Lead IAM Consultant
  • Gurus Infotech Inc.
4 Hours Ago
NA
C2C
Columbus-OH
13-15 Years
Required Skills: Oracle LDAP, Oracle Internet Directory, OID, SAP ECC identity integration, PingOne, PingFederate, SCIM, SAML, OIDC, SaaS platforms
Job Description
Years of Experience - 12+ Years MUST
Lead IAM Consultant with Oracle LDAP / PingOne Migration
 
SAP ECC Decommission — Workstream Identity & Access Management
 
Key Responsibilities
  • Conduct a complete inventory of the existing Oracle LDAP / Oracle Internet Directory (OID) environment — user objects, groups, organisational unit structure, schemas, attributes, and all SAP-bound service accounts
  • Document all SAP ECC identity integrations — LDAP connector configuration, SNC, SSO bindings, role-to-group mappings, and directory-dependent service accounts that must be migrated or decommissioned
  • Map current identity flows end to end: provisioning sources, attribute synchronisation rules, access policies, and group-to-role mappings feeding SAP authorisations
  • Perform a detailed fit-gap analysis between the Oracle LDAP/OID topology and PingOne — covering user attributes, group structures, MFA policies, federation protocols, and SCIM provisioning readiness
  • Design the target-state identity architecture on PingOne: IdP setup, SAML 2.0 / OIDC federation, SCIM provisioning to Salesforce Revenue Cloud, Workday Financials, Snowflake, and Boomi, and adaptive MFA policy configuration
  • Build and own the Oracle LDAP to PingOne migration runbook — directory export, identity data cleansing and transformation, PingOne import, parallel-run validation, cutover sequence, and rollback plan
  • Execute and validate mock migration cycles — test directory exports, validate user and group mappings in PingOne, and confirm access to all target platforms before cutover
  • Coordinate with the CAS CISO and security team to ensure the PingOne configuration meets CAS security policy, compliance requirements, and access governance standards
  • Work with the Boomi integration team to ensure identity event flows — provisioning, deprovisioning, and attribute sync — are correctly handled across the integrated platform landscape
  • Support UAT for identity and access scenarios — validate SSO, MFA, and provisioning across Salesforce, Workday, Snowflake, and Boomi in the new PingOne-led environment
  • Deliver the Oracle LDAP decommission sign-off checklist — confirm all users, groups, and service accounts are migrated, all SAP integrations re-pointed, and the legacy directory is safe to switch off
  • Produce all Phase 0 and migration deliverables: As-Is Identity Architecture Document, Fit-Gap Register, PingOne Integration Blueprint, Migration Runbook, and Decommission Readiness Checklist
 
Qualifications
  • 9+ years of hands-on experience with Oracle LDAP / Oracle Internet Directory (OID) — directory administration, schema management, OU design, and attribute configuration
  • Proven experience migrating from Oracle LDAP/OID to PingOne or a comparable cloud identity provider such as PingFederate, Okta, or Azure AD — including directory export, data transformation, and cutover execution
  • Solid understanding of SAP ECC identity integration — LDAP connector, SNC, SAP SSO 2.0, and Kerberos; able to identify and document all directory dependencies within an SAP environment
  • Hands-on PingOne or PingFederate configuration experience — SSO, SAML 2.0, OAuth 2.0 / OIDC, SCIM provisioning, adaptive MFA, and access policy management
  • Experience configuring SCIM-based provisioning and SAML/OIDC federation for enterprise SaaS platforms including Salesforce, Workday, and Snowflake
  • Ability to produce clear identity migration artefacts — directory inventory reports, attribute mapping matrices, migration runbooks, test scripts, and cutover plans
  • Familiarity with Boomi or equivalent integration platforms as they relate to identity event flows — provisioning triggers, deprovisioning, and attribute synchronisation
  • Strong understanding of identity security principles — least privilege, MFA enforcement, access governance, and audit logging requirements
  • Good communication skills with the ability to work alongside a CAS CISO, security team, and multiple third-party delivery partners
  • Ping Identity certification or equivalent cloud identity certification preferred; experience in a regulated or research-sector environment is an advantage
Apply for job
Easy Apply
Similar Jobs
OpenText Consultant
Data Conversion Lead
Senior Infrastructure Engineer
VMWare Virtualization Infrastructure Engineer

Jobseeker

Looking For Job?
Search Jobs

Recruiter

Are You Recruiting?
Search Candidates