Active Directory / IAM Architect

afarax is looking for a freelance Active Directory / IAM Architect. We need you!

The project:

Our client in the Transportation, Logistics, Supply Chain and Storage sector, is seeking an experienced Active Directory / IAM Architect to strengthen their team.

Key responsibilities:

IAM Architecture & Governance

• Define enterprise IAM architectures for AD, Entra ID, MFA, SSO, and PAM.
• Design hybrid identity models (on-prem AD, Azure AD, AD Connect).
• Establish Azure AD and M365 governance frameworks, including RACI, object provisioning, and group lifecycle.
• Architect access models for M365 (resources, naming standards, ownership, guest account lifecycle).
• Define privileged access frameworks (JIT, JEA, PAM) in line with Zero Trust.

Solution Design & Delivery

• Lead IAM solution designs for onboarding applications into Okta and SailPoint IIQ.
• Translate functional and regulatory requirements into technical IAM blueprints.
• Coordinate implementation with IAM engineers, security architects, and vendors.
• Support integration of SaaS applications and external platforms into central IAM.

Governance, Risk & Compliance

• Translate frameworks (ISO 27001/27002, NIS2, DORA) into actionable IAM controls.
• Ensure consistent IAM implementation across projects in line with ISMS standards.
• Document IAM processes, access models, and integration patterns.
• Participate in audits, risk assessments, and remediation actions.

Leadership & Collaboration

• Act as the senior reference for IAM architecture.
• Guide and mentor IAM engineers and analysts.
• Support incident response and forensic investigations related to identity.
• Build strong collaboration with enterprise architects, SOC, and business stakeholders.

Is this you?

• 10+ years in IT/security, with 5+ years in IAM architecture.
• Proven expertise in Active Directory, Entra ID (Azure AD), AD Connect, ADFS, MFA, SSO, PAM.
• Experience with Okta (authentication, MFA) and SailPoint IdentityIQ (governance, provisioning).
• Hands-on with modern authentication (SAML2, OAuth2, OpenID Connect, WS-Fed).
• Knowledge of hybrid environments: AD, Azure Cloud, private cloud, Unix/Linux LDAP, RACF.
• M365 IAM expertise: Intune, Exchange Hybrid, access models, guest lifecycle.

Certifications (preferred):

• Microsoft Certified: Identity and Access Administrator (SC-300)
• Microsoft Certified: Azure Solutions Architect Expert
• CISSP, CISM, or SABSA
• Vendor certifications (CyberArk, SailPoint, Okta)

How afarax supports you?

• You benefit from our extensive network
• You will have access to projects that fit your expertise
• We help and support you throughout your project
• We offer the possibility to build a valuable and lasting partnership

Check out more projects on: