Senior IAM Consultant | IGA & PAM

Specialist
Bharat Chandra B

 [email protected]  (551) 227-3241.

 Experience in Identity and Access Management (IAM) and Access Management processes with over 7 years contributing
across all stages of IAM solution lifecycles, including Core Access Management (AM), from strategy and assessment to
configuration, validation, deployment, and optimization across Microsoft, Azure, Okta, and AWS-based platforms.
 Proficient in implementing Identity Providers (IdPs) and access management solutions using Okta, Azure AD, and AWS
IAM, leveraging centralized authentication, OAuth 2.0, OIDC, and SAML 2.0 for seamless SSO, federation, and secure
API access.
 Experience with IAM platforms such as Okta UniversalDirectory, Okta CIAM, PingIdentity, Auth0, SailPoint IdentityNow,
SailPoint IdentityIQ, ForgeRock, and Saviynt, ensuring seamless Role-Based Access Control (RBAC), Role Engineering,
Entitlement Management, and SoD Enforcement & Analysis as part of Identity Governance & Administration (IGA) with
OAuth and SSO integration capabilities
 Designed hybrid identity environments by integrating On-Premises Active Directory (AD) with cloud IdPs, using
Microsoft Identity Manager (MIM) for real-time sync and deprovisioning, and enabling LDAP/Kerberos support for
legacy systems.
 Architected Core Access Management (AM) models leveraging Okta Universal Directory, Okta Access Policies,
Conditional Access, and Risk-Based Authentication (RBA) for granular user control, step-up auth, and contextual MFA
enforcement.
 Implemented and managed IGA platforms such as SailPoint IdentityNow and SailPoint IdentityIQ, developing end-to-end
governance workflows integrated with Okta and Azure AD for role assignment, policy enforcement, and compliance.
 Built scalable IGA frameworks using Role-Based Access Control (RBAC), entitlement management, delegated
administration, and Access Certification Campaigns with automated SoD checks and orphan account reconciliation.
 Deployed enterprise Privileged Access Management (PAM) solutions with CyberArk, BeyondTrust and Delinea
implementing Enterprise Password Vault (EPV), Privileged Session Manager (PSM), automated account
onboarding/offboarding.
 Engineered Secrets Management strategies using CyberArk AIM, HashiCorp Vault, and BeyondTrust Password Safe,
enabling secure CI/CD integration with dynamic secret rotation and API-based secure storage.
 Developed Core PAM architectures featuring Just-In-Time (JIT) access, Break-Glass procedures, ephemeral credentials,
and Privileged Session Monitoring, ensuring full auditability and least-privilege enforcement.
 Designed and deployed Okta CIAM solutions for B2C/B2B flows, implementing Self-Service Registration, Social Login,
and Passwordless Authentication using FIDO2/WebAuthn, tailored for compliance-driven user journeys.
 Architected Core CIAM features such as Progressive Profiling, Adaptive MFA, and integration with identity proofing
tools like Acuant and Socure, alongside Consent & Preference Management for GDPR/CCPA adherence.
 Proficient in Authentication and Federation Protocols, implementing SAML 2.0, OpenID Connect (OIDC) for SSO, and
OAuth 2.0 for delegated API access, with legacy support via LDAP and Kerberos.
 Built standards-based Provisioning and Authorization systems using SCIM, Microsoft Graph API, and RESTful APIs
(JSON/JWT), leveraging X.509 certificates and PKI for secure identity transport.
 Aligned IAM implementations with GRC frameworks such as NIST SP 800-53, SP 800-63, and Cybersecurity
Framework (CSF), embedding identity-centric controls in accordance with Zero Trust Architecture (ZTA) principles.
 Established centralized IAM log monitoring and alerting pipelines to Splunk and Azure Sentinel, integrating UEBA for
behavioral analysis and feeding structured audit data into enterprise GRC tools for compliance tracking.
 Designed and managed Cloud IAM ecosystems across AWS and Azure, configuring Azure RBAC, Cross-Account IAM
Roles, Control Tower, and B2B/B2C federations for secure hybrid identity access.
 Leveraged Low-Code automation with Okta Workflows for identity lifecycle triggers, and custom-built automation using
PowerShell and Python SDKs for compliance checks, bulk provisioning, and directory sync.
 Engineered IAM Infrastructure as Code (IaC) using Terraform and Ansible, integrating with Jenkins and Azure
DevOps to automate provisioning, policy enforcement, and configuration of IAM systems in CI/CD pipelines.
 Education & Certifications
Degree University

B.Tech(CS) Acharya Nagarjuna University, India

Okta Certified Administrator

Okta Certified Professional

Professional Experience
Fiserv Inc, Berkeley Heights, NJ | Period: Mar 2023 - Current
Role: Senior IAM Developer

 Designed and deployed CIAM platforms using ForgeRock Identity Gateway for external customer access and Okta for
workforce SSO, ensuring clear separation between B2C and internal user journeys across regulated financial services.
 Built a hybrid identity architecture integrating on-prem Active Directory (AD) with ForgeRock Directory Services and
Microsoft Identity Manager (MIM), while leveraging the Okta LDAP Interface for cloud-first application access to
centralize authentication paths.
 Implemented enterprise-grade Access Management using ForgeRock AM for B2C services and Okta for internal apps,
applying Risk-Based MFA, Step-Up Authentication, and Okta Conditional Access Policies aligned with least-privilege
principles.
 Established a scalable CIAM backbone using ForgeRock Identity Platform integrated with AWS IAM for financial
transactions, focusing on customer identity orchestration, ABAC policies, and audit-readiness.
 Delivered modern CIAM capabilities such as Self-Service Registration, Social Login, Progressive Profiling, and
Passwordless Authentication (WebAuthn/FIDO2), utilizing ForgeRock Intelligent Access Trees to customize secure and
low-friction onboarding flows.
 Integrated federation protocols—SAML 2.0, OAuth 2.0, OIDC—using Okta as a central identity broker for SaaS
applications (e.g., ServiceNow, Salesforce, Workday) while employing ForgeRock Gateway to bridge legacy apps via
LDAP and Kerberos.
 Engineered standards-compliant identity flows using SCIM, JSON Web Tokens (JWT), REST APIs, and Okta Inline
Hooks; complemented with ForgeRock IDM connectors for real-time provisioning, deprovisioning, and access control
workflows.
 Defined IAM governance in AWS using IAM Identity Center, AWS Organizations, and AWS Control Tower, enforcing
ABAC policies with ForgeRock Directory Services for resource-level access control in hybrid cloud environments.
 Established secure integrations with AWS Directory Service, AWS Secrets Manager, and AWS Config to support
federated login scenarios, while decoupling Okta (for enterprise SaaS access) from ForgeRock (customer and legacy
identity domains).
 Aligned CIAM and IAM implementations with compliance mandates like GDPR, CCPA, ISO 27001, and NIST CSF by
automating Access Reviews and leveraging UEBA through AWS Config Rules and ForgeRock Audit Framework.
 Modernized IGA architecture by implementing a unified RBAC structure and automating identity lifecycle processes
using ForgeRock IDM for external identities and Okta Workflows for internal user roles—achieving cross-platform
consistency.
 Implemented Privileged Access Management (PAM) patterns using BeyondTrust for infrastructure-level access, and
extended PAM using ForgeRock’s Just-In-Time (JIT) provisioning and session tracking for elevated access control.
 Automated IAM infrastructure using Terraform and Ansible for secure provisioning, while orchestrating identity events
through AWS Lambda, PowerShell, and Python (Boto3) across ForgeRock IDM and Okta lifecycle hooks.
 Streamlined IAM operations using Okta Workflows and ForgeRock IDM scripts to automate group assignments, app
provisioning, and deactivation routines, with event-driven triggers calling AWS Lambda.

Environments: Okta Universal Directory, Okta CIAM, AWS IAM, Active Directory (AD),ForgeRock, Microsoft Identity
Manager (MIM), Okta LDAP Interface, AWS Directory Service, SSO, Risk-Based MFA, Okta Conditional Access Policies, Okta
CIC, Self-Service Registration, Social Login, Progressive Profiling, Passwordless Authentication, WebAuthn, FIDO2, Acuant,
Socure, OAuth 2.0, OIDC, SAML 2.0, Salesforce, Workday, ServiceNow, LDAP, Kerberos, X.509 PKI, SCIM, RESTful APIs,
JSON, JWT, Okta Hooks, AWS EventBridge, AWS Organizations, AWS Control Tower, IAM Identity Center, Secrets Manager,
AWS Config, AWS Config Rules, GDPR, CCPA, ISO 27001, NIST CSF, RBAC, Okta Workflows, AWS Lambda, BeyondTrust,
Terraform, Ansible, Jenkins, PowerShell, Python, Boto3, AWS Step Functions
JPMorgan Chase, New York, NY || Period: July 2019 - Sep 2021
Role: Senior IAM Engineer

