Client is seeking a Senior Ping Identity / SSO Architect on behalf of a large healthcare organization undergoing a significant identity platform modernization. This resource will play a lead role in migrating from PingFederate to PingOne Workforce, hardening the identity environment, and helping the client adopt modern authentication capabilities without disrupting clinical workflows or operational uptime. The ideal candidate has been here before, can bring healthcare peer examples to the table, and knows how to move fast without breaking things.
Key Responsibilities
Own and lead the end-to-end migration from PingFederate to PingOne Workforce, including architecture, planning, and phased execution
Harden the identity environment and reduce platform fragility across the full migration lifecycle
Modernize entitlement management beyond legacy Oracle OES/OIM infrastructure, with a staged plan to replace brittle custom provisioning patterns without disrupting JML (Joiner-Mover-Leaver) automation
Advise on and support password less and clinician-friendly authentication initiatives in hybrid environments, including tap-and-go, badge-based workflows, fast user switching, and device-bound credentials
Navigate the real-world constraints of clinical environments, including camera, glove, and mobile limitations that affect authentication choices
Bring healthcare peer examples and reference architectures to inform architecture decisions, not just vendor documentation
Collaborate with internal identity and security teams to ensure continuity of SSO and MFA capabilities throughout the transition
Provide guidance on workstation authentication patterns across mixed internal and external identity populations, including contractors, physicians, vendors, and patients
Evaluate and advise on policy-based access management tools such as PlainID as part of the broader entitlement modernization strategy
Required Qualifications
7+ years of hands-on experience with Ping Identity products including PingFederate, PingOne, PingAccess, and PingDirectory
Must have personally led or owned at least one PingFederate to PingOne Workforce migration from design through production deployment
Demonstrated experience maintaining or redesigning JML automation workflows during a platform transition, without breaking provisioning continuity
Deep expertise in SSO, MFA, and modern identity protocols including SAML, OAuth 2.0, and OIDC
Experience with entitlement modernization and provisioning workflows in complex enterprise environments (Oracle OES/OIM familiarity strongly preferred)
Ability to work across mixed identity populations, including internal employees, external contractors, vendors, physicians, and patients in hybrid environments
Strong communication skills with the ability to present architecture decisions to both technical and non-technical stakeholders, including executive leadership
Healthcare industry experience, particularly in clinical or hospital environments
Preferred Qualifications
Direct experience with PlainID or a comparable policy-based access management platform
Familiarity with passwordless authentication standards including FIDO2 and WebAuthn
Experience designing or advising on clinician workstation authentication in acute care or ambulatory settings
Prior exposure to peer healthcare organizations navigating similar Ping migrations, with the ability to facilitate reference conversations
Ping Identity certifications (Ping Identity Certified Professional or equivalent)
Familiarity with zero trust identity frameworks and how they apply in clinical network environments
Never miss an opportunity! Create an alert based on the job you applied for.