Senior IAM Consultant | IGA & PAM

Specialist
Bharat Chandra B

 [email protected]  (551) 227-3241.

LinkedIn URL

 Experience in Identity and Access Management (IAM) and Access Management processes with over 7 years contributing
across all stages of IAM solution lifecycles, including Core Access Management (AM), from strategy and assessment to
configuration, validation, deployment, and optimization across Microsoft, Azure, Okta, and AWS-based platforms.
 Proficient in implementing Identity Providers (IdPs) and access management solutions using Okta, Azure AD, and AWS
IAM, leveraging centralized authentication, OAuth 2.0, OIDC, and SAML 2.0 for seamless SSO, federation, and secure
API access.
 Designed hybrid identity environments by integrating On-Premises Active Directory (AD) with cloud IdPs, using
Microsoft Identity Manager (MIM) for real-time sync and deprovisioning, and enabling LDAP/Kerberos support for
legacy systems.
 Architected Core Access Management (AM) models leveraging Okta Universal Directory, Okta Access Policies,
Conditional Access, and Risk-Based Authentication (RBA) for granular user control, step-up auth, and contextual MFA
enforcement.
 Implemented and managed IGA platforms such as SailPoint IdentityNow and SailPoint IdentityIQ, developing end-to-end
governance workflows integrated with Okta and Azure AD for role assignment, policy enforcement, and compliance.
 Built scalable IGA frameworks using Role-Based Access Control (RBAC), entitlement management, delegated
administration, and Access Certification Campaigns with automated SoD checks and orphan account reconciliation.
 Deployed enterprise Privileged Access Management (PAM) solutions with CyberArk, BeyondTrust, Delinea
implementing Enterprise Password Vault (EPV), Privileged Session Manager (PSM), and automated account
onboarding/offboarding.
 Engineered Secrets Management strategies using CyberArk AIM, HashiCorp Vault, and BeyondTrust Password Safe,
enabling secure CI/CD integration with dynamic secret rotation and API-based secure storage.
 Developed Core PAM architectures featuring Just-In-Time (JIT) access, Break-Glass procedures, ephemeral credentials,
and Privileged Session Monitoring, ensuring full auditability and least-privilege enforcement.
 Designed and deployed Okta CIAM solutions for B2C/B2B flows, implementing Self-Service Registration, Social Login,
and Passwordless Authentication using FIDO2/WebAuthn, tailored for compliance-driven user journeys.
 Architected Core CIAM features such as Progressive Profiling, Adaptive MFA, and integration with identity proofing
tools like Acuant and Socure, alongside Consent & Preference Management for GDPR/CCPA adherence.
 Proficient in Authentication and Federation Protocols, implementing SAML 2.0, OpenID Connect (OIDC) for SSO, and
OAuth 2.0 for delegated API access, with legacy support via LDAP and Kerberos.
 Built standards-based Provisioning and Authorization systems using SCIM, Microsoft Graph API, and RESTful APIs
(JSON/JWT), leveraging X.509 certificates and PKI for secure identity transport.
 Aligned IAM implementations with GRC frameworks such as NIST SP 800-53, SP 800-63, and Cybersecurity
Framework (CSF), embedding identity-centric controls in accordance with Zero Trust Architecture (ZTA) principles.
 Established centralized IAM log monitoring and alerting pipelines to Splunk and Azure Sentinel, integrating UEBA for
behavioral analysis and feeding structured audit data into enterprise GRC tools for compliance tracking.
 Designed and managed Cloud IAM ecosystems across AWS and Azure, configuring Azure RBAC, Cross-Account IAM
Roles, Control Tower, and B2B/B2C federations for secure hybrid identity access.
 Leveraged Low-Code automation with Okta Workflows for identity lifecycle triggers, and custom-built automation using
PowerShell and Python SDKs for compliance checks, bulk provisioning, and directory sync.
 Engineered IAM Infrastructure as Code (IaC) using Terraform and Ansible, integrating with Jenkins and Azure
DevOps to automate provisioning, policy enforcement, and configuration of IAM systems in CI/CD pipelines.