 Co-architected a centralized Identity Provider (IdP) solution integrating Okta, Azure AD, and on-premises Active
Directory (AD) to support a unified Zero Trust Architecture, securing access to sensitive financial applications and data.
 Engineered a highly available hybrid directory framework to synchronize thousands of identities between legacy AD and
cloud IdPs. This new architecture achieved 99.9% sync uptime and cut identity-related helpdesk tickets by 30%,
ensuring stable access to critical financial applications.
 Implemented foundational Access Management (AM) controls, deploying SSO, Adaptive MFA, Conditional Access
Policies, and Risk-Based Authentication (RBA) to harden access to critical financial systems.
 Architected and deployed a scalable CIAM platform using Okta CIAM integrated with JPMC’S internal IAM tools.,
capable of managing millions of customer identities for high-volume B2C financial transactions.
 Delivered a secure and compliant customer experience through Passwordless Authentication (FIDO2/WebAuthn), Social
Login, and Consent & Preference Management for GDPR and CCPA compliance.
 Designed and implemented Federation solutions using SAML 2.0, OIDC, and WS-Federation, enabling SSO across a
wide SaaS portfolio including Salesforce, Workday, and ServiceNow.
 Automated identity lifecycle using SCIM, Microsoft Graph API, JWT, and X.509 PKI, enabling secure provisioning and
deprovisioning across Microsoft 365 and enterprise SaaS environments.
 Developed a resilient multi-cloud identity architecture using Okta as a central federation broker between Azure AD and
AWS IAM, applying consistent Cloud Entitlement & Federation Patterns.
 Managed Azure AD / Entra ID for Microsoft 365 security, enforcing RBAC, Conditional Access, and B2B federation,
while leveraging Azure Policy and Information Protection for cloud governance.
 Ensured regulatory alignment with SOX, GDPR, CCPA, ISO 27001, and NIST, integrating IAM dashboards with GRC
tools to support audits, real-time compliance, and reporting.
 Led Identity Governance (IGA) efforts by building RBAC models, conducting Role Engineering, and automating Access
Reviews and Certifications via Saviynt and Okta Workflows.
 Built and operated an enterprise-grade Privileged Access Management (PAM) program using the CyberArk suite (EPV,
PSM, AIM) to manage vaulting, Break Glass access, and approval workflows.
 Delivered Automation & DevOps capabilities using Terraform, Ansible, and Jenkins CI/CD pipelines, scripting in
Python and PowerShell to deploy and manage IAM configurations.
 Leveraged Okta Workflows for Low-Code IAM automation, developing flows for attestation campaigns, entitlement
validations, and event-driven access controls to increase operational agility.

Environments: Okta, Azure AD, Active Directory (AD), Zero Trust Architecture, LDAP, SCIM, RESTful APIs, SSO,
Adaptive MFA, Conditional Access Policies, Risk-Based Authentication (RBA), Okta CIAM, JPMC Internal IAM tools,
Passwordless Authentication, FIDO2, WebAuthn, Social Login, Consent & Preference Management, GDPR, CCPA, SAML 2.0,
OIDC, WS-Federation, Salesforce, Workday, ServiceNow, ForgeRock,Microsoft Graph API, JWT, X.509 PKI, Microsoft 365,
Okta Federation Broker, AWS IAM, Cloud Entitlement Patterns, Federation Patterns, Entra ID, RBAC, B2B Federation, Azure
Policy, Azure Information Protection, SOX, ISO 27001, NIST, IAM Dashboards, GRC Tools, Saviynt, Okta Workflows,
CyberArk, CyberArk EPV, CyberArk PSM, CyberArk AIM, Break Glass Access, Terraform, Ansible, Jenkins, Python,
PowerShell

Ally Technologies, New Delhi, India || Period: Apr 2017 - May 2018
Role: Okta IAM Developer

