Urgent Need Identity Access Management SME Entra External ID (B2Cto Entra External ID Migration)Location: CA Remote with Travel

[Kranthi Thanda]

Identity Access Management SME Entra External ID (B2Cto Entra External ID Migration)

Location: CA Remote with Travel 

C2C W2 FULL TIME 

Experience 15+ Years 

Linkedin ID 

Role Summary

We are hiring an IAM SME to lead a secure SSO implementation of Entra External ID.

Key duties include migrating from Azure AD B2C to Microsoft Entra External ID, establishing federation with external client portals (SAML/OIDC), providing reference SSO integration, and ensuring strong security, documentation, and knowledge transfer.

Key Responsibilities

 Organize discovery workshops to assess existing authentication methods, workflows, and types of external users.

 Evaluate Azure tenant readiness, licensing, security and compliance requirements, and establish a project plan with milestones and RACI assignments.

 Identify prerequisites such as network configuration, required ports, and environment setup strategy, collaborating with application teams to address dependencies.

 Develop an authentication architecture for external users with Entra External ID.

 Define user registration and login processes, IdP federation strategies (SAML/OIDC), and tailor branding and UX for user journeys.

 Design Conditional Access and MFA policies, including bypass options for partner-initiated flows when necessary (in partnership with app teams).

 Create architecture diagrams and high/low-level design documents.

 Prepare the development environment, configure the Entra External ID tenant, and register required applications.

 Set up federation and integration patterns for external client portals.

 Apply session and token management best practices to ensure smooth portal navigation and proper sign-out behavior.

 Establish a migration strategy and tools using Microsoft Graph APIs, along with scripts and infrastructure.

 Plan and conduct pilot migration, then advance to full-scale migration readiness.

 Maintain attribute mapping and ensure identity data integrity during migration.

 Lead UAT validation, manage issue triage and remediation tracking, and refine policies and UX from feedback.

 Verify conditional access/MFA enforcement versus bypass scenarios, and test end-to-end SSO functionality.

 Create comprehensive documentation covering configuration, federation, migration steps, and operational runbooks.

 Host working sessions and transfer knowledge to enable internal teams to manage additional client SSO integrations independently.

 

 The Entra External ID tenant was configured with necessary app registrations and policies.

 The pilot migration was completed and user authentication flows were verified.

 A functional reference SSO integration is in place for at least one client portal, supporting both web and mobile flows.

 High/low-level design documents, architecture diagrams, UAT reports, issue logs, and KT documentation are delivered.

 Define standards and reusable patterns for onboarding future external applications and partners.

 Perform security reviews for identity flows, token lifetimes, claims issuance, and federation trust boundaries.

 Support cutover planning, rollback strategies, and postmigration stabilization.

 Collaborate with security operations teams to ensure logging, monitoring, and auditability of authentication events.

 Provide ongoing advisory support during early operations (hypercare) post golive.

Required Skills & Experience

 10+ years in Identity Access Management with hands-on SSO and federation implementations.

 Strong expertise in:

o Microsoft Entra External ID

o OAuth2 / OIDC, SAML 2.0, JWT, token/session management

o Application registrations, redirect URIs, certificates/secrets, custom domains concepts

 Experience with Azure AD B2C and migration patterns to Entra External ID.

 Working knowledge of Microsoft Graph API for user migration and identity operations.

 Practical experience designing and implementing Conditional Access + MFA strategies.

 Strong documentation and stakeholder management skills; ability to run workshops and KT sessions. Nice-to-Have

 Experience integrating SSO with mobile apps (browser-based handoff, deep links, sign-out redirection patterns).

 Familiarity with Identity Governance/RBAC best practices for least privilege access.

 Experience hands on experience migrations at large scale.

 

Preferred Certifications (nice to have)

 Microsoft Certified: Identity and Access Administrator Associate

 Microsoft Certified: Cybersecurity Architect Expert Soft Skills:

 Strong analytical, problem-solving, and troubleshooting skills.

 Excellent communication and stakeholder management abilities.

 Ability to work independently and collaboratively in a fast-paced environment.

Regards,
Kranthi Thanda
Manager
PropelSys Technologies LLC
(Sister Companies: CXSTech INC | Bridge Technologies and Solutions | PGH Group)
4975 Preston Park Boulevard, Suite 70 West
Plano, TX 75093

D: 469-424-2838

📧 Email: Kra...@propelsys.com
🌐 Website: www.propelsys.com
🔗 LinkedIn: Kranthi Thanda

"BEST WAY TO REACH ME IS THROUGH E-MAIL "