Cloud Solution Architect (CSA) – Active Directory, ADFS & MFA
Job Title: Cloud Solution Architect (CSA) – Active Directory, ADFS & MFA
Job Description
Cloud Solution Architect (CSA) – Active Directory, ADFS & MFA Role Summary The Cloud Solution Architect (CSA) for Active Directory (AD), Active Directory Federation Services (ADFS), and Multi Factor Authentication (MFA) is a customer facing technical leader responsible for guiding enterprise customers to a secure, resilient, and modern identity platform. The CSA acts as a trusted advisor, delivering proactive, outcome based engagements across on premises AD, hybrid identity, federation, and strong authentication. This role supports customers in modernizing identity, securing access, and transitioning from legacy federation to Microsoft Entra ID while maintaining operational excellence. ________________________________________
Key Responsibilities
Identity Architecture & Design
- Design and validate Active Directory Domain Services (AD DS) architectures, including single forest, multi forest, and multi domain environments
- Architect secure federation solutions using ADFS and guide customers through ADFS modernization and deprecation paths
- Design hybrid identity solutions integrating on prem AD with Microsoft Entra ID
- Ensure identity architectures align with Zero Trust and Microsoft security best practices
________________________________________ ADFS & Federation Services
- Design, deploy, and configure ADFS (2016 / 2019 / 2022 / 2025) environments
- Lead ADFS farm upgrades, migrations, and high availability designs
- Support Relying Party Trusts, Claims Rules, and Access Control Policies
- Guide customers in migrating applications from ADFS to Microsoft Entra ID
- Collaborate with security teams to ensure secure federation designs
________________________________________ MFA & Secure Authentication
- Design and implement Multi Factor Authentication (MFA) solutions across:
o ADFS protected applications o Hybrid and cloud identities
- Assist customers with MFA provider integration, policy design, and enforcement
- Troubleshoot complex authentication failures (Kerberos, NTLM, claims based auth)
- Guide customers on conditional access and strong authentication strategies
________________________________________ Security, Hardening & Identity Protection
- Remediate findings from Active Directory security assessments
- Advise on:
o Privileged access models (Tiering) o Delegation and role separation o Secure administrative practices
- Support identity hardening, audit policy tuning, and event monitoring
- Provide guidance on identity compromise recovery scenarios
________________________________________ Operations, Recovery & Troubleshooting
- Troubleshoot:
o AD replication and SYSVOL issues o Authentication and trust failures o Domain controller performance issues
- Guide customers on:
o AD forest and object recovery o Patch management and change control o Upgrade planning and functional level raises ________________________________________ Customer Engagement & Delivery
- Deliver structured Microsoft engagements (assessments, accelerators, workshops)
- Act as a trusted technical advisor to customer architects and leadership
- Collaborate with Account Teams, CSAMs, and Engineering to unblock customer scenarios
- Contribute to technical readiness, documentation, and internal knowledge sharing
________________________________________ Required Technical Skills (300–400 Level) Active Directory
- AD DS architecture and design
- Group Policy strategy and troubleshooting
- DNS integration and AD aware networking
- PowerShell scripting for identity automation
ADFS
- Federation service design and HA
- Claims and Access Control Policies
- ADFS upgrade and migration strategies
MFA & Identity Security
- MFA design and enforcement
- Authentication flows (Kerberos, NTLM, claims)
- Hybrid identity synchronization
________________________________________
Preferred Qualifications
- 5+ years in enterprise identity or customer facing technical roles
- Strong experience with hybrid identity and identity security
- Microsoft certifications in Identity, Security, or Windows Server (preferred)
- Experience guiding customers through identity modernization journeys
Location: EGY Work-at-Home Language Requirements: Time Type: Full time Apply To This Job