Cloud-Based IAM Modernization and Oracle Integration Initiative Consultant

Title: Cloud-Based IAM Modernization and Oracle Integration Initiative Consultant

Location: Hybrid Rockville MD

Exp: 15+

Interview Type: Selected candidate may be required to participate in an in-person or Microsoft Teams video interview

Introduction

The Office of Strategic Partnership (OSP), a division within the County's Technology and Enterprise Business Solutions (TEBS) department, is responsible for modernizing its Identity and Access Management (IAM) system by migrating to a cloud-based platform. This includes integrating the legacy Oracle Echo system with Microsoft Azure Entra ID and Azure B2C. The County is seeking proposals from experienced vendors with a proven track record in enterprise IAM implementations and secure cloud integrations.

Objectives

• Design and implement OCI IAM, Microsoft Entra, and Azure B2C based SSO for Oracle EBS, OAS, PeopleSoft, Oracle Learning Management (OLM), and other Oracle workloads.
• Enable seamless authentication for internal users (employees), external users, and contractors.
• Architect and document a secure DMZ access pattern to protect on-premises resources while allowing selective inbound connections.
• Ensure end-to-end security, high availability, and compliance with industry best practices.

Requirement

• Define logical SSO flow between internal users, Entra ID, OCI IAM, and Oracle apps for internal users
• Define logical SSO flow between external users, Azure B2C, OCI IAM, and Oracle apps for external users
• Configure Microsoft Entra as an SAML/OIDC identity provider for Oracle applications
• Configure OCI IAM identity providers and federation with Entra ID
• Configure Azure B2C as an SAML/OIDC identity provider for Oracle applications
• Design DMZ zoning: reverse proxy, firewalls, and application gateways
• Deploy and configure DMZ components
• Define access policies, attribute mappings, and claim rules
• Perform functional, security (penetration/vulnerability), and performance testing
• Conduct user acceptance testing with internal and external stakeholder groups
• Produce end-to-end security architecture diagrams and DMZ access patterns
• Document configuration steps, policy definitions, and operational runbooks
• Deliver a knowledge-transfer workshop and train-the-trainer sessions
• Work with the Operations team for production migration

Deliverables

• Solution Design Package: Includes high-level architecture diagrams, detailed SSO and federation flowcharts, DMZ zone definitions, firewall rule sets, and a working prototype.
• Implementation Artifacts: Covers configurations for Entra ID, Azure B2C, and OCI IAM.
• Test Reports: Includes functional and integration test cases with results, as well as security scan reports.
• Operational Documentation: Comprises system configuration guides, access management runbooks, and troubleshooting guides.
• Knowledge Transfer: Provides training to the operational team, including Q&A sessions and a support plan.

Teams Expertise Requirement

• Extensive experience with OCI IAM, Microsoft Entra ID, Azure B2C, and SAML/OIDC protocols.
• Strong expertise in DMZ design, firewall configurations, and application gateway setup.
• Proficient in conducting penetration testing and vulnerability assessments.
• Skilled in technical writing and training, with the ability to document and transfer knowledge effectively.

Acceptance Criteria

• Successful SSO login for all defined user personas without manual intervention.
• DMZ enforces least-privilege access, passing only necessary traffic.
• All test cases pass with documented outcomes.
• Documentation reviewed and approved by the client security team.
• Knowledge transfer session delivered, and the client can independently manage the solution.