 Led the implementation of the enterprise Identity Provider (IdP) by integrating Okta, Azure AD, and on-premises Active
Directory (AD) into a unified identity control plane, securing access across hybrid environments for internal and SaaS
applications.
 Managed hybrid identity synchronization using Microsoft Identity Manager (MIM) and Okta Universal Directory,
ensuring attribute consistency and secure propagation across AD, Azure AD, and cloud platforms.
 Engineered enterprise-wide Access Management policies, implementing SSO via SAML 2.0 and OIDC, enforcing
Adaptive MFA, and introducing Step-Up Authentication for sensitive financial applications.
 Architected and integrated Okta CIAM for external customer and partner portals, building a scalable, secure CIAM
infrastructure supporting both B2C and B2B federation patterns.
 Delivered modern CIAM capabilities such as Self-Service Registration, Progressive Profiling, Consent Management,
and early adoption of Passwordless Authentication—ensuring compliance with GDPR and improved customer
engagement.
 Established secure identity federation bridges using SAML, OAuth 2.0, and OIDC, enabling multi-tenant SaaS access,
secure API authentication, and third-party identity trust for mobile and web apps.
 Built automated provisioning frameworks using SCIM, Microsoft Graph API, and custom REST APIs for integration with
Salesforce, Workday, and Office 365, improving accuracy and lifecycle efficiency.
 Designed cross-cloud federation and IAM strategies, connecting Okta to AWS IAM and Azure AD, enabling secure
cross-account access and trust boundary enforcement for developers and workloads.
 Managed identity governance for major SaaS platforms via Okta Workflows and SCIM, maintaining entitlement alignment
through automated synchronization based on role and employment status.
 Administered and secured Azure AD / Entra ID, designing Conditional Access Policies, managing external collaboration
via B2B federation, and applying RBAC across the Microsoft 365 ecosystem.
 Implemented governance and compliance controls by integrating IAM telemetry with GRC dashboards, enabling audit
readiness for GDPR and ISO 27001 through automated reporting and evidence collection.
 Engineered the enterprise IGA framework using RBAC models, and automated Access Review Campaigns with SailPoint
IdentityNow, ensuring periodic recertification and least-privilege enforcement.
 Led PAM adoption using BeyondTrust, implementing credential vaulting, high-privilege access workflows, and
approval chains to protect sensitive systems and automate secrets management in DevOps pipelines.
 Built CI/CD identity automation pipelines using Jenkins, Terraform, and Ansible, and developed automation SDKs in
Java and PowerShell to streamline provisioning, deprovisioning, and Okta API workflows.

Environments: Okta, Azure AD, Active Directory (AD), Identity Provider (IdP), Microsoft Identity Manager (MIM), Okta
Universal Directory, SAML 2.0, OIDC, Adaptive MFA, Step-Up Authentication, Okta CIAM, Self-Service Registration,
Progressive Profiling, Consent Management, Passwordless Authentication, GDPR, OAuth 2.0, Multi-Tenant SaaS, Secure API
Authentication, SCIM, Microsoft Graph API, REST APIs, Salesforce, Workday, Office 365, AWS IAM, B2B Federation,
Conditional Access Policies, RBAC, Microsoft 365, Entra ID, GRC Dashboards, ISO 27001, SailPoint IdentityNow, RBAC
Models, Access Review Campaigns, BeyondTrust, Credential Vaulting, Secrets Management, DevOps Pipelines, Jenkins,
Terraform, Ansible, Java, PowerShell, Okta API Workflows

