Home

Sumanth Reddy - IAM Consultant

[email protected]

Location: Irving, Texas, USA

Relocation:

Visa:

Sumanth Reddy Senior IAM Consultant Email: [email protected] Mobile: +1 (803)5673155 Professional Summary Having 9+ years of hands-on professional experience in Security Products like PingFederate, Ping Access, Ping Directory, PingID, PingOne, Azure AD, Access gateway, and SiteMinder. Successfully integrated and managed PingOne Advanced Services to optimize cloud identity processes. Collaborated closely with DevOps teams to develop cloud-native solutions using a combination of AWS services and PingOne solutions, resulting in more secure and resilient applications. Experienced in deploying and clustering PingFederate also integrating with PingID for MFA. Implemented access management and identified federation solutions with OAuth 2.0, SAML 2.0, WS-Fed, and WS-Trust on PingFederate. Designed IdP and SP-initiated SAML profiles with various bindings, such as POST, Artifact, and Redirect, in accordance with specific business and security needs. Hands on experience in IAM requirement analysis, implementation of Agentless, SAML, Oauth, and OpenID based integrations using various IAM solutions. Experienced in the implementation of OAuth, and OpenID Connect. Experienced in creating various adapters like Kerberos, HTML, PingID, composite, and Reference ID. Created Multiple Authentication Policies using CIDR, connection set, Oauth Client set/scope authentication selector, and HTTP header authentication selectors. Based on the requirement configured Implicit, Auth code, Client credential, and ROPC grant types and troubleshooted the issues surrounding it. Implemented OAuth 2.0 with PKCE to fortify authentication and authorization security, enhancing protection for user data and access to applications. Familiarity with industry Effective approaches and standards for handling access tokens and refresh tokens, including Oauth 2.0 and OpenID Connect. Used Postman client to simulate the Oauth flow and debugged the log files for any issues encountered. Experience of OAuth 2.0 security Standard protocols, including token validation, token expiration, token revocation, and token encryption, to mitigate security risks. Developed custom Java plugins for PingFederate to support advanced authentication mechanisms and authorization policies, improving security and compliance. Successfully integrated PingFederate with various enterprise applications using Java-based APIs, enabling secure single sign-on (SSO) and enhanced user experience. Experience managing and configuring directory services using Ping Directory, including schema management, access control, and replication. Developed scripts for automating routine LDAP tasks, including bulk modifications and data migrations Integrated LDAP directory with SSO infrastructure, enabling LDAP-based authentication and authorization for web and mobile applications. Designed and deployed PingFederate and Ping Access on AWS using EC2 instances with optimal configurations for performance and scalability. Set uped VPCs with multi-AZ subnets, configured security groups, and implemented secure network configurations for high availability. Utilized Amazon EBS volumes for persistent storage and configured automated backup and snapshot strategies. Configured PingFederate in clustered mode for load balancing and failover, leveraging Elastic Load Balancer (ELB) for traffic distribution. Employed Amazon CloudWatch for real-time monitoring and logging, ensuring application performance and health tracking. Worked on Agentless integration kits for the delegated authentications. Experience in integrating enterprise applications such as Salesforce, ServiceNow, box, etc. through SAML protocol in Azure AD and PingFederate. Configured conditional access policies and did the analysis using the what-if feature in Azure AD. Having Experience Configuring and managing Azure AD Connect, Microsoft Azure Active Directory. Configured B2B applications in Azure AD using external identities and created self-service signup policies for guest users. Performed access reviews on the applications with guest user access. Experienced in SAML as IDP and SP using PingFederate. Provided L-3 support to resolve the tickets raised by Application teams or clients on various IAM solutions along with PingFederate, AZURE AD, ADFS. Resolved Azure AD issues relating to Office 365, Active Directory to AZURE AD and CAIDM to Active Directory Experienced in the installation and configuration of CA Directory. self-service signup policies for the guest user Experienced in using ticketing tools like Service Now to assign tickets and to work on troubleshooting issues to the closure. Maintaining and providing OPS support to large-scale Access Management systems on both Enterprise and Consumer levels. Proficiency in managing, maintaining, troubleshooting, and resolving User Authentication and Access issues in a 24x7 production environment. Experience in working with multiple monitoring systems to understand and analyze various logs and reports to provide more reliable and efficient support for SSO and IDM infrastructure. TECHNICAL SKILLS SSO: Okta, Azure, ADFS, SiteMinder, PingFederate, Ping Access, Ping Directory Access Management: Okta Access Gateway, CA SiteMinder Web Agents, Ping Access. IDM: Okta, Ping Identity, CA IDM. MFA: Duo Security, Ping ID, Okta Verify. Directory: CA Directory, Active Directory, Azure AD. Servers: Apache, Tomcat, SunOne App Server, WebSphere. O/S: Windows 2012 R2, 2008/2003/2000/XP, UNIX, Linux. Languages: Java, HTML, Java Script, shell, perl, php. Databases /RDBMS: MS SQL Server2000/2005/2008/2012 R2, SQL, Oracle 8i/9i/10g. Education: Bachelor of Science in Computer Engineering - Lovely Professional University 2015. Senior IAM Consultant OneMain Financial | Evansville, IN June 2022 Till date Responsibilities: Implemented enterprise-wide Identity and Access Management (IAM) solutions PingFederate and PingID. Proficient in implementing and configuring PingOne Advance services to create comprehensive Identity and Access Management (IAM) solutions, guaranteeing safe access control and authentication procedures for enterprise resources and applications. Skilled in utilizing PingOne Advance to seamlessly integrate MFA features into systems and applications, providing an additional security layer to prevent unauthorized access and protect sensitive information. knowledgeable about setting up virtual hosts, policies, rules, rules Authenticators, and Ping Access Sites. Proficient in identifying and fixing PingOne Advance service-related problems, as well as in promptly supplying maintenance and support to guarantee the continuous performance and availability of IAM solutions. Integrated PingOne Advance Services with a various of directories, enterprise applications, industry-standard protocols like OpenID Connect, OAuth, and SAML. Implemented PingOne Advance Services to enable secure and seamless access to resources applications for users within the organization Configured the Authentication policies in the PingFederate and Integrated the Ping One MFA Adapter in the policy tree. Worked on supporting and debugging issues and implementing SSO solutions with Business Partners using PING Identity solutions. Implemented many Oauth and OpenID connections based on the client's requirements. Worked on multiple grant types such as Authorization code, implicit, client credentials, and resource owner. Integrated LDAP with Single Sign-On (SSO) solutions to streamline user authentication. Managed user and group accounts in LDAP, including creation, modification, and deletion Implemented PingID MFA with PingFederate Enforced enterprise-wide workforce to PingID for MFA. Implemented web application OAuth Integrations using Ping federate as OAuth provider. Created SP/IdP connections using PingFederate with external partners. Worked on supporting patching activities performed by the Security team, to provide continuous support to applications using SSO. Worked on applications to update IDP/ SP Signing certificates. Worked on migrating applications from the old Legacy on-prem environment to a private cloud environment. Worked on applying the patches on the PingFederate environment as per the Ping Identity guidelines to avoid security risks due to the vulnerabilities identified on the product. Worked on troubleshooting OAuth issues using the Postman client. IAM Engineer The Carlyle Group | Washington, D.C March 2020 - May 2022 Responsibilities: Implemented many OAuth and OpenID connections based on the client's requirements. Configured multiple grant types such as Authorization code, implicit, client credentials, and resource owner. Provided Architectural design and implemented enterprise-wide Identity and Access Management (IAM) solutions using PingFederate and PingID. Worked on supporting multiple applications internal and external to provide SSO services using PingFederate. Configured applications by enabling Kerberos and used composite adapters to accommodate user authentications from multiple domains. Deployed PingAccess, and PingFederate on AWS EC2 instances to secure both on-premises and cloud-based applications, achieving unified access control. Leveraged AWS Lambda and PingID to implement a custom MFA solution for critical AWS resources, enhancing the security posture. Used Amazon CloudWatch to monitor the performance of ALB s. Also, did set up alarms for metrics like "HTTP 