IN, GB + 1 moreJob Title:
Cloud Solution Architect (CSA) – Active Directory, ADFS & MFAJob Description
Cloud Solution Architect (CSA) – Active Directory, ADFS & MFA
Role Summary
The Cloud Solution Architect (CSA) for Active Directory (AD), Active Directory Federation Services (ADFS), and Multi Factor Authentication (MFA) is a customer facing technical leader responsible for guiding enterprise customers to a secure, resilient, and modern identity platform.
The CSA acts as a trusted advisor, delivering proactive, outcome based engagements across on premises AD, hybrid identity, federation, and strong authentication. This role supports customers in modernizing identity, securing access, and transitioning from legacy federation to Microsoft Entra ID while maintaining operational excellence.
Key Responsibilities
Identity Architecture & Design
- Design and validate Active Directory Domain Services (AD DS) architectures, including single forest, multi forest, and multi domain environments
- Architect secure federation solutions using ADFS and guide customers through ADFS modernization and deprecation paths
- Design hybrid identity solutions integrating on prem AD with Microsoft Entra ID
- Ensure identity architectures align with Zero Trust and Microsoft security best practices
ADFS & Federation Services
- Design, deploy, and configure ADFS (2016 / 2019 / 2022 / 2025) environments
- Lead ADFS farm upgrades, migrations, and high availability designs
- Support Relying Party Trusts, Claims Rules, and Access Control Policies
- Guide customers in migrating applications from ADFS to Microsoft Entra ID
- Collaborate with security teams to ensure secure federation designs
MFA & Secure Authentication
- Design and implement Multi Factor Authentication (MFA) solutions across:
o ADFS protected applications
o Hybrid and cloud identities
- Assist customers with MFA provider integration, policy design, and enforcement
- Troubleshoot complex authentication failures (Kerberos, NTLM, claims based auth)
- Guide customers on conditional access and strong authentication strategies
Security, Hardening & Identity Protection
- Remediate findings from Active Directory security assessments
- Advise on:
o Privileged access models (Tiering)
o Delegation and role separation
o Secure administrative practices
- Support identity hardening, audit policy tuning, and event monitoring
- Provide guidance on identity compromise recovery scenarios
Operations, Recovery & Troubleshooting
- Troubleshoot:
o AD replication and SYSVOL issues
o Authentication and trust failures
o Domain controller performance issues
- Guide customers on:
o AD forest and object recovery
o Patch management and change control
o Upgrade planning and functional level raises
Customer Engagement & Delivery
- Deliver structured Microsoft engagements (assessments, accelerators, workshops)
- Act as a trusted technical advisor to customer architects and leadership
- Collaborate with Account Teams, CSAMs, and Engineering to unblock customer scenarios
- Contribute to technical readiness, documentation, and internal knowledge sharing
Required Technical Skills (300–400 Level)
Active Directory
- AD DS architecture and design
- Group Policy strategy and troubleshooting
- DNS integration and AD aware networking
- PowerShell scripting for identity automation
ADFS
- Federation service design and HA
- Claims and Access Control Policies
- ADFS upgrade and migration strategies
MFA & Identity Security
- MFA design and enforcement
- Authentication flows (Kerberos, NTLM, claims)
- Hybrid identity synchronization
Preferred Qualifications
- 5+ years in enterprise identity or customer facing technical roles
- Strong experience with hybrid identity and identity security
- Microsoft certifications in Identity, Security, or Windows Server (preferred)
- Experience guiding customers through identity modernization journeys
United Kingdom
United States
Germany only
Philippines only
Argentina only