Education & Certifications

Degree University

B.Tech(CS) Acharya Nagarjuna University, India

 Certifications

Okta Certified Administrator

Okta Certified Professional

Professional Experience
Fiserv Inc, Berkeley Heights, NJ | Period: Mar 2023 - Current
Role: Senior IAM Developer

 Designed and operated core Identity Platforms including Okta Universal Directory for workforce identity and Okta
CIAM for customer-facing apps, while aligning these with enterprise IGA strategies and underlying AWS IAM architecture.
 Engineered Hybrid Directory Integrations by connecting On-Prem AD and Microsoft Identity Manager (MIM) with
Okta, using Okta LDAP Interface and AWS Directory Service for synchronized authentication across legacy and cloud.
 Implemented critical Access Management (AM) controls including SSO, Risk-Based MFA, and Okta Conditional Access
Policies, to secure high-risk financial workflows.
 Architected the firm’s CIAM platform using Okta CIC and AWS IAM, enabling secure, scalable handling of high-volume
customer identities and transactions in the financial domain.
 Delivered CIAM features like Self-Service Registration, Social Login, Progressive Profiling, Passwordless
Authentication (WebAuthn/FIDO2), and Identity Proofing via Acuant/Socure to enable compliant and low-friction user
journeys.
 Integrated modern authentication & federation protocols (OAuth 2.0, OIDC, SAML 2.0) for SaaS like Salesforce,
Workday, ServiceNow, and legacy systems using LDAP, Kerberos, and X.509 PKI.
 Integrated SailPoint IdentityNow with Okta and authoritative sources to orchestrate real-time user provisioning, access
remediation, and role-based entitlement flows across cloud and on-prem systems using JSON/JWT, SCIM and REST APIs.
 Designed and governed our enterprise AWS IAM environment using AWS Organizations, Control Tower, and IAM
Identity Center, enforcing cross-account access policies and financial compliance baselines.
 Managed secure integrations using AWS Directory Service, Secrets Manager, and AWS Config, enabling B2B/B2C
federation, secure credential management, and compliance tracking across cloud assets.
 Delivered automated Access Review and Certification campaigns using SailPoint IdentityNow, enabling periodic
attestations, SoD enforcement, and audit-ready compliance with GDPR, CCPA, ISO 27001, and NIST CSF.
 Integrated SailPoint IdentityNow with Okta to centralize identity governance and automate provisioning workflows,
enabling policy-based access certification, role mining, and real-time deprovisioning across cloud and on-prem applications.
 Redesigned the enterprise IGA strategy by implementing a SailPoint IdentityNow-based RBAC model and automating user
lifecycle events with SailPoint workflows and rules. Integrated with authoritative sources and downstream apps to reduce
provisioning errors by over 90% and cut new hire onboarding time from days to hours.
 Built and managed PAM controls using BeyondTrust and AWS Secrets Manager for vaulting and DevOps security,
implementing Break Glass procedures to secure critical infrastructure.
 Spearheaded Automation & DevOps initiatives by using Terraform, Ansible, and CI/CD pipelines via Jenkins, scripting
workflows in PowerShell, Python (Boto3), and AWS Step Functions.
 Leveraged Okta Workflows as a Low-Code automation platform to handle group management, deactivation logic, and
app entitlement provisioning, often calling AWS Lambda for complex tasks.

Environments: Okta Universal Directory, Okta CIAM, AWS IAM, Active Directory (AD), Microsoft Identity Manager
(MIM), Okta LDAP Interface, AWS Directory Service, SSO, Risk-Based MFA, Okta Conditional Access Policies, Okta CIC,
Self-Service Registration, Social Login, Progressive Profiling, Passwordless Authentication, WebAuthn, FIDO2, Acuant, Socure,
OAuth 2.0, OIDC, SAML 2.0, Salesforce, Workday, ServiceNow, LDAP, Kerberos, X.509 PKI, SCIM, RESTful APIs, JSON,
JWT, Okta Hooks, AWS EventBridge, AWS Organizations, AWS Control Tower, IAM Identity Center, Secrets Manager, AWS
Config, AWS Config Rules, GDPR, CCPA, ISO 27001, NIST CSF, RBAC,SainPoint IdentityNow, SailPoint Workflows, AWS
Lambda, BeyondTrust, Terraform, Ansible, Jenkins, PowerShell, Python, Boto3, AWS Step Functions

