ForgeRock Identity Architect

Qode

$120K — $150K *
Information Technology
11 - 15 years of experience
Job Overview by Ladders

Qualifications

  • 12+ years of relevant experience in identity and access management
  • 4+ years of hands-on experience with ForgeRock Access Manager (AM)
  • Strong knowledge of SAML 2.0 and OIDC/OAuth 2.0
  • Proficient in ForgeRock REST APIs and scripted nodes
  • Skilled in coding with Java/Groovy and familiar with CI/CD processes

Responsibilities

  • Design multi-tenant ForgeRock Access Manager federation architecture
  • Build REST APIs for managing SAML service provider connection lifecycles
  • Implement SAML/OIDC flows and secure session management across applications
  • Develop automated scripted authentication and manage certificate lifecycles
  • Enable high availability and prepare SCIM-ready architecture
  • Migrate existing manual service provider connections to an automated framework

Benefits

  • Opportunity to work with cutting-edge identity management technologies
  • Chance to contribute to a high-impact project that services numerous future customers
  • Possibility of working remotely from multiple locations including VA, NJ, TX, Atlanta, Colorado, and Tampa
  • Involved in a build-from-scratch code-heavy role, not just administrative tasks
  • Ownership of critical architectural decisions and complex federation challenges
Full Job Description
Role: ForgeRock Identity Engineer/ Architect

Location: VA, NJ, TX, Atlanta, Colorado, Tampa

Experience: 12+ Years

About the Role

Join a high-impact POD building a self-service federated SSO platform. You'll be the hands-on ForgeRock expert designing and engineering a scalable identity broker integrating with Okta, Microsoft Entra ID, PingIdentity, and more. This is a build-from-scratch, code-heavy role-not admin/config.

Key Responsibilities
  • Design multi-tenant ForgeRock AM federation architecture
  • Build REST APIs for programmatic SAML SP connection lifecycle (create/validate/activate)
  • Implement SAML/OIDC flows, assertion validation, and secure session management across apps
  • Develop scripted authentication (Groovy/JS) and automate certificate lifecycle (monitoring & rotation)
  • Enable break-glass fallback, ensure high availability, and prepare SCIM-ready architecture
  • Migrate existing manual SP connections to automated framework


Must Have
  • 4+ years hands-on ForgeRock Access Manager (AM)
  • Strong SAML 2.0 (debugging raw assertions), OIDC/OAuth 2.0
  • Experience with ForgeRock REST APIs, scripted nodes, and keystore/X.509 management
  • API design & integrations, LDAP, secrets management (AWS/Vault)
  • Coding: Java/Groovy + CI/CD, API testing, SAML debugging tools


Nice to Have
  • ForgeRock IDM, SCIM 2.0, cloud (AWS/Azure/GCP)
  • Experience with Okta / Entra / Ping as IDP
  • Migration of manual SP setups to programmatic model


You'll define the identity architecture powering hundreds of future customers-owning critical decisions, building automation, and solving complex, real-world federation challenges.

Similar Jobs

More Jobs at Qode

More Information Technology Jobs

Find similar ForgeRock Identity Architect jobs: