Microsoft Entra ID Application Proxy Specialist

The role will play a key part in delivering secure access to on-premises and hosted applications through Microsoft Entra ID Application Proxy, ensuring seamless user experience while enforcing strong authentication and Conditional Access controls. The specialist will be responsible for implementing and optimizing Entra ID Application Proxy services aligned to existing architecture, supporting application onboarding, authentication configuration, and secure access validation across a diverse application landscape. Operating within a vendor delivery model, the role requires close collaboration with Security Architects, IAM teams, application owners, and infrastructure teams to ensure secure, scalable, and user-friendly access solutions. This is a hands-on role requiring strong expertise in Entra ID, application integration, and authentication mechanisms including SSO and MFA Your responsibilities: *Implement and configure Microsoft Entra ID Application Proxy for secure remote access to enterprise applications *Onboard web-based applications and supported application patterns compatible with Entra ID Application Proxy in line with defined architecture *Analyze and validate application connectivity requirements, including FQDNs, ports, protocols, and DNS dependencies *Configure and validate authentication integration including SSO, pre-authentication, and backend authentication methods (e.g., Kerberos Constrained Delegation) *Implement and validate user access models including roles, groups, and group-based access controls *Align application access configuration with existing Active Directory group and OU structures *Configure and validate Microsoft Entra ID groups used for application access policies *Perform end-to-end testing including SSO validation, group-based access validation, and application connectivity testing *Troubleshoot and resolve issues related to application access, authentication, and connectivity *Collaborate with application teams to validate onboarding readiness and access requirements *Support user rollout activities ensuring smooth transition and minimal disruption *Ensure documentation of configurations, onboarding steps, and access models *Support knowledge transfer and transition to BAU operations

*Strong hands-on experience with Microsoft Entra ID, specifically Application Proxy *Experience onboarding and integrating enterprise applications using Entra ID Application Proxy *Strong understanding of authentication mechanisms including SAML, OAuth, OpenID Connect, Kerberos, and NTLM *Experience implementing Single Sign-On (SSO), Multi-Factor Authentication (MFA), and Conditional Access *Knowledge of Active Directory Domain Services and group-based access control *Understanding of application connectivity requirements including DNS, ports, protocols, and network dependencies *Experience troubleshooting authentication and access issues in hybrid identity environments *Strong understanding of identity-driven access control models *Understanding of enterprise secure access architectures and integration points with complementary access platforms *Experience working in enterprise application onboarding or transformation programmes *Strong documentation and communication skills *Ability to work collaboratively with application, infrastructure, and security teams Technology Stack / Exposure: *Secure Identity platform: Microsoft Entra ID *Secure access: Microsoft Entra ID Application Proxy *Directory services: Active Directory Domain Services *Authentication protocols: SAML, OAuth, OpenID Connect, Kerberos, NTLM *Conditional Access and MFA policies *Supporting infrastructure: DNS, networking, and application connectivity components Desirable skills/knowledge/experience: *Strong client-facing presence with ability to engage effectively with stakeholders *Excellent communication skills with ability to clearly explain authentication and access concepts *Strong attention to detail in application onboarding and access configuration *Hands-on, delivery-focused approach with strong technical ownership *Ability to work collaboratively across Identity, Security, Infrastructure, and Application teams *Strong analytical and troubleshooting capability *Ability to manage priorities in fast-paced transformation environments *Proactive and solution-oriented mindset *Strong accountability for deliverables and outcomes *Willingness to support knowledge transfer and operational handover