consultant - forgerock access management

 Build and manage authentication journeys using ForgeRock Authentication Trees and
Nodes (including custom scripts/nodes as required).
 Implement Multi-Factor Authentication (MFA) and step-up authentication policies with
a focus on phishing-resistant MFA (FIDO2/WebAuthn/passkeys/security keys) and
controlled fallback methods.
 Design contextual and risk-based access policies (device, geo, IP/network zones,
behavior signals) aligned to Zero Trust and least privilege.
 Integrate ForgeRock with enterprise directories (Active Directory/LDAP) and configure
identity store, authentication modules, and mappings.
 Configure federation relationships (IdP/SP), certificate/key management,
signing/encryption policies, and metadata exchange.
 Implement session and token hardening: secure cookie settings, timeouts, re-auth
triggers, concurrent session control, PKCE and best practices for OIDC/OAuth.
 Configure claims mapping, scopes, JWT customization, and token transformation based
on application requirements. Troubleshoot authentication, federation, MFA, session, and token-related issues using
logs, audit trails, and protocol traces.
 Support workforce IAM architecture for hybrid and cloud environments; participate in
solutioning, estimation, and delivery planning.
 Develop High-Level and Low-Level Design documentation, build/configuration guides,
and operational runbooks.
 Automate deployments and operations using REST APIs, scripting (JavaScript/Groovy),
and CI/CD patterns where applicable.
 Support migration from legacy IAM platforms and contribute to audit/compliance
activities (controls evidence, logging, policy validation).
Required Skills & Qualifications
 3-7 years of experience in Identity & Access Management (IAM).
 Minimum 2 years of hands-on experience with ForgeRock Access Management (AM)
implementing workforce authentication and SSO.
 Strong understanding of authentication and federation standards: SAML 2.0, OAuth 2.0,
OpenID Connect, JWT/JWS/JWE.
 Hands-on experience implementing conditional/adaptive access and step-up
authentication using ForgeRock Authentication Trees/Policies.
 Hands-on experience implementing MFA, including phishing-resistant MFA
(FIDO2/WebAuthn/passkeys/security keys) and secure enrollment/recovery flows.
 Experience integrating with Active Directory / LDAP and troubleshooting
directory/authentication issues.
 Experience with REST APIs and basic scripting (JavaScript/Groovy; familiarity with
PowerShell or Python is a plus).
 Strong troubleshooting skills across auth flows, sessions, cookies, redirects, and
protocol-level issues.

experience

7