Sandeep Kumar

Project : Unified Access for Enterprise Applications & Cloud Integration for Global Enterprise :Centralize user identity data from disparate sources to streamline authentication and access.Enhance security through consistent access controls and Simplify access management for a globally distributed workforce.Simplify user onboarding and offboarding processes. Enable secure access to cloud resources while maintaining on-premises identity sources.We have a user id password that we can use to pull data from 3 different sources. We can use a service account (used for SailPoint) to connect and read all data.

Responsibility: 1. Implement Radiant Logic VDS to create a unified identity layer. Develop a comprehensive data mapping strategy to harmonize attributes. Integrate Radiant Logic VDS as an identity bridge between on-premises and cloud environments.

2. Installation and configuration of VDS components: a) Virtual Directory Server (RadiantOne FID v7.2.X) b) Glassfish Application Server c) Identity Correlation and Synchronization (ICS) d) Control Panel e) Open MQ (Message Queue) f) Jetty Application Server g) ZooKeeper (ZK) And Migration of VDS from one environment to another.

3. VDS Server certificates Management. Update data source configurations, Configure cache connectors, Build cache and Provide L2 & L3 support like- a) Start and Stop VDS Services b) Virtual Directory Patching c) Virtual Directory Memory Tuning and Optimization d) update LDAP settings in VDS e) Cache Refresh Connectors and VDS Health Check

4.Development, Installing, Managing, and Migrating the PingDirectory Component.Development, Installing, Managing, and Migrating the Pingfederate components.Install PingDirectory data source plugin from the Grafana Plugin Repository.Developed and Implemented Oauth 2.0 with different Grant Types on Ping Federate acting as Authorization Server to support Web service based SSO and Mobile based apps. Configured policies, realms, rules, responses for more than 1000 applications and configuring them to work under SSO

environment. Implemented and configured both IDP & SP connections using PingFederate (SAML). Experience with modern authentication protocols including SAML, OpenID (OIDC), and OAuth. Experience in setting up SSO Environment for PingFederate, and PingAccess. PF as Auth server and PA as Resource server protecting API components.

Production Support & Application Maintenance: Troubleshooting the issues on a daily basis and providing the root cause which may result in any configuration changes to avoid re-occurrence and Coordination with other team like (Cisco , SSO Team,Certification team,Network Team, PAM Team ,IDM Team) where required to resolve all issues within agreed time.

Capgemini IDaas PING CCP-MSSP:

Capgemini's Identity as a Service (IDaaS) will provide a subscription-based service to our customers to cover the principal areas of identity and access management (IAM).Capgemini IDaaS capability will more generally permit authorized, authenticated access for users, typically customer employees and Capgemini users. These users are stored locally in 2 Separate Active Directory. The users will be synced to Ping Directory which will act as single source of Identity for all IDAAS entities and DOP.In IDaas plateform, we have four customer, ccp , idaas , Dop and Qrader.IDaas develope services like:
1.Application Onborading
2. Implementation of joiner and leaver
3. Implementation on access review
4. Implementation of authentication services for users.

Responsibilities :
1.Managed a team of 8+ to gather requirement for Infra Support.Have interacted with diverse set of customers from Europe and US.
2.Responsible for preparing HLD/LLD documentation for each application and also created new SOP’s, SIEM process management and provide response to RFPs.

3.Development, Installing, Managing, and Migrating the PingDirectory/Pingfederate components (like the Adapters, Selectors, Policies, PCV, LDAP Datastores)and MS-PKI Encryption.

4.Worked on Enabling the Self Password Reset feature and Account Recovery in PingFederate & enabling the Selfregistration of the users who are in Customer base.

5.Worked on Migrating the users from one Directory to Pingdirectory using Pingdata sync pipe.

6.Installing, Radiant Logic Virtual directory server (VDS) configuration of backend data sources (LDAP/DB etc) deployment of cache,connectors and views in Dev, Stage & Production environment.

7. Worked on creating the PingID PCV for the citrix client.Created IDP connections using OAuth, SAML 2.0, WS-FED and Deployed configuration for the Service-Now Application.

8. Worked in Implementing MFA in Pingfederate using DUO and Pingid MFA and also work on MFA related issues (Authentication failure, OTP not received, Device Pairing, Replace Device),Validate Pingfederate Admin console URL status & Ping Directory Admin console.
9.. Provided L2 and L3 Support Like applying patches, health check reports ,Incident management,RCA analysis, SAML Trace, Server log files for troubleshooting the error Monitoring, fixing and enhancing the tool as per requirements from clint side.
10.Experience in working with various Lifecycle events, Access Requests, Application Integration, configuration of Self Service Password Management Activities, Application Onboarding and Regulatory Governance (Certification).
11.As per business requirement, we have generated a custom Shell-Python-Perl Script for all Job related Process Like Import/Export user onboarding, configuring the automation of transferring the logs from Cloudwatch to S3 bucket ,alerting/monitoring the servers & services.

NDI (NBCUniversal Directory Infrastructure) & CDI (Corporate Directory Infrastructure ):NDI(NBCUniversal Directory Infrastructure) that holds identity information of Employee and contractor. NDI act as an identity provider for NBC Identity Management.We received feed from different HR (i.e. SAP,Comcast,USJ,etc.) into flat file which is pipe separated. We have schedule jobs for different HR at our end which calls shell job and which thereafter calls the Perl Script and loaded the data into NDI. A Meta Directory system MDS provides for the flow of data between one or more Directory services and databases, in order to maintain synchronization of that data, and is an important part of Identity management systems. The data from source to destination flows through channel known as Connector. As per the requirement we have set some rules in connector which allow specific data to flow.We are having PingDirectory to store data in a Directory. It is able to protect sensitive identity data from breach, and flexible enough to store unstructured data and allow all applications to easily access user data when they need it.Apart from this we are using VDS(RadiantLogic FID) as a standard edition/Cluster based in our project. As per the requirement from some client they need data/attribute from Different sources i.e. NDI, Exchange, AD so they have to hit different server again and again. So, to overcome this we are using VDS.We use different LDAP operation as per the requirement Add, delete Modify.

Responsibility:

1.Radiant Logic VDS FID:a)VDS Architecture/Workflow, Monitoring the VDS Services(Stop/Start VDS Directory Instance),Monitoring Connector(Start/Stop Connectors under VDS topology),Monitoring VDS Dashboards(CPU,Memory,Disk Space,Backend Ldap Connection) Manage Access((Creating ACI,Deleting ACI),Replication issues,Logs analysis, RCA analysis, Create View through data Source,Schema design.b)Configure access policies and expose custom views of
different data to different applications, at times exposing and at times writing to applications.

2.Ping Identity Product like PingDirectory, Pingfederate, PingAccess &
PingDatasync: a)Installation, Configuration, Deployment,

Administration, Trouble Shooting and Development of PingFederate, PingAccess, PingDirectory and PingDatasync, RCA analysis,Replication monitoring,Server monitoring,User Account Management (Account Lockout, Password Reset, Account expiry) ,Ping heartbeat testing,Validate application cluster management,Check connectivity of
data stores (Ping Directory),Validate servers CPU and Memory usage a)Worked in Implementing MFA in Pingfederate using DUO and Pingid MFA And also having experience in creating the sync between one Directory source to Another via Pingdatasync tool to migrate the users.b)Have experience with SAML 2.0 architecture to Provide Federation(IDP&SP)integration with 3rd party applications.c)Handling all the Ping related issues support the server operating systems,daily support(applying patches, health check reports and etc.).d)Policy creation and management using adapters & selectors. License and SSL certificate reneval and management and MS PKI Setup.

3.Perl- Python Migrations and Add Automating Scheduling Jobs/Services:Work on Python ,Django ,Perl ,LDAP, Shell, Pandas,Django,Rest API, Perform Enhancement in the logic by Changing the Perl to Python .Adding new Functionality(new module ,new report , new automated process, etc) & implementing business logic in designing various Jobs/Cron jobs/Connectors in production environment and managing them.

IRIS(Immediate Rights Information System)
Responsibility:1.Involved in installation, configuration, deployment, troubleshooting and implementation of Ping Product, Radaint Logic VDS.

2.POC done for Active Directory Federation services with Azure AD.

3.POC done for Azure AD integration with O365.Worked on Azure AD Connect to synchronize on premise AD to Azure AD.

4.Experienced with different aspects of architecture including application, data, security and infrastructure.

5.Knowledge of security technologies, including digital signature, encryption, and multi-factor authentication.

6.Product enhancement by developing modules in the application using Python ,Shell ,Ldap ,Django unix & LinuxData maintenance

(add/modify/delete using LDIFs, LDAP client and PERL script), Directory servers, Exchange servers, and other downstream servers.

Rheolution Inc. -ElastoSens X3 & TMM(THE MEDIA MONITOR)
ElastoViewTM is the user-friendly and intuitive software that runs ElastoSensTM X3.This software has been designed for food technologists,Soft Materials Testing Instruments.

Resposibility:

• Managing cache db, messaging protocol queue in Mqtt and mosquito broker,synchronous task in celery,determining, testing and resolution of live site issues and problems.
• Working with production support team , Execute change management activities ,Quality Control Analysis ,Developed code for intermediate to complex modules and following documentation.
• Experience with with Ldap, Ping Directory,Unbound ID,Python , IOT, Ldap, Mqtt ,Django, celery .Developing various process for ETL, server management and monitoring.

TMM(THE MEDIA MONITOR)
Media Monitors identifies trends in the medias presentation of output through analyses these trends, Media Monitors hopes to enhance the public understanding of the media and provide a mirror for the media to introspect on improving the quality of its content.Developing various process for ETL, server management and monitoring.
Experience in Python, IOT, Ldap, Mqtt, Django, Celery ,Aws Iam ,troubleshooting access and authorization issues with multiple application , support activities, Job monitoring, Execution, exception handling.

Calumet dental & Halehbnani :
Designed and develop web applications, user interface dashboard, site
management, Integrate RestApi & migration the database and model.
Making an app, Building applications in scripting language Python.
Working with Django ,ORM for fetching database. Working with database MySQL .Familiar with JSP ,Html5,CSS3,Media query and Bootstrap.

Sailpoint :Experience in SailPoint IdentityIQ product (Installation of product on different Web Server and Database,Custom Connector, Application On-Boarding, RBAM, LCM, Work Flow, Certification, Rules, Policy, Custom Support,Implementing Customer business requirement.

CyberArk :a)Experience in Implementation, installation and maintenance of CyberArk 9.6 & 9.8 PIM Suite,Installation of PVWA/PSM/CPM/Vault and Configuration of multiple Privilege accounts across the organization.b)Worked on Cyber Ark Enterprise Password Vault and PVWA Involved in application-toapplication credential management.

NetIQ eDirectory: Custome Schema design /deplyment withedirectory.Upgrade edirectory to 8.8.8 sp8 in 5 tress across Dev,STG AND PRD Run automated test via IDM Validator.SelF Service Password Reset, utilizing NetIQ SSPR servlet to create Password Recovery policy.Experience in Migrating NetIQ Access Manager to
Pingfederat.