ForgeRock Identity Architect
Qode · Georgia, Georgia, United States · Posted Jul 7, 2026
Apply on company site Track it in JobSkout
Role: ForgeRock Identity Architect
Location: VA, NJ, TX, Atlanta, Colorado, Tampa
About the Role
Join a high-impact POD building a self-service federated SSO platform. You’ll be the hands-on ForgeRock expert designing and engineering a scalable identity broker integrating with Okta, Microsoft Entra ID, PingIdentity, and more. This is a build-from-scratch, code-heavy role—not admin/config.
Key Responsibilities
Design multi-tenant ForgeRock AM federation architecture
Build REST APIs for programmatic SAML SP connection lifecycle (create/validate/activate)
Implement SAML/OIDC flows, assertion validation, and secure session management across apps
Develop scripted authentication (Groovy/JS) and automate certificate lifecycle (monitoring & rotation)
Enable break-glass fallback, ensure high availability, and prepare SCIM-ready architecture
Migrate existing manual SP connections to automated framework
Must Have
4+ years hands-on ForgeRock Access Manager (AM)
Strong SAML 2.0 (debugging raw assertions), OIDC/OAuth 2.0
Experience with ForgeRock REST APIs, scripted nodes, and keystore/X.509 management
API design & integrations, LDAP, secrets management (AWS/Vault)
Coding: Java/Groovy + CI/CD, API testing, SAML debugging tools
Nice to Have
ForgeRock IDM, SCIM 2.0, cloud (AWS/Azure/GCP)
Experience with Okta / Entra / Ping as IDP
Migration of manual SP setups to programmatic model
Why This Role?
You’ll define the identity architecture powering hundreds of future customers—owning critical decisions, building automation, and solving complex, real-world federation challenges.