Key skills
PowerShellAzureIAMAzure ADEntra IDOAuthSAMLIdentity ManagementSSOSingle Sign-OnCommunicationCollaborationZero Trust
About this role
Zelis is modernizing the healthcare financial experience across payers, providers, and healthcare consumers. They are seeking a highly skilled Senior IAM Engineer to lead the design, implementation, and support of enterprise Single Sign-On (SSO) integrations and Multi-Factor Authentication (MFA) within Microsoft Azure.
Responsibilities:
- Lead the design, implementation, and ongoing management of enterprise Single Sign-On (SSO) integrations within Microsoft Entra ID (Azure AD), including SAML, OAuth, and OpenID Connect (OIDC) configurations
- Configure and manage application provisioning integrations using SCIM and Just-In-Time (JIT) methodologies, including attribute mappings, profile transformations, and lifecycle alignment with upstream identity sources
- Manage and evolve the organization’s Multi-Factor Authentication (MFA) strategy. Ensure secure configuration, policy enforcement, and user experience optimization
- Assist in the configuration and ongoing management of Conditional Access Policies, including risk-based access controls, device compliance requirements, location-based controls, and Zero Trust alignment
- Support and manage Azure App Registrations in alignment with enterprise standards, including delegated and application permissions, client secrets/certificates, API exposure, and service principal configurations
- Partner closely with the Identity Governance (IGA) and Privileged Access Management (PAM) teams to ensure SSO integrations, application onboarding, access provisioning, and privileged access controls are properly aligned
- Troubleshoot authentication, federation, and token-related issues across SAML/OIDC flows, performing root cause analysis and implementing durable engineering solutions
- Drive automation and process improvement initiatives using PowerShell, Microsoft Graph API, and related tools to enhance operational efficiency and scalability
- Develop and maintain comprehensive knowledge articles, architecture diagrams, and SOPs related to SSO, MFA, Conditional Access, and Azure identity configurations
- Stay current on emerging identity security threats, authentication standards, and Microsoft roadmap updates to proactively strengthen enterprise authentication posture
Requirements:
- Proven technical experience implementing and managing enterprise Single Sign-On (SSO) solutions in Microsoft Entra ID (Azure AD)
- Strong hands-on experience with authentication and federation protocols including SAML 2.0, OAuth 2.0, OpenID Connect (OIDC), and SCIM
- Experience configuring and managing Multi-Factor Authentication (MFA) solutions (Duo and/or Microsoft Authenticator preferred)
- Working knowledge of Conditional Access Policy design and implementation within Azure
- Experience with Azure App Registrations, service principals, and API permission management
- Proficiency in PowerShell scripting and experience leveraging Microsoft Graph API for automation and identity management tasks
- Strong troubleshooting skills related to authentication flows, token issuance, federation errors, and provisioning integrations
- Excellent communication and collaboration skills with the ability to work cross-functionally across security, infrastructure, development, and governance teams
- Microsoft certifications (e.g., SC-300: Identity and Access Administrator Associate)
- Experience with identity governance platforms (e.g., SailPoint) and privileged access management tools (e.g., CyberArk)
- Experience supporting enterprise MFA migrations or modernization initiatives
- Familiarity with compliance frameworks such as SOX, HIPAA, or other regulated industry requirements