Jobs · Engineering

Active Directory Federation Service Customer Engineer

JDA TSG · United States · 6 days ago
RemoteRemoteEngineeringFull-time

About the role

We are seeking an ADFS (Active Directory Federation Services) Expert to join our Customer Engineer (CE) team. This role offers full-time employment with comprehensive benefits.

Responsibilities

  • Work with Fortune-1000 enterprises to guide them to a healthy, secure identity posture across hybrid and cloud environments.
  • Collaborate directly with customer teams to provide expert advisory services across a range of technologies.
  • Leverage structured intellectual property (MIP) engagements to establish trusted advisor relationships and guide customers towards achieving a healthy and secure state.
  • Lead and execute ADFS-to-ADFS version migrations and server farm upgrades.
  • Migrate enterprise applications and service providers from ADFS to Entra ID.
  • Understand and assist in writing claims and Access Control Policies for Relying Party Trusts.
  • Understand and assist in transitioning Issuance Authorization Rules to Access Control Policies.
  • Understand and assist in setting up multifactor authentication providers for Relying Party Trusts.
  • Collaborate with architecture and security teams to ensure secure and compliant federation designs.
  • Perform troubleshooting of claims, authentication flows, and certificate-related issues.
  • Support certificate rollover processes and update relying party trust metadata.
  • Provide knowledge transfer and training to customer teams.
  • Act as a trusted advisor in federation and hybrid identity projects.
  • Support authentication and trust planning.
  • Understand multi-domain and forest design concepts.
  • Work with Entra Connect and directory synchronization.
  • Use basic PowerShell for administration and automation tasks.
  • Troubleshoot replication and authentication issues.

Requirements

  • 10 - 15+ years of hands-on experience in Active Directory.
  • 7 - 10 years of experience in design, deploy, and configure ADFS environments (2016/2019/2022/2025) for new and existing customers.
  • Lead and execute ADFS-to-ADFS version migrations and server farm upgrades.
  • Migrate enterprise applications and service providers from ADFS to Entra ID.
  • Understand and assist in writing claims and Access Control Policies for Relying Party Trusts.
  • Understand and assist in transitioning Issuance Authorization Rules to Access Control Policies.
  • Understand and assist in setting up multifactor authentication providers for Relying Party Trusts.
  • Collaborate with architecture and security teams to ensure secure and compliant federation designs.
  • Perform troubleshooting of claims, authentication flows, and certificate-related issues.
  • Support certificate rollover processes and update relying party trust metadata.
  • Provide knowledge transfer and training to customer teams.
  • Act as a trusted advisor in federation and hybrid identity projects.
  • Support authentication and trust planning.
  • Understand multi-domain and forest design concepts.
  • Work with Entra Connect and directory synchronization.
  • Use basic PowerShell for administration and automation tasks.
  • Troubleshoot replication and authentication issues.

Qualifications

  • Familiarity with Entra ID licensing tiers (Free, P1, P2).
  • Knowledge of role-based access control (RBAC) concepts.
  • Basic understanding of device management concepts.
  • Experience syncing Active Directory identities.
  • Familiarity with Entra Password Protection.
  • Basic understanding of authentication models.
  • Basic understanding of device management concepts.
  • Experience remediating security assessment findings.
  • Knowledge of event forwarding.
  • Understanding password policy best practices, including fine-grained password policies.
  • Experience applying security baselines.

Skills

  • Technical ability in Microsoft Active Directory.
  • Experience with PowerShell for administration and automation.
  • Experience with Entra Connect and directory synchronization.
  • Experience with Defender for Identity.
  • Experience with Active Directory Certificate Services (AD CS).
  • Experience with Active Directory security principles.
  • Experience with authentication models.
  • Experience with OU design and delegation strategies.
  • Experience with multi-domain and forest design concepts.
  • Experience with authentication and trust planning.
  • Experience with remediation of security assessment findings.
  • Experience with event forwarding.
  • Experience with password policy best practices, including fine-grained password policies.
  • Experience with security baselines.

Benefits

  • Comprehensive benefits package.

Pay

  • Competitive compensation based on experience and qualifications.

Schedule

  • Full-time position.

Similar jobs