Microsoft Identity Administrator

City of Durham, NC

$77K — $120K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in Computer Science, IT, Business, or related field; relevant experience can substitute.
  • 5+ years of experience managing identity and access management systems.
  • Hands-on experience with Microsoft Entra ID and on-premises Active Directory.
  • Proficient in PowerShell and Microsoft Graph API for identity management.
  • Experience in compliance-driven environments, preferably in government.
  • Strong knowledge of authentication protocols like SAML, OAuth, OpenID.

Responsibilities

  • Oversee user and group account management in Microsoft Entra ID and Active Directory.
  • Administer Conditional Access policies and evaluate access requests.
  • Monitor identity security and compliance, producing audit reports as needed.
  • Manage hybrid identity synchronization between on-premises and cloud environments.
  • Configure Multi-Factor Authentication (MFA) and support user access issues.
  • Lead privileged access management and enforce governance policies.
  • Document identity configurations and recommend improvements for security posture.

Benefits

  • 12-13 paid holidays each year.
  • 13 vacation days and 13 sick days per year, sick leave accumulates indefinitely.
  • Medical, dental, vision, and life insurance plans available.
  • Comprehensive retirement plans, including state and city contributions.
  • Employee Assistance Program for personal and family counseling.
  • 48 hours of paid volunteer work each year.
Full Job Description
Salary : $77,507.00 - $120,133.00 Annually
Location : 101 City Hall Plaza, Durham, NC
Job Type: Full time with benefits
Remote Employment: Flexible/Hybrid
Job Number: 26-06011
Department: Technology Solutions
Opening Date: 07/10/2026

Position Description
The Microsoft Identity Administrator is responsible for overseeing and maintaining the City of Durham's enterprise identity and access management infrastructure. This position serves as the primary administrator of Microsoft Entra ID (formerly Azure Active Directory) and on-premises Active Directory, ensuring secure, reliable, and compliant access across all City systems and applications. The role encompasses user lifecycle management, access control, identity security monitoring, hybrid identity synchronization, and authentication policy administration. The Microsoft Identity Administrator also functions as the lead for identity governance, privileged access management, and automation of identity workflows, supporting a Zero Trust security posture across the enterprise. The ideal candidate brings deep technical expertise in Microsoft identity platforms, strong analytical judgment, and the ability to collaborate effectively across IT, cybersecurity, and business operations teams.

Duties/Responsibilities
User and Group Management
  • Create, modify, and deprovision user, service, and group accounts in Microsoft Entra ID and on-premises Active Directory.
  • Maintain group memberships, role assignments, and naming conventions in alignment with organizational standards.
  • Coordinate with Human Resources to ensure identity provisioning aligns with HR data feeds and automated onboarding and offboarding workflows.

Access Control and Permissions
  • Administer Conditional Access policies and Role-Based Access Control (RBAC) across enterprise applications and platforms.
  • Evaluate and process access requests in accordance with least privilege and separation of duties principles.
  • Review and enforce access governance policies to ensure compliance with City security standards.

Identity Security and Compliance Monitoring
  • Monitor sign-in activity, Multi-Factor Authentication (MFA) enforcement, and Identity Protection alerts on a daily basis.
  • Investigate risky users, blocked sign-ins, and compromised accounts; partner with the Security Operations team to contain and resolve identity-based threats.
  • Produce audit reports for compliance, access reviews, and MFA adoption; provide evidence for internal and external audits.

Hybrid Identity Management
  • Manage Microsoft Entra Connect and Cloud Sync configurations to maintain healthy synchronization between on-premises Active Directory and Entra ID.
  • Troubleshoot directory synchronization errors, password writeback issues, and hybrid join failures.
  • Monitor Entra Connect Health dashboards and proactively address replication or connectivity issues.

Authentication and MFA Administration
  • Configure and maintain MFA, passwordless sign-in methods, and FIDO2 authentication keys for City staff.
  • Support end users with MFA registration, authentication troubleshooting, and self-service password reset (SSPR).
  • Manage authentication strengths and configure Windows Hello for Business, Microsoft Authenticator App, and certificate-based authentication.

Privileged Identity Management
  • Administer Privileged Identity Management (PIM) to enforce just-in-time (JIT) role activation for privileged accounts.
  • Review and process privileged access requests, enforce approval workflows, and maintain audit logs of elevated access activity.
  • Conduct periodic access reviews for privileged roles and group memberships to ensure continued appropriateness.

Policy and Configuration Management
  • Develop and enforce identity governance standards, lifecycle management policies, and automation scripts using PowerShell and Microsoft Graph API.
  • Maintain comprehensive documentation of identity configurations, policies, and administrative procedures.
  • Evaluate new Microsoft Entra features and recommend enhancements to improve security posture and operational efficiency.

Troubleshooting and Incident Resolution
  • Serve as Tier 2-3 escalation support for authentication, Conditional Access, Single Sign-On (SSO), and identity-related incidents.
  • Collaborate with IT and cybersecurity teams to resolve incidents efficiently and document root cause and corrective actions.
  • Provide technical guidance to End User Support engineers, systems administrators, and data center personnel on identity-related issues.

