Identity Fabric Principal

Chabre IT Services is a global professional IT services provider specializing in tailor-made solutions, smart outsourcing, try&hire, and success fee services.

• Extensive expertise in OAuth 2.0, OpenID Connect, and SAML authentication frameworks.
• Deep knowledge of Microsoft Entra ecosystem including tenant configuration, enterprise app integrations, service principals, and Entra ID Governance.
• Strong knowledge of hybrid infrastructures including Active Directory forests, trusts, GPOs, and federation modernization.
• Experience with Identity Governance and Administration platforms, especially SailPoint (IdentityIQ or IdentityNow) and SCIM provisioning.
• Advanced PowerShell automation skills for Entra, Microsoft 365, and legacy AD DS/AD FS environments.
• Understanding of token lifecycles, session security, and complex API consent models.
• Background in designing claims and identity contexts with normalization, mapping, and least-privilege claims.
• Familiarity with privacy-by-design concepts for IAM solutions meeting European data protection standards.

• Lead the delivery and architectural alignment of Microsoft-first identity platforms using Entra ID and Entra External ID for enterprise applications and APIs.
• Manage complex hybrid environments, modernizing legacy dependencies like AD DS and AD FS without service disruptions.
• Implement, oversee, and troubleshoot advanced authentication flows (Auth Code with PKCE, Client Credentials) and federations (IdP/SP setups, SSO).
• Drive automation culture by scripting bulk operations, health checks, and reporting with Graph PowerShell, integrating into CI/CD pipelines.
• Ensure identity architectures comply with GDPR/EUDPR and internal auditing standards.
• Govern end-to-end IGA processes (Joiner, Mover, Leaver) and lifecycle integrations aligning SailPoint governance with Microsoft identity patterns.
• Design least-privilege access models and prepare governance for AI and agent identities.
• Design and enforce risk-based access controls, tuning Conditional Access policies, Identity Protection rules, and phishing-resistant MFA rollouts.