IAM Engineer - MS365 / Entra ID / SSO / MFA
Microsoft 365 / Entra ID / SSO / MFA Role: IAM Engineer Contract: 6 months initially IR35: Inside IR35 Day Rate: Up to £765 per day (via umbrella) potential for flex DOE Location: Hybrid Do not wait to apply after reading this description a high application volume is expected for this opportunity.
- 2 days/week on-site in Sheffield , remainder remote Start: ASAP Summary An established well known national organisation is seeking a hands-on IAM Engineer to implement and operate identity, authentication, and access controls across Microsoft 365 and Microsoft Entra ID (Azure AD) . Focus is on SSO , MFA , Conditional Access, identity lifecycle, and privileged access (with CyberArk as a desirable skill). This is a delivery and operations role (not an architect), partnering with Security, Infrastructure, and Service Management to harden controls, reduce risk, and improve user experience. Responsibilities Entra ID operations & hardening : tenant hygiene, identity security baseline, Conditional Access (CA) design/maintenance, break-glass access. SSO engineering : onboard and support SAML/OIDC apps; configure enterprise app registrations, claims, tokens, and session settings. MFA at scale : method policies (Authenticator, FIDO2, SMS), registration campaigns, CA-based MFA enforcement, resilient admin access patterns. Lifecycle & access controls : group-based access, dynamic groups, PIM (just-in-time admin), RBAC reviews, access reviews, least-privilege enforcement. Microsoft 365 alignment : integrate with Defender for Cloud Apps, govern Exchange/SharePoint/Teams access, improve Secure Score. Required Skills & Experience Proven, hands-on Microsoft Entra ID administration: app registrations, Conditional Access, Identity Protection, authentication strengths, and policy operations. SSO delivery using SAML 2.0 / OIDC / OAuth 2.0 : enterprise app onboarding, claims mapping, token troubleshooting (SAML traces, Fiddler, browser dev tools). MFA engineering and rollout: CA-based MFA, method policies, break-glass procedures, staged/targeted deployments. Microsoft 365 security controls: Exchange, SharePoint/OneDrive, Teams governance and access configuration. xkybehq Desirable CyberArk PAM (Core PAS): Safes, platform onboarding, credential rotation, PSM/PSMP, API integration. If you have the relevant skills and interested in hearing more please apply with your latest CV.
- 2 days/week on-site in Sheffield , remainder remote Start: ASAP Summary An established well known national organisation is seeking a hands-on IAM Engineer to implement and operate identity, authentication, and access controls across Microsoft 365 and Microsoft Entra ID (Azure AD) . Focus is on SSO , MFA , Conditional Access, identity lifecycle, and privileged access (with CyberArk as a desirable skill). This is a delivery and operations role (not an architect), partnering with Security, Infrastructure, and Service Management to harden controls, reduce risk, and improve user experience. Responsibilities Entra ID operations & hardening : tenant hygiene, identity security baseline, Conditional Access (CA) design/maintenance, break-glass access. SSO engineering : onboard and support SAML/OIDC apps; configure enterprise app registrations, claims, tokens, and session settings. MFA at scale : method policies (Authenticator, FIDO2, SMS), registration campaigns, CA-based MFA enforcement, resilient admin access patterns. Lifecycle & access controls : group-based access, dynamic groups, PIM (just-in-time admin), RBAC reviews, access reviews, least-privilege enforcement. Microsoft 365 alignment : integrate with Defender for Cloud Apps, govern Exchange/SharePoint/Teams access, improve Secure Score. Required Skills & Experience Proven, hands-on Microsoft Entra ID administration: app registrations, Conditional Access, Identity Protection, authentication strengths, and policy operations. SSO delivery using SAML 2.0 / OIDC / OAuth 2.0 : enterprise app onboarding, claims mapping, token troubleshooting (SAML traces, Fiddler, browser dev tools). MFA engineering and rollout: CA-based MFA, method policies, break-glass procedures, staged/targeted deployments. Microsoft 365 security controls: Exchange, SharePoint/OneDrive, Teams governance and access configuration. xkybehq Desirable CyberArk PAM (Core PAS): Safes, platform onboarding, credential rotation, PSM/PSMP, API integration. If you have the relevant skills and interested in hearing more please apply with your latest CV.