-functional teams to streamline operations and enhance overall efficiency in the password management process. Blue Cross Blue Shield Louisiana (BCBSLA), 01/01/16 to 05/31/17, SR. Security Analyst, Requirement Analysis of the specifications provided by the client., Deployed IAM solutions from the scratch and build up IAM solution to the applications., Installed CA Siteminder and CA Identity Manager and integrated., Installed CA Federation manager from the scratch., Worked on upgrading siteminder agent from R12.0 to R12.5., Installation of webagent and configuring webagent on webserver., Worked on webagent configuration files and webagent logs., Collecting requirements and preparing test cases for upgrades., Upgrading CA siteminder policy server from R12.0 to R12.5., Worked on creating super admin account., Worked on checking siteminder services in IIS and Apache., Monitoring siteminder and webserver, webagent logs for any issues., Experience in configuration and administration of Site Minder Policy Servers, Policy Stores and User Stores created in Sun One Directory server (LDAP)., Worked on integrating custom login pages with Siteminder., Worked on CA Identity Manager for creating workflows and roles., Checking CA Identity Manager logs., Co-ordinating with Windows teams for secure Installation of agents and policy servers., Worked on checking for lasts version of CA Siteminder and CA Identity manager., Creation of trusted hosts, host configuration objects, agents, agent groups, and agent configuration objects, and implementation of trusted host registrations., Creation of application based Domains, Realms, Rules, Policies and Responses., Creation and assignment of user directory repositories to domains., Creation of Form based authentication schemes to identify and personalize content according to the user & customer groups., Creation of Certificate Based Authentication Scheme and assigning it to various Realms as per the business need. MasterCard (MC), 08/01/15 to 12/31/16, SR. Security Analyst, Provide operational support for (TAM / TFIM / TDS – installation/Configuration & Administration)., Provide day to day support for operations related to TAM / TFIM – administration, troubleshooting, and resolution., Execute command line utilities on various platforms including Unix, Linux, HP Non-stop (Tandem), Mainframe, and MS Windows., Perform TAM / TFIM configurations and guide implementation / development teams as required., Administrative support of user life cycle and access management (create, suspend, modify) in ITIM and TAM., Processing the To-Do-List based on the requests raised to create, suspend, modify user accounts in TIM and provide access to various applications based on organization roles., Perform incident, problem, change management -Troubleshooting, Investigating operational problems and provide work around and resolution /remediation., Provide technical support to end user access issues or application teams /developer., Performing scheduled maintenance activities such as patching, backups etc as required., Monitor the Tivoli infrastructure environment for operational effectiveness., Coordinate activities with various stakeholders like Development team, Business team, Infrastructure team and offshore team., Implemented Tivoli Federated SAML 2.0 to the applications integrated., On boarding SAML applications. Sony Electronics (SEL), 01/01/13 to 07/31/15, IAM Engineer, End to End Identity and Privileged Access management support of all B2B, B2C and Internal applications., Implementing Identity and Access Management solutions for Business applications., Installing Siteminder components and troubleshooting issues encountered during the setup., Implementing Federated SSO between SEL IDP to Different partners., Implementing SAML Federation features like Encryption, Signing, Attribute Mapping, User consents., Implementing the SAML Federation setup changes in sandbox environment before going to the Production., Protecting applications with Siteminder and troubleshooting the issues related to the Siteminder., Setting up SAML Federations in SEL Environment and troubleshooting configuration issues., Working with team to get the requirements to build new environment., Troubleshooting the federation related issues by analyzing the FWS-trace logs and coordinating with federated teams to resolve the issues., Expertise in installation, configuration, deployment and maintenance of Siteminder components like the policy server, web agents, Policy store and key store., Implemented PAM solutions to secure root and administrator passwords securing policies and monitoring privileged user activity., Experience in working with various web application development teams to explain the technologies and help them integrate with SSO environments., This response types are for Webagent responses and affiliate responses., Updating the expired SSL certificates used for signing and encryption., Daily Health check on Dev, Sandbox, Production Servers., Installing webagent option pack on webservers or application servers for enabling federation security services., Working on SAML federation services to use features like SAML 2.0, Federation web services (FWS), SAML Affiliate Agent., Exchanging user information between partners in a secure fashion., Controlling access to resources bases upon user information received from a partner., Providing SSO based on User Attributes., Installed CA IDM in server where we have policy server, JBoss installed and configured., Deploying EAR or WAR files into JBoss directory where CA IDM installed., Starting console from bin directory after CA IDM installed., Access task creation by using CA IDM console., Access role creation by using access task above., Creating Admin task and selecting multistage approve process., Copying Email Templates to pending folder in deployed directory., After installing CA IDM configuring task persistence, Workflow, Workpoint and Email notification., Working on Virtual Directory Services which is deployed with Siteminder for connecting various resources like Siteminder, AD, LDAP, CA IDM., Using CA IDM to create roles that contains tasks to maintain objects., Using Identity Minder creating access roles for user access of applications managed by Siteminder., Configured access roles in Siteminder to enforce policies and roles for the specific application., Configuring internal applications to use Windows based authentication for providing user access to SONY provisioned systems without prompting login credentials., Worked on CA IDM to create different kind of roles for administrators to manage users, for managing the administrator’s, for managing admin roles, for managing access roles., Using CA IDM to manage user accounts by assigning roles to accounts and resetting passwords., Assigning admin roles to delegate access to role administrators., Querying Oracle databases to fetch Siteminder audit logs for troubleshooting Siteminder authentication and authorization issues., Connecting oracle databases using SQL queries and fetching logs related to both Siteminder and CA IDM., Working on application’s which are integrated with Siteminder which are external and Internal., Providing 24/7 support for application’s which are in external facing like B2B and B2C and Internal applications., Creating enhancement requirements for performing any new Integration or changes in applications.

• Attended Saviynt Identity Governance and Administration (IGA) 1.0 training session.
• Attended training sessions on Okta Identity and Access management.
• Knowledge on Oracle Identity and Access management.