ForgeRock Access Management (Workforce IAM) (Mumbai)

Consultant – ForgeRock Access Management (Workforce IAM) Locations: Bangalore \ Pune Hyderabad Service Line: Cyber Security – Identity & Access Management Experience: 4-7 Years Position Summary We are seeking a high-performing Consultant – ForgeRock Access Management (Workforce IAM) with robust experience in designing, implementing, and operating ForgeRock-based workforce identity solutions. The role involves delivering enterprise-scale identity and access transformation programs focused on employee, contractor, and privileged user access across hybrid and cloud environments. The selected candidate will be responsible for hands-on configuration of ForgeRock Access Management capabilities, enabling secure SSO, conditional/adaptive access, and MFA with emphasis on phishing-resistant authentication (e.g., FIDO2/WebAuthn/passkeys) and security hardening. You will collaborate with client stakeholders to build Zero Trust-aligned workforce identity architectures and ensure audit- ready controls. Key Responsibilities Implement and configure ForgeRock Access Management (AM) for workforce IAM use cases (SSO, Federation, Adaptive/Conditional Access, MFA). Design and implement Single Sign-On (SSO) for SaaS, custom, and on-prem applications using SAML 2.0, OAuth 2.0, and OpenID Connect (OIDC). Build and manage authentication journeys using ForgeRock Authentication Trees and Nodes (including custom scripts/nodes as required). Implement Multi-Factor Authentication (MFA) and step-up authentication policies with a focus on phishing-resistant MFA (FIDO2/WebAuthn/passkeys/security keys) and controlled fallback methods. Design contextual and risk-based access policies (device, geo, IP/network zones,behaviorsignals) aligned to Zero Trust and least privilege. Integrate ForgeRock with enterprise directories (Active Directory/LDAP) and configure identity store, authentication modules, and mappings. Configure federation relationships (IdP/SP), certificate/key management, signing/encryption policies, and metadata exchange. Implement session and token hardening: secure cookie settings, timeouts, re-auth triggers, concurrent session control, PKCE and best practices for OIDC/OAuth. Configure claims mapping, scopes, JWT customization, and token transformation based on application requirements. Troubleshoot authentication, federation, MFA, session, and token-related issues using logs, audit trails, and protocol traces. Support workforce IAM architecture for hybrid and cloud environments; participate in solutioning, estimation, and delivery planning. Develop High-Level and Low-Level Design documentation, build/configuration guides, and operational runbooks. Automate deployments and operations using REST APIs, scripting (JavaScript/Groovy), and CI/CD patterns where applicable. Support migration from legacy IAM platforms and contribute to audit/compliance activities (controls evidence, logging, policy validation). Required Skills & Qualifications 3-7 years of experience in Identity & Access Management (IAM). Minimum 2 years of hands-on experience with ForgeRock Access Management (AM) implementing workforce authentication and SSO. Strong understanding of authentication and federation standards: SAML 2.0, OAuth 2.0, OpenID Connect, JWT/JWS/JWE. Hands-on experience implementing conditional/adaptive access and step-up authentication using ForgeRock Authentication Trees/Policies. Hands-on experience implementing MFA, including phishing-resistant MFA (FIDO2/WebAuthn/passkeys/security keys) and secure enrollment/recovery flows. Experience integrating with Active Directory / LDAP and troubleshooting directory/authentication issues. Experience with REST APIs and basic scripting (JavaScript/Groovy; familiarity with PowerShell or Python is a plus). Strong troubleshooting skills across auth flows, sessions, cookies, redirects, and protocol-level issues. Preferred Qualifications Experience with ForgeRock Identity Management (IDM) and/or ForgeRock Identity Gateway (IG). Experience with containerized deployments (Docker/Kubernetes/OpenShift) and HA/DR architectures for IAM. Exposure to SIEM/log analytics (Splunk/ELK) and building audit-ready authentication logging and reporting. Knowledge of Zero Trust architecture patterns, device trust concepts, and modern authentication hardening practices. Experience with cloud platforms (Azure/AWS/GCP) and hybrid identity integrations. Relevant certifications (nice to have): ForgeRock certifications, Security+, or equivalent IAM/security certifications. Apply on Kit Job: kitjob.in/job/4n6u7s