Oracle Identity and Device Management
  • Manage provisioning, modification, and deprovisioning workflows using Oracle Identity Manager (OIM) and Oracle Access Manager (OAM).
  • Configure and maintain SSO and federation services across enterprise applications integrated with Oracle IAM.
  • Enroll and manage City endpoints across Windows, macOS, iOS, and Android platforms using Microsoft Intune (Endpoint Manager).
  • Configure device compliance policies, conditional access rules, application protection policies, and security baselines in Intune.

Minimum Qualifications & Experience

  • Bachelor's degree in Computer Science, Information Technology, Business, or a closely related field; relevant experience may substitute on a year-for-year basis.
  • Minimum five (5) years of progressive experience managing enterprise identity and access management systems.
  • Demonstrated hands-on experience with Microsoft Entra ID (Azure Active Directory), on-premises Active Directory, and Microsoft Entra Connect.
  • Proficiency in PowerShell scripting and Microsoft Graph API for identity automation and administration.
  • Experience working in compliance-driven environments, preferably within government or other regulated sectors.
  • Strong knowledge of authentication protocols including SAML 2.0, OAuth 2.0, OpenID Connect, and WS-Federation.
  • Microsoft Certified: Identity and Access Administrator Associate (SC-300) or equivalent certification required at time of hire or within 12 months of appointment.
  • Microsoft Certified: Security, Compliance, and Identity Fundamentals (SC-900) preferred.

Additional Preferred Skills

  • Experience with Oracle Identity Management (OIM/OAM), including SSO configuration and identity lifecycle automation.
  • Microsoft Intune administration experience including device enrollment, compliance policy configuration, and application deployment.
  • Oracle Certified Professional (OCP) designation or other industry-recognized identity and access management certifications.
  • Familiarity with Microsoft Sentinel, Azure Monitor Workbooks, and SIEM integration for identity log analysis.
  • Experience with Privileged Identity Management (PIM), entitlement management, and lifecycle workflows within Microsoft Entra ID Governance.
  • Knowledge of Zero Trust security principles and their application in a hybrid cloud environment.
  • Strong analytical, written communication, and documentation skills with the ability to translate technical concepts for non-technical audiences.

Benefits - General Full-Time Employees
  • 12-13 paid holidays per year
  • 13 standard work days of vacation per year
  • 13 standard work days of sick leave per year, which accumulates indefinitely; sick leave may be used toward early retirement
  • 2 weeks paid military leave per year
  • Medical, dental, vision, and supplemental life insurance plans
  • State and City retirement plans
  • Short and long term disability plans
  • Paid temporary disability leave for specified conditions
  • City contribution of 13.6% into the N.C. State Retirement System
  • Paid funeral leave
  • Employee Assistance Program - personal and family counseling
  • Paid life insurance equal to annual salary
  • 48 hours for volunteer work each year*
  • 4 hours parental leave each year
  • Workman's Compensation Insurance
  • 457 Deferred Compensation Plans
Benefits - Part-Time (1,000 hours or more per year)
  • 401(k) retirement plan (5.0% of salary)
  • State retirement plan
Benefits Part-Time (Average 30 hours per week over 12 month period)
  • 401(k) retirement plan (5.0% of salary)
  • State retirement plan effective first day of the month following date of hire
  • Health insurance effective first day of the month following date of hire
  • Dental and life insurance, after one year of service
  • Pro-rated vacation, pro-rated sick, pro-rated floating holiday, parttime holiday pay (based on scheduled hours for that day) after one year of service

01

Where did you first hear about this opportunity?
  • City of Durham Website
  • Walk in
  • Job fair
  • Employee referral
  • Professional organization ***Please list the organization in "other" box below***
  • Internet posting ***Please list the specific web site in the "other" box below***
  • Craig's List
  • Facebook
  • LinkedIn
  • GlassDoor
  • governmentjobs.com
  • Monster.com
  • Indeed.com
  • Employment Security Commission
  • Magazine/Newspaper
  • Other

02

If you listed "other" above please give specific web site, organization, or publication.
03

Please select your highest level of COMPLETED education.
  • Less than a High School Diploma or Equivalent (GED, HiSET, TASC)
  • High School Diploma or Equivalent (GED, HiSET, TASC)
  • Associates Degree
  • Bachelor's Degree
  • Master's Degree
  • Doctoral Degree (PhD, Juris Doctorate)

04

Please indicate the academic focus/concentration of your degree (bachelor's or advanced): If no degree, please put N/A
05

How many years of experience do you have managing enterprise identity and access management systems?
  • No related experience
  • Less than 1 year of related experience
  • 1 year but less than 5 years of related experience
  • 5 years but less than 9 years of related experience
  • 9 or more years of related experience
  • 13 or more years related experience

Required Question

Similar Jobs

More Jobs at City of Durham, NC

More Information Technology Jobs

Find similar Microsoft Identity Administrator jobs: