Job Description
Job Details. Summary: Bengaluru, Karnataka. Temporary. Job Category: Information Technology. Key Responsibilities: Implement and configure ForgeRock Access Management (AM) for workforce IAM use cases (SSO, Federation, Adaptive/Conditional Access, MFA). Design and implement Single Sign-On (SSO) for SaaS, custom, and on-prem applications using SAML 2.0, OAuth 2.0, and OpenID Connect (OIDC). Build and manage authentication journeys using ForgeRock Authentication Trees and Nodes (including custom scripts/nodes as required). Implement Multi-Factor Authentication (MFA) and step-up authentication policies with a focus on phishing-resistant MFA (FIDO2/WebAuthn/passkeys/security keys) and controlled fallback methods. Design contextual and risk-based access policies (device, geo, IP/network zones, behavior signals) aligned to Zero Trust and least privilege. Integrate ForgeRock with enterprise directories (Active Directory/LDAP) and configure identity store, authentication modules, and mappings. Configure federation relationships (IdP/SP), certificate/key management, signing/encryption policies, and metadata exchange. Implement session and token hardening: secure cookie settings, timeouts, re-auth triggers, concurrent session control, PKCE and best practices for OIDC/OAuth. Configure claims mapping, scopes, JWT customization, and token transformation based on application requirements. Troubleshoot authentication, federation, MFA, session, and token-related issues using logs, audit trails, and protocol traces. Support workforce IAM architecture for hybrid and cloud environments; participate in solutioning, estimation, and delivery planning. Develop High-Level and Low-Level Design documentation, build/configuration guides, and operational runbooks. Automate deployments and operations using REST APIs, scripting (JavaScript/Groovy), and CI/CD patterns where applicable. Support migration from legacy IAM platforms and contribute to audit/compliance activities (controls evidence, logging, policy validation). Required Skills & Qualifications: 3-7 years of experience in Identity & Access Management (IAM). Minimum 2 years of hands-on experience with ForgeRock Access Management (AM) implementing workforce authentication and SSO. Strong understanding of authentication and federation standards: SAML 2.0, OAuth 2.0, OpenID Connect, JWT/JWS/JWE. Hands-on experience implementing conditional/adaptive access and step-up authentication using ForgeRock Authentication Trees/Policies. Hands-on experience implementing MFA, including phishing-resistant MFA (FIDO2/WebAuthn/passkeys/security keys) and secure enrollment/recovery flows. Experience integrating with Active Directory / LDAP and troubleshooting directory/authentication issues. Experience with REST APIs and basic scripting (JavaScript/Groovy; familiarity with PowerShell or Python is a plus). Strong troubleshooting skills across auth flows, sessions, cookies, redirects, and protocol-level issues. Experience: 7.