Atos Syntel, Bangalore, India || Period: Mar 2016 - Apr 2017

 Designed identity architectures for enterprise clients by embedding Okta as the core Identity Provider, integrating with
Active Directory (AD), and implementing foundational Access Management (AM) capabilities like SSO and MFA for
AWS-migrated applications.
 Built secure hybrid directory integrations by connecting on-prem AD with AWS Directory Service and Okta AD agents,
enabling centralized identity control and secure authentication for users accessing AWS-native and third-party systems.
 Configured federated SSO to AWS Management Console using Okta, along with risk-based access policies and step-up
MFA, to protect sensitive workloads and ensure secure console access for privileged users.
 Established identity federation using SAML 2.0, OAuth 2.0, and OpenID Connect (OIDC) for integrating both SaaS and
custom apps, enabling seamless access across hybrid cloud boundaries and enforcing secure trust relationships.
 Developed lifecycle automation pipelines using SCIM, RESTful APIs, and custom scripting in Python (Boto3) and
PowerShell, facilitating provisioning and deprovisioning across Okta and AWS IAM environments.
 Delivered a compliant cloud security model for a major financial client by aligning their AWS and Okta IAM
configurations with SOX and ISO 27001. The automated audit controls I implemented reduced audit evidence collection
time by over 75%, leading to successful and efficient compliance reviews.
 Defined secure AWS IAM policies and roles across multi-account environments, creating Cross-Account Access patterns
to support delegated administration, application integration, and workload isolation across client AWS estates.
 Established centralized Password Management and recovery flows via Okta and ForgeRock, ensuring secure
and
compliant credential handling across enterprise systems.
 Deployed lightweight CIAM platforms using Okta CIAM and AWS Cognito, enabling scalable, secure identity solutions
for client-facing B2C applications hosted entirely in AWS.
 Deployed Delinea for PAM with credential vaulting, approval workflows, and secrets management, integrated into
DevOps pipelines using Jenkins and PowerShell.
 Enabled customer-centric features such as Self-Service Registration, Social Login, and Secure Onboarding Flows using
AWS Cognito, reducing onboarding friction while maintaining identity assurance.
 Automated IAM workflows using Python and PowerShell, integrated into CI/CD pipelines via Jenkins, and deployed
AWS resources with CloudFormation to ensure infrastructure security and repeatability through Infrastructure as Code.

Environments: Okta, Active Directory (AD), Access Management (AM), SSO, MFA, AWS, AWS Directory Service, Okta
AD Agents, AWS Management Console, Risk-Based Access Policies, Step-Up MFA, SAML 2.0, OAuth 2.0, OpenID Connect
(OIDC), SaaS, SCIM, RESTful APIs, Python, Boto3, PowerShell, AWS IAM, SOX, ISO 27001, SailPoint IdentityIQ,ForgeRock
Access Review Campaigns, IAM Policies, Cross-Account Access, CIAM, Okta CIAM, AWS Cognito, Delinea, Self-Service
Registration, Social Login, Secure Onboarding Flows, Jenkins, CloudFormation, Infrastructure as Code

Infosys, Bangalore, India || Period: Feb 2015 - Jan 2016

 Contributed to Okta Identity Provider (IdP) configuration for client implementations by assisting in integrations with
Microsoft services, such as Active Directory Federation Services (ADFS), gaining foundational knowledge in enterprise
identity platforms.
 Supported hybrid identity enablement by assisting in directory synchronization between on-premises Active Directory
(AD) and Azure AD using tools like DirSync, ensuring seamless identity propagation to cloud environments.
 Assisted in configuring SSO and MFA policies for Microsoft-based applications under supervision, helping enforce
foundational access control measures aligned with organizational policies.
 Participated in federated identity integration efforts by assisting with SAML 2.0 and WS-Federation configurations for
Microsoft cloud applications, contributing to secure, seamless user access across services.
 Learned to work with RESTful APIs and JSON/XML formats for identity data synchronization and supported X.509
certificate management for securing communication between IAM components.
 Assisted with early-stage SaaS identity integrations involving Microsoft Azure and federated trusts between on-prem
systems and cloud services, supporting foundational cloud identity use cases for clients.
 Supported the deployment of Okta CIAM for a web application hosted on Azure, helping to secure customer-facing
authentication and gaining practical exposure to B2C identity architectures.
 Helped implement CIAM features such as Self-Service Registration and basic login experiences, learning the processes
behind user onboarding and external identity flows.
 Observed and supported PAM setup using CyberArk, learning how to manage, vault, and secure privileged credentials
critical to client infrastructure security.
 Assisted with manual Access Review exercises and RBAC documentation during identity governance projects using
SailPoint, supporting audit readiness and helping define access roles.
 Wrote and executed basic PowerShell scripts to automate tasks such as user creation and group management in Active
Directory, supporting the team’s efforts in day-to-day IAM operations.

Environments: Okta, Identity Provider (IdP), Microsoft, Active Directory Federation Services (ADFS), Active Directory
(AD), Azure AD, DirSync, SSO, MFA, SAML 2.0, WS-Federation, Microsoft Cloud Applications, RESTful APIs, JSON, XML,
X.509 Certificates, Microsoft Azure, Federated Trusts, Okta CIAM, Self-Service Registration, CyberArk, Privileged Credentials
Vaulting, SailPoint, Access Review, RBAC, PowerShell