JPMorgan Chase, New York, NY || Period: July 2019 - Sep 2021

Role: Senior IAM Engineer

 Co-architected a centralized Identity Provider (IdP) solution integrating Okta, Azure AD, and on-premises Active
Directory (AD) to support a unified Zero Trust Architecture, securing access to sensitive financial applications and data.
 Engineered a highly available hybrid directory framework to synchronize thousands of identities between legacy AD and
cloud IdPs. This new architecture achieved 99.9% sync uptime and cut identity-related helpdesk tickets by 30%,
ensuring stable access to critical financial applications.
 Implemented foundational Access Management (AM) controls, deploying SSO, Adaptive MFA, Conditional Access
Policies, and Risk-Based Authentication (RBA) to harden access to critical financial systems.
 Architected and deployed a scalable CIAM platform using Okta CIAM integrated with JPMC’S internal IAM tools.,
capable of managing millions of customer identities for high-volume B2C financial transactions.
 Implemented Self-Service Password Reset (SSPR) and custom user journeys in Azure AD B2C, including custom policy
scripting for Conditional Access and user flow orchestration.
 Delivered a secure and compliant customer experience through Passwordless Authentication (FIDO2/WebAuthn), Social
Login, and Consent & Preference Management for GDPR and CCPA compliance.
 Designed and implemented Federation solutions using SAML 2.0, OIDC, and WS-Federation, enabling SSO across a
wide SaaS portfolio including Salesforce, Workday, and ServiceNow.
 Automated identity lifecycle processes (Joiner/Mover/Leaver) in SailPoint IdentityIQ, integrating with Microsoft 365 via
Graph API and SCIM to ensure timely provisioning, deprovisioning, and access alignment.
 Implemented SailPoint IdentityIQ to automate user provisioning, access certification, and role-based policy enforcement
across Azure AD and enterprise SaaS systems, reducing compliance risk and manual access errors.
 Managed Azure AD / Entra ID for Microsoft 365 security, enforcing RBAC, Conditional Access, and B2B federation,
while leveraging Azure Policy and Information Protection for cloud governance.
 Ensured regulatory alignment with SOX, GDPR, CCPA, ISO 27001, and NIST, integrating SailPoint IdentityIQ with
GRC tools to support audits, real-time compliance, and reporting.
 Implemented SailPoint IdentityIQ for centralized identity governance, enabling automated access reviews, policy-based role
assignments, and segregation of duties (SoD) enforcement across critical financial systems.
 Led Identity Governance (IGA) efforts by building RBAC models, conducting Role Engineering, and automating Access
Reviews and Certifications via Saviynt and SailPoint Workflows.
 Built and operated an enterprise-grade Privileged Access Management (PAM) program using the CyberArk suite (EPV,
PSM, AIM) to manage vaulting, Break Glass access, and approval workflows.
 Delivered Automation & DevOps capabilities using Terraform, Ansible, and Jenkins CI/CD pipelines, scripting in
Python and PowerShell to deploy and manage IAM configurations.
 Leveraged SailPoint Workflows for Low-Code IAM automation, developing flows for attestation campaigns,
entitlement validations, and event-driven access controls to increase operational agility.

Environments: Okta, Azure AD, Active Directory (AD), Zero Trust Architecture, LDAP, SCIM, RESTful APIs, SSO,
Adaptive MFA, Conditional Access Policies, Risk-Based Authentication (RBA), Okta CIAM, JPMC Internal IAM tools,
Passwordless Authentication, FIDO2, WebAuthn, Social Login, Consent & Preference Management, GDPR, CCPA, SAML 2.0,
OIDC, WS-Federation, Salesforce, Workday, ServiceNow, Microsoft Graph API, JWT, X.509 PKI, Microsoft 365, Okta
Federation Broker, SailPoint IdentityIQ, Cloud Entitlement Patterns, Federation Patterns, Entra ID, RBAC, B2B Federation,
Azure Policy, Azure Information Protection, SOX, ISO 27001, NIST, IAM Dashboards, GRC Tools, Saviynt, SailPoint
Workflows, CyberArk, CyberArk EPV, CyberArk PSM, CyberArk AIM, Break Glass Access, Terraform, Ansible, Jenkins,
Python, PowerShell

Ally Technologies, New Delhi, India || Period: Apr 2017 - May 2018
Role: Okta IAM Developer

 Led the implementation of the enterprise Identity Provider (IdP) by integrating Okta, Azure AD, and on-premises Active
Directory (AD) into a unified identity control plane, securing access across hybrid environments for internal and SaaS
applications.
 Managed hybrid identity synchronization using Microsoft Identity Manager (MIM) and Okta Universal Directory,
ensuring attribute consistency and secure propagation across AD, Azure AD, and cloud platforms.
 Engineered enterprise-wide Access Management policies, implementing SSO via SAML 2.0 and OIDC, enforcing
Adaptive MFA, and introducing Step-Up Authentication for sensitive financial applications.
 Architected and integrated Okta CIAM for external customer and partner portals, building a scalable, secure CIAM
infrastructure supporting both B2C and B2B federation patterns.
 Delivered modern CIAM capabilities such as Self-Service Registration, Progressive Profiling, Consent Management,
and early adoption of Passwordless Authentication—ensuring compliance with GDPR and improved customer
engagement.
 Established secure identity federation bridges using SAML, OAuth 2.0, and OIDC, enabling multi-tenant SaaS access,
secure API authentication, and third-party identity trust for mobile and web apps.
 Built automated provisioning frameworks using SCIM, Microsoft Graph API, and custom REST APIs for integration with
Salesforce, Workday, and Office 365, improving accuracy and lifecycle efficiency.
 Designed cross-cloud federation and IAM strategies, connecting Okta to AWS IAM and Azure AD, enabling secure
cross-account access and trust boundary enforcement for developers and workloads.
 Managed identity governance for major SaaS platforms via Okta Workflows and SCIM, maintaining entitlement alignment
through automated synchronization based on role and employment status.
 Administered and secured Azure AD / Entra ID, designing Conditional Access Policies, managing external collaboration
via B2B federation, and applying RBAC across the Microsoft 365 ecosystem.
 Implemented governance and compliance controls by integrating IAM telemetry with GRC dashboards, enabling audit
readiness for GDPR and ISO 27001 through automated reporting and evidence collection.
 Engineered the enterprise IGA framework using RBAC models, and automated Access Review Campaigns with SailPoint
IdentityNow, ensuring periodic recertification and least-privilege enforcement.
 Led PAM adoption using BeyondTrust, implementing credential vaulting, high-privilege access workflows, and
approval chains to protect sensitive systems and automate secrets management in DevOps pipelines.
 Built CI/CD identity automation pipelines using Jenkins, Terraform, and Ansible, and developed automation SDKs in
Java and PowerShell to streamline provisioning, deprovisioning, and Okta API workflows.

Environments: Okta, Azure AD, Active Directory (AD), Identity Provider (IdP), Microsoft Identity Manager (MIM), Okta
Universal Directory, SAML 2.0, OIDC, Adaptive MFA, Step-Up Authentication, Okta CIAM, Self-Service Registration,
Progressive Profiling, Consent Management, Passwordless Authentication, GDPR, OAuth 2.0, Multi-Tenant SaaS, Secure API
Authentication, SCIM, Microsoft Graph API, REST APIs, Salesforce, Workday, Office 365, AWS IAM, B2B Federation,
Conditional Access Policies, RBAC, Microsoft 365, Entra ID, GRC Dashboards, ISO 27001, SailPoint IdentityNow, RBAC
Models, Access Review Campaigns, BeyondTrust, Credential Vaulting, Secrets Management, DevOps Pipelines, Jenkins,
Terraform, Ansible, Java, PowerShell, Okta API Workflows

