Entra Migration Specialist

Entra Migration Specialist Role Description

Role Summary:

We are seeking an Entra Migration Specialist to guide application teams through the transition from legacy IAM platforms to Microsoft Entra ID. The role focuses on technical advisory, migration coordination, and collaboration with application teams to ensure successful onboarding into Entra ID.

Core Purpose of the Role

Enable and accelerate app migrations to Entra ID by providing technical guidance, validating app readiness, supporting integration configuration (SAML/OAuth/OIDC), and coordinating teams through nonprod and prod onboarding steps. Act as the bridge between App Owners, Entra Engineering, Cybersecurity and relevant platform teams.

Key Responsibilities

Migration Advisory & Coordination

• Partner with application owners to analyse their current authentication setup (SAML/OAuth/OpenID, FR/OAM patterns) and map them to the correct Entra integration pattern.
• Guide App Teams through prerequisites, test planning, golive planning, and ForgeRock/OAM offboarding flows.
• Review configuration inputs (metadata, redirect URIs, token settings, claims, certificates) and advise required changes.
• Coordinate migration events (sprints/hackathons), ensuring App Teams follow expected workflows and quality gates.
• Act as primary SPOC for App Teams: clarify protocol requirements, unblock issues, and manage dependencies.

Technical Expertise & ProblemSolving

• Provide handson advisory onSAML 2.0,OAuth 2.0,OIDC, token behaviour, signatures, certificates, and application protocol flows.
• Debug common issues (metadata mismatches, token/claims errors, redirect/URI issues, MFA prompts).
• Understand and advise on key Entra ID constructs: App Registrations, Enterprise Apps, app roles, permissions, claims, authentication settings, token lifetimes, and MFA.
• Validate app readiness for migration based on Entra engineering standards and migration checklists (protocol compatibility, claim requirements, network flows, MFA posture).
• Review and interpret legacy IAM configurations (ForgeRock / OAM) to ensure continuity of behaviour in Entra ID.

Stakeholder Interaction

• Work closely with App Owners, Cybersecurity, Network, Entra Engineering, and Migration Taskforce.
• Communicate risks, blockers, and recommended mitigations to App Teams and project leadership.
• Ensure App Teams understand decisions, timelines, CR requirements, and testing expectations.

Key Capabilities, Knowledge & Experience

Essential

• Working knowledge ofMicrosoft Entra ID(application integration side).
• Good experience withActive Directory (onprem + cloud concepts)sufficient to support app migration context (no lifecycle / admin work required).
• Handson experience migrating apps fromlegacy IAM platforms(ForgeRock, OAM, Ping, ADFS, Okta) into any modern IAM.
• Expertise in:
• SAML 2.0(signing/encryption certs, metadata, NameID, claims)
• OAuth 2.0 / OIDC(scopes, consent, tokens, redirects, PKCE)
• Authentication & Authorization models
• MFA concepts / factors / prompts
• Ability to troubleshoot authentication issues and guide App Teams through full test cycles.
• Comfortable reading logs, tokens (JWT), and claims to identify root causes.

Good to Have

• Experience interpreting policies and translating them to Entra equivalents.
• Knowledge of automation patterns (PowerShell, Graph API) for bulk app validations.
• Exposure to Zero Trust, phishingresistant MFA, and secure-by-design patterns.

Valued Behaviours

• Clear communicatorwith App Teams; able to simplify complex authentication flows.
• Proactive problem solverwho can anticipate migration blockers.
• Collaborative mindset, comfortable coordinating multi-team contributions.
• Securityfirst thinkingaligned with enterprise IAM standards.