SSO Technical Lead
Role details
Job location
Tech stack
Job description
Machinify is modernizing its enterprise systems landscape, and single sign-on (SSO) is at the core of our security and user experience strategy. We are looking for an SSO Technical Lead to drive the design, implementation, and enablement of SSO across all enterprise applications from HR and Finance to Sales and Operations.
This is a hands-on technical leadership role that requires strong problem-solving skills, cross-functional collaboration, and the ability to quickly learn and integrate new technologies. You will work closely with business system owners, IT security, and external partners to ensure consistent, secure, and seamless authentication experiences across the company, while aligning with NIST cybersecurity standards, layered defense principles, and least privilege access models.
What You'll Do
Lead the end-to-end implementationof SSO for all enterprise applications - including HR, Order Management, Operations, Sales, Service, Legal, and Procurement systems.
Design and configure identity integrationsusing Entra ID (Azure AD), Okta, or similar identity providers to enable SAML, OIDC, and OAuth-based authentication.
Implement layered security controlsthat align with theNIST and HITRUST particularly regarding protection of PHI ( Protected Health Information) and personally identifiable data.
Apply least privilege access principlesacross all SSO-enabled applications to ensure users and service accounts have the minimal required access for their roles.
Partner cross-functionallywith system owners, InfoSec, and application teams to assess requirements, plan integrations, and execute go-live with secure authentication flows.
Standardize and documentSSO integration patterns, metadata exchange, and token policies to ensure scalability, consistency, and auditability.
Collaborate with InfoSecto enforce MFA, conditional access, and continuous monitoring for privileged and non-privileged accounts.
Maintain and enhance existing SSO configurations, certificates, and policies to support business continuity and compliance with company security policies.
Evaluate and onboard new SaaS applications, ensuring that each integration adheres to layered security and least privilege principles.
Troubleshoot and resolve SSO integration issuesacross multiple identity providers and environments with a focus on security and operational resilience.
Provide mentorship and knowledge sharingwithin the IT Applications and Security teams on identity, access management, and cybersecurity best practices.
Requirements
Bachelor's degree in Computer Science, Information Systems, or related field.
5+ years of experience in IT Applications, Identity Management, or System Integration roles.
Proven experience implementing SSO usingMicrosoft Entra ID (Azure AD),Okta,Ping, or equivalent.
Strong understanding ofSAML 2.0, OAuth 2.0, OIDC, and SCIMstandards.
Experience integrating SSO with SaaS and on-premise applications (e.g., Workday, Paycom, Salesforce, SAP, Oracle, ServiceNow, Coupa, DocuSign).
Practical knowledge of theNIST Cybersecurity Framework, andHITRUST particularly as it applies to authentication, identity, and access control.
Solid understanding oflayered security architectureimplementing defense-in-depth controls across network, application, and identity layers.
Demonstrated experience enforcingleast privilege access, role-based permissions, and segregation of duties.
Strong troubleshooting skills in authentication flows, certificates, and federation services.
Ability to balance hands-on technical work with stakeholder communication, project management, and documentation.
Proven ability to work cross-functionally and influence teams in a fast-paced environment.
Preferred Skills
Familiarity withidentity governance and administration (IGA)frameworks and lifecycle automation.
Exposure toAPI-based integrations, automation scripts (PowerShell, Python), or workflow orchestration tools.
Experience in ahigh-tech or SaaS environmentsupporting enterprise business systems.
Security certifications (CISSP, CISM, or Microsoft Identity and Access certifications) are a plus.
Benefits & conditions
Tuition reimbursement
Competitive salary, 401(k) with company match
Unlimited PTO
Additional health and wellness benefits and perks
Flexible and trusting environment where you'll feel empowered to do your best work
Equal Employment Opportunity at Machinify