Atos Syntel, Bangalore, India || Period: Mar 2016 - Apr 2017

Role: IAM Developer
 Designed identity architectures for enterprise clients by embedding Okta as the core Identity Provider, integrating with
Active Directory (AD), and implementing foundational Access Management (AM) capabilities like SSO and MFA for
AWS-migrated applications.
 Built secure hybrid directory integrations by connecting on-prem AD with AWS Directory Service and Okta AD agents,
enabling centralized identity control and secure authentication for users accessing AWS-native and third-party systems.
 Configured federated SSO to AWS Management Console using Okta, along with risk-based access policies and step-up
MFA, to protect sensitive workloads and ensure secure console access for privileged users.
 Established identity federation using SAML 2.0, OAuth 2.0, and OpenID Connect (OIDC) for integrating both SaaS and
custom apps, enabling seamless access across hybrid cloud boundaries and enforcing secure trust relationships.
 Developed lifecycle automation pipelines using SCIM, RESTful APIs, and custom scripting in Python (Boto3) and
PowerShell, facilitating provisioning and deprovisioning across Okta and AWS IAM environments.
 Delivered a compliant cloud security model for a major financial client by aligning their AWS and Okta IAM
configurations with SOX and ISO 27001. The automated audit controls I implemented reduced audit evidence collection
time by over 75%, leading to successful and efficient compliance reviews.
 Defined secure AWS IAM policies and roles across multi-account environments, creating Cross-Account Access patterns
to support delegated administration, application integration, and workload isolation across client AWS estates.
 Deployed lightweight CIAM platforms using Okta CIAM and AWS Cognito, enabling scalable, secure identity solutions
for client-facing B2C applications hosted entirely in AWS.
 Deployed Delinea for PAM with credential vaulting, approval workflows, and secrets management, integrated into
DevOps pipelines using Jenkins and PowerShell.
 Enabled customer-centric features such as Self-Service Registration, Social Login, and Secure Onboarding Flows using
AWS Cognito, reducing onboarding friction while maintaining identity assurance.
 Automated IAM workflows using Python and PowerShell, integrated into CI/CD pipelines via Jenkins, and deployed
AWS resources with CloudFormation to ensure infrastructure security and repeatability through Infrastructure as Code.

Environments: Okta, Active Directory (AD), Access Management (AM), SSO, MFA, AWS, AWS Directory Service, Okta
AD Agents, AWS Management Console, Risk-Based Access Policies, Step-Up MFA, SAML 2.0, OAuth 2.0, OpenID Connect
(OIDC), SaaS, SCIM, RESTful APIs, Python, Boto3, PowerShell, AWS IAM, SOX, ISO 27001, SailPoint IdentityIQ, Access
Review Campaigns, IAM Policies, Cross-Account Access, CIAM, Okta CIAM, AWS Cognito, Delinea, Self-Service
Registration, Social Login, Secure Onboarding Flows, Jenkins, CloudFormation, Infrastructure as Code

Infosys, Bangalore, India || Period: Feb 2015 - Jan 2016

Role: Identity and Access management Developer
 Contributed to Okta Identity Provider (IdP) configuration for client implementations by assisting in integrations with
Microsoft services, such as Active Directory Federation Services (ADFS), gaining foundational knowledge in enterprise
identity platforms.
 Supported hybrid identity enablement by assisting in directory synchronization between on-premises Active Directory
(AD) and Azure AD using tools like DirSync, ensuring seamless identity propagation to cloud environments.
 Assisted in configuring SSO and MFA policies for Microsoft-based applications under supervision, helping enforce
foundational access control measures aligned with organizational policies.
 Participated in federated identity integration efforts by assisting with SAML 2.0 and WS-Federation configurations for
Microsoft cloud applications, contributing to secure, seamless user access across services.
 Learned to work with RESTful APIs and JSON/XML formats for identity data synchronization and supported X.509
certificate management for securing communication between IAM components.
 Assisted with early-stage SaaS identity integrations involving Microsoft Azure and federated trusts between on-prem
systems and cloud services, supporting foundational cloud identity use cases for clients.
 Supported the deployment of Okta CIAM for a web application hosted on Azure, helping to secure customer-facing
authentication and gaining practical exposure to B2C identity architectures.
 Helped implement CIAM features such as Self-Service Registration and basic login experiences, learning the processes
behind user onboarding and external identity flows.
 Observed and supported PAM setup using CyberArk, learning how to manage, vault, and secure privileged credentials
critical to client infrastructure security.
 Assisted with manual Access Review exercises and RBAC documentation during identity governance projects using
SailPoint, supporting audit readiness and helping define access roles.
 Wrote and executed basic PowerShell scripts to automate tasks such as user creation and group management in Active
Directory, supporting the team’s efforts in day-to-day IAM operations.

Environments: Okta, Identity Provider (IdP), Microsoft, Active Directory Federation Services (ADFS), Active Directory
(AD), Azure AD, DirSync, SSO, MFA, SAML 2.0, WS-Federation, Microsoft Cloud Applications, RESTful APIs, JSON, XML,
X.509 Certificates, Microsoft Azure, Federated Trusts, Okta CIAM, Self-Service Registration, CyberArk, Privileged Credentials
Vaulting, SailPoint, Access Review, RBAC, PowerShell