Active Directory Federation Service Customer Engineer
JDA TSG · United States · 6 days ago
RemoteRemoteEngineeringFull-time
About the role
We are seeking an ADFS (Active Directory Federation Services) Expert to join our Customer Engineer (CE) team. This role offers full-time employment with comprehensive benefits.
Responsibilities
- Work with Fortune-1000 enterprises to guide them to a healthy, secure identity posture across hybrid and cloud environments.
- Collaborate directly with customer teams to provide expert advisory services across a range of technologies.
- Leverage structured intellectual property (MIP) engagements to establish trusted advisor relationships and guide customers towards achieving a healthy and secure state.
- Lead and execute ADFS-to-ADFS version migrations and server farm upgrades.
- Migrate enterprise applications and service providers from ADFS to Entra ID.
- Understand and assist in writing claims and Access Control Policies for Relying Party Trusts.
- Understand and assist in transitioning Issuance Authorization Rules to Access Control Policies.
- Understand and assist in setting up multifactor authentication providers for Relying Party Trusts.
- Collaborate with architecture and security teams to ensure secure and compliant federation designs.
- Perform troubleshooting of claims, authentication flows, and certificate-related issues.
- Support certificate rollover processes and update relying party trust metadata.
- Provide knowledge transfer and training to customer teams.
- Act as a trusted advisor in federation and hybrid identity projects.
- Support authentication and trust planning.
- Understand multi-domain and forest design concepts.
- Work with Entra Connect and directory synchronization.
- Use basic PowerShell for administration and automation tasks.
- Troubleshoot replication and authentication issues.
Requirements
- 10 - 15+ years of hands-on experience in Active Directory.
- 7 - 10 years of experience in design, deploy, and configure ADFS environments (2016/2019/2022/2025) for new and existing customers.
- Lead and execute ADFS-to-ADFS version migrations and server farm upgrades.
- Migrate enterprise applications and service providers from ADFS to Entra ID.
- Understand and assist in writing claims and Access Control Policies for Relying Party Trusts.
- Understand and assist in transitioning Issuance Authorization Rules to Access Control Policies.
- Understand and assist in setting up multifactor authentication providers for Relying Party Trusts.
- Collaborate with architecture and security teams to ensure secure and compliant federation designs.
- Perform troubleshooting of claims, authentication flows, and certificate-related issues.
- Support certificate rollover processes and update relying party trust metadata.
- Provide knowledge transfer and training to customer teams.
- Act as a trusted advisor in federation and hybrid identity projects.
- Support authentication and trust planning.
- Understand multi-domain and forest design concepts.
- Work with Entra Connect and directory synchronization.
- Use basic PowerShell for administration and automation tasks.
- Troubleshoot replication and authentication issues.
Qualifications
- Familiarity with Entra ID licensing tiers (Free, P1, P2).
- Knowledge of role-based access control (RBAC) concepts.
- Basic understanding of device management concepts.
- Experience syncing Active Directory identities.
- Familiarity with Entra Password Protection.
- Basic understanding of authentication models.
- Basic understanding of device management concepts.
- Experience remediating security assessment findings.
- Knowledge of event forwarding.
- Understanding password policy best practices, including fine-grained password policies.
- Experience applying security baselines.
Skills
- Technical ability in Microsoft Active Directory.
- Experience with PowerShell for administration and automation.
- Experience with Entra Connect and directory synchronization.
- Experience with Defender for Identity.
- Experience with Active Directory Certificate Services (AD CS).
- Experience with Active Directory security principles.
- Experience with authentication models.
- Experience with OU design and delegation strategies.
- Experience with multi-domain and forest design concepts.
- Experience with authentication and trust planning.
- Experience with remediation of security assessment findings.
- Experience with event forwarding.
- Experience with password policy best practices, including fine-grained password policies.
- Experience with security baselines.
Benefits
- Comprehensive benefits package.
Pay
- Competitive compensation based on experience and qualifications.
Schedule
- Full-time position.