Senior Identity Provider (IDP) Administrator

Job Title: Senior Identity Provider (IDP) Administrator

Location: Local In-Office

We are looking for a highly skilled Senior Identity Provider (IDP) Administrator with deep expertise in Keycloak to join our team. This role will manage and configure IDP solutions with a special focus on Keycloak, and work closely with both internal teams and external customers to configure and maintain Single Sign-On (SSO) applications. The ideal candidate will have a strong background in SAML, OAuth, and other authentication protocols, as well as experience managing mappers, user roles, and claims transformation across diverse environments, including Google IDP and Microsoft Entra (formerly Azure AD)..

Job Type: Full-time, exempt

Responsibilities and Duties:

• Keycloak Administration: Serve as the primary administrator for Keycloak, including realm setup, client policies, user roles, and general server administration. Ensure high availability and optimal performance of Keycloak instances.
• SSO Configuration & Integration: Collaborate with internal stakeholders and external customers to configure and integrate SSO applications using SAML, OAuth, and OIDC protocols. Assist customers with setting up secure, streamlined access to internal and third-party applications.
• Customer Support: Act as a point of contact for customers—both internal and external—for IDP-related issues, helping them with SSO setup, troubleshooting authentication issues, and managing user provisioning.
• Federation & Identity Management: Manage federated identity solutions, including SAML, OAuth, and OIDC configurations across Keycloak, Google IDP, and Microsoft Entra, ensuring secure and smooth access.
• Mapping & Claims Transformation: Design and manage complex mappers and claims transformations within Keycloak to integrate with third-party applications and ensure accurate attribute-based access control.
• Server Management: Oversee the administration of Keycloak servers, ensuring system security, patching, and performance optimization. Implement regular backup and recovery strategies to ensure data integrity.
• User Management: Handle user synchronization and provisioning between various IDPs, ensuring accurate user lifecycle management (creation, updates, deactivation).
• Security & Compliance: Implement identity security best practices, including MFA, secure token handling, and encryption. Work closely with compliance teams to ensure that all identity management processes meet industry standards and regulations.
• Automation & Monitoring: Develop automation scripts (e.g., using Python or Bash) to streamline repetitive tasks. Monitor IDP performance, detect issues, and proactively resolve them to ensure minimal disruption.
• Collaboration: Work with cross-functional teams including IT, security, and development teams, ensuring the seamless integration of identity solutions with various applications and platforms.

Required Education: Bachelor’s Degree in computer science or related field, or equivalent experience

Required Skills and Experience:

• Experience: Minimum 5-7 years of experience in Identity and Access Management, with a significant focus on Keycloak administration.
• Keycloak Expertise: Extensive hands-on experience with Keycloak, including realm configuration, user roles, authentication flows, client policies, mappers, and identity federation.
• SSO & Federation: Strong understanding of SAML, OAuth, and OIDC protocols for implementing SSO solutions and federated identity management across multiple systems.
• Customer Interaction: Experience working directly with customers (internal and external) to configure and troubleshoot SSO applications, ensuring seamless user experiences.
• Google IDP & Microsoft Entra: Proficiency in integrating and managing SSO setups with Google Identity and Microsoft Entra (Azure AD).
• Mappers & Claims: Strong experience in managing mappers and claims transformations within Keycloak for user attribute management and access control.
• Programming/Scripting: Proficiency in scripting languages like Python, Bash, or PowerShell for automation tasks related to IDP management.
• Security: Solid understanding of identity security best practices, including MFA, zero-trust architecture, and secure token handling.
• Familiarity with SCIM protocol for automated user provisioning. (Preferred)
• Experience integrating IDP solutions with cloud platforms like AWS, Azure, or GCP. (Preferred)
• Certifications such as Certified Identity and Access Manager (CIAM) or Keycloak Admin Certification. (Preferred)

Other Requirements:

• Language: English

Benefits

• Competitive salary and bonus program in an entrepreneurial environment

• Excellent health, dental, and vision insurance (70% company paid)

• Unlimited paid time off plan plus paid holidays
• 401k with company matching
• EcoPass provided for Colorado-based employees
• Salary Range: $125,000-$175,000/year

About Kaseware
Kaseware is a dynamic, rapidly growing company located in the Denver metro area. We build state-of-the-art software for law enforcement and corporate security customers. We serve those that serve our communities and make our world safer.

Due to the nature of our business, you must be able to pass a full CJIS compliant fingerprint based background check, which is required for individuals needing access to criminal justice information (CJI).

U.S. Citizens and those authorized to work in the U.S. are encouraged to apply (we are unable to sponsor at this time)