5XX errors" or Target response time. Leveraged AWS Load Balancer, Autoscaling, and Security Groups to augment system reliability, scalability, and security. Applied these tools on AWS hosted PingFederate servers to achieve efficient load balancing, dynamic scaling, and fortified security measures. Experience in monitoring the resources/Logs by using monitoring tools like AWS CloudWatch and Splunk. Configured AppDynamics as a performance monitoring tool with dashboards. Established Route53 Hosted zones and managed DNS settings to direct traffic efficiently, implemented S3 Bucket Policies, and configured S3 Lifecycle Policies for effective data management and optimization. Engaged in routine server re-hydrations of Ping-hosted AWS instances, meticulously conducted to achieve performance optimization and operational efficiency. Managed and maintained Linux servers, ensuring system stability and performance. Automated routine tasks using shell scripts. Experience in working cloud services (SaaS), Authentication (2-Factor, SSO), Connectivity (TLS Connectivity, Certificates), and Access Controls (Roles, Permissions, IP Ranges). Security Analyst Barclays | Pune, India Oct 2018 - Jan 2020 Responsibilities: Manages, maintains, troubleshoots, and optimizes the Azure AD environment, as well as recommending improvements and new system designs for future requirements. Implemented an application proxy for on-premises web-based apps to enable single sign-on. Worked on Access control, MFA, creating Active directory (cloud) for app services in azure management portal. Configured and deployed OpenLDAP for centralized user management Configured, integrated, and administered Azure AD Identities, Groups, Application Registrations, and SSO services. Experienced in creating conditional access controls, implementing multi factor authentication (MFA), and resolving MA issues. Responsible for assisting with the planning, management, and troubleshooting of High Availability Systems, Network, Storage Solutions, Failover Clustering, Business Continuity, and Disaster Recovery solutions. Integrate Active Directory on-premises with Azure AD. B2B communication for guest users has been enabled utilizing external identities settings. Experience with Azure App registrations, SAML SSO, Azure Active Directory Connect and Azure Portal Administration. Expertise in Azure AD user provisioning, as well as resource and group creation using the directory role blade. Demonstrated expertise in integrating third-party applications with Azure AD and creating custom policies for Azure B2C. Implementation, and troubleshooting of Group Policies (GPOS) to various OUs/Containers in AD across Development, Test, and Production environments. Troubleshoot AAD connects delta and full cycle sync issues as they arise and validate data integrity. Primary role for the Active Directory Administration is to offer provide and tactical direction for the Active Directory Services, Identity and Access Management, Roles Based Access Control, and Segregation of Duties Information Security Engineer TechMonarch | Ahmedabad, India Jun 2015 - Sep 2018 Responsibilities: Assisted in configuring and managing PingID for multi-factor authentication (MFA) across various applications. Collaborated with senior team members to troubleshoot and resolve PingID integration issues. Participated in training sessions to understand the features and functionalities of PingID and its application in enterprise environments. Gained hands-on experience in user enrollment and management within PingID. Supported the team in monitoring PingID performance and generating reports on MFA usage and effectiveness. Assigned as Information Security Analyst to build and support Enterprise-wide IAM Solutions and Federation Security Services using PingFederate. Provided Architectural design and implemented enterprise-wide Identity and Access Management (IAM) solutions PingFederate and PingID. Implemented PingID MFA with PingFederate. Enforced enterprise-wide workforce to PingID for MFA. Implemented web application OAuth Integrations with Ping. Responsible for defining, recommending, monitoring, and deploying SSO (Single Sign On) Access Management Solution on premise using different technologies, Federated Protocols (SAML, OpenID Connect, OAuth, WS Federation) with cloud computing providers like Salesforce, AWS, Service-Now, Google, etc. Contributed to the development of security policies and procedures related to the use of PingID for enhanced authentication security. Learned and applied principles of identity and access management (IAM) with a focus on PingID solutions. Keywords: cprogramm sthree active directory information technology microsoft Arizona California Idaho Massachusetts