QODE
Linkedin · Posted 6d ago
ForgeRock Identity Architect
Continue to application
Add your email once, then Caio opens the original posting.
Indexed description
Role: ForgeRock Identity Engineer/ ArchitectLocation: VA, NJ, TX, Atlanta, Colorado, TampaExperience: 12+ YearsAbout The RoleJoin a high-impact POD building a self-service federated SSO platform. You’ll be the hands-on ForgeRock expert designing and engineering a scalable identity broker integrating with Okta, Microsoft Entra ID, PingIdentity, and more. This is a build-from-scratch, code-heavy role—not admin/config.
Key Responsibilities
- Design multi-tenant ForgeRock AM federation architecture
- Build REST APIs for programmatic SAML SP connection lifecycle (create/validate/activate)
- Implement SAML/OIDC flows, assertion validation, and secure session management across apps
- Develop scripted authentication (Groovy/JS) and automate certificate lifecycle (monitoring & rotation)
- Enable break-glass fallback, ensure high availability, and prepare SCIM-ready architecture
- Migrate existing manual SP connections to automated framework
- 4+ years hands-on ForgeRock Access Manager (AM)
- Strong SAML 2.0 (debugging raw assertions), OIDC/OAuth 2.0
- Experience with ForgeRock REST APIs, scripted nodes, and keystore/X.509 management
- API design & integrations, LDAP, secrets management (AWS/Vault)
- Coding: Java/Groovy + CI/CD, API testing, SAML debugging tools
- ForgeRock IDM, SCIM 2.0, cloud (AWS/Azure/GCP)
- Experience with Okta / Entra / Ping as IDP
- Migration of manual SP setups to programmatic model
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search
Want help applying to roles like this?
Search Caio for free. If CV tailoring and application tracking get heavy, Full Caio Agent adds a human specialist.
View Full Agent