Azure B2C Security Engineer

Role: Azure B2C Security Engineer

Location: Remote

Primary Job Description

● Configure and manage Azure AD B2C tenants, user flows, and custom policies through the Azure Portal.

● Implement and maintain user registration, profile management, and identity provisioning systems.

● Develop and integrate authentication solutions using OAuth 2.0, MSAL and OpenID Connect (OIDC)

● Register and configure applications in Azure AD B2C, including setting up redirect URIs and authentication credentials

● Utilize Microsoft Graph API for managing users and querying directory information

● Develop and maintain REST API applications using C# (.NET)

● Integrate Azure Application Insights for monitoring and analyzing application performance and user activity

● Proficiency in front end technologies such as JavaScript and JQuery.

● Experience with application integration using MSAL libraries

● Experience with identity and access management (IAM) solutions and frameworks

Project Summary:

· Provide single source-of-truth for online identity for members and non-member web accounts using Azure Active Directory Business to Customer as Identity Access Management solution, capable of supporting millions of users and billions of authentications per day.

· Improved and consistent sign-up and sign-in experience across web properties that provides an improved member experience.

· SSO to be seamless and not to change much of the current user experience

· Incrementally populate the user credentials sourced from eCommerce system to a modernized, cloud-based identity platformdesigned for B2C functions.

· Migrate Costco user identities from WebSphere CommerceDB to Azure AD B2C on first sign-in

Role/Contribution:

· Planning and designing AAD B2C architecture that can cater60 million Users

· Planning and designing Azure App services, Resourcegroups, ARM templates, Blob Storage

· Configuring Azure Active Directory B2C tenant and proxy applications for implementing custompolicies of

· Identity Experience Framework

· Granting necessary permission for Microsoft Graph in ProxyIdentityExperienceFramework and IdentityExperienceFramework applications, to perform read write operationto the AD tenant via user impersonation

· Developed custom policiesfor Identity Experience Framework (IEF), base (TrustFrameworkBase.xml), extension (TrustFrameworkExtensions.xml), Relying party (SignUpOrSignin.xml, ProfileEdit.xml, PasswordReset.xml) files for Local Accountsas identity providers

· Built custom User Journeys, Orchestration steps, technical profiles, adding them as output claims in Self Asserted Technical profiles, Content Definitions, Display Controls

· claims transformation to custom claims,JSON transformations, case change, conditional value

· Custom UI to match the company brandingand design guidelines, and hosting them in Azure Blob storagefor access via Azure CDN (Akamai)

· REACT based DOM manipulations

· UX customizations using custom claim types, Regex input validation, Validation Technical profiles, Password complexity for seamless experience with branding for web and mobileexperience

· Display Controls for sending verification code, email verification, custom email and dependent One-timepassword (OTP) generation, along with verify code

· Custom Rest API’s to integratewith custom servicesfor interacting with LOB applications and InfoBip Emailservice

· Securing restful services with Client Certificate authentication and Basic authentication, RSA encryption and decryption

· Writing all trace info to application insights,from IEF & Azure App Service

· Defined custom attributes for storing custom defined information as custom claim, attaching to B2C customextensions app, claim resolversto transfer data via query stringsto IEF and rest api

· JWT validation with public keys,expiration date and nonce

· Microsoft Graph endpoints for Get user, create user with identities, update user, delete user, register/update extension properties

· Seeding tool for pre-populating 60+ Million users from DB2 to Azure AD B2C using MASL Python libraries

· Performed Data Mining and analysis activities with the Costco user base using Pandas for Python, for determining active/inactive users, categorize based on business models,regions etc.