About the role
We are seeking a experienced Active Directory & Identity Access Management (IAM) Consultant to lead and support key identity infrastructure initiatives across the organization. This is a highly technical role focused on authentication architecture, Multi-Factor Authentication (MFA), Single Sign-On (SSO), and Privileged Access Management (PAM) within complex, multi-domain environments. The ideal candidate will have a strong background in designing, testing, and implementing secure identity solutions that align with enterprise security policies. This is a 6 month contract role to start, 2 days a week in office in Hamilton, Ontario.
Key Responsibilities:
- Lead the design, testing, and implementation of secure and scalable Active Directory environments, including forests, trusts, OU structure, and replication.
- Conduct deep-dive IAM and AD assessments, including domain controller health checks, GPO reviews, and authentication flows.
- Deploy and manage MFA solutions using Azure AD and/or third-party providers (e.g., Duo, Okta).
- Design and support SSO integrations for both legacy and modern applications via SAML, OAuth2, and Azure AD Enterprise Apps.
- Architect and administer Privileged Access Management (PAM) solutions to enforce least-privilege access, session monitoring, and JIT access.
- Troubleshoot and harden authentication protocols (Kerberos, LDAP, NTLM), ensuring secure access across hybrid and on-prem workloads.
- Manage Group Policy Objects (GPOs) and fine-tune password policies, lockout settings, and service account usage.
- Integrate and maintain Azure AD Connect, including directory synchronization, ADFS federation, and cloud identity lifecycle management.
- Collaborate with infrastructure, security, and compliance teams to align identity architecture with NIST, CIS, and Microsoft security baselines.
- Participate in access reviews, cleanup of stale accounts, and identity lifecycle processes (joiners, movers, leavers).
- Implement and maintain audit logging and SIEM integrations (e.g., Microsoft Sentinel) for identity-related activity.
Qualifications:
- 7+ years of hands-on experience with Active Directory and IAM
- Proven experience designing and troubleshooting authentication solutions, including MFA and SSO
- Deep knowledge of PAM tools (e.g., CyberArk, BeyondTrust, Thycotic) and secure credential practices
- Experience in testing, implementing, and supporting AD/IAM configurations in complex environments
- Familiarity with hybrid identity models, including Azure AD and federation services
- Strong problem-solving skills and ability to work independently on technical investigations
- Excellent documentation and communication skills
- Certifications such as Microsoft Certified: Identity and Access Administrator, CISSP, or similar are an asset
About Robert Half
Robert Half, the world’s first and largest specialized talent solutions firm, connects opportunities at great companies with highly skilled job seekers. We offer contract, temporary and permanent placement solutions for roles in finance and accounting, technology, marketing and creative, legal, and administrative and customer support. Named to Fortune’s World’s Most Admired Companies and 100 Best Companies to Work For® lists and a Forbes Best Employer for Diversity, Robert Half is the parent company of Protiviti®. Robert Half is traded on the New York Stock Exchange (symbol: RHI) and is a member of the S&P 500 index.
About the role
We are seeking a experienced Active Directory & Identity Access Management (IAM) Consultant to lead and support key identity infrastructure initiatives across the organization. This is a highly technical role focused on authentication architecture, Multi-Factor Authentication (MFA), Single Sign-On (SSO), and Privileged Access Management (PAM) within complex, multi-domain environments. The ideal candidate will have a strong background in designing, testing, and implementing secure identity solutions that align with enterprise security policies. This is a 6 month contract role to start, 2 days a week in office in Hamilton, Ontario.
Key Responsibilities:
- Lead the design, testing, and implementation of secure and scalable Active Directory environments, including forests, trusts, OU structure, and replication.
- Conduct deep-dive IAM and AD assessments, including domain controller health checks, GPO reviews, and authentication flows.
- Deploy and manage MFA solutions using Azure AD and/or third-party providers (e.g., Duo, Okta).
- Design and support SSO integrations for both legacy and modern applications via SAML, OAuth2, and Azure AD Enterprise Apps.
- Architect and administer Privileged Access Management (PAM) solutions to enforce least-privilege access, session monitoring, and JIT access.
- Troubleshoot and harden authentication protocols (Kerberos, LDAP, NTLM), ensuring secure access across hybrid and on-prem workloads.
- Manage Group Policy Objects (GPOs) and fine-tune password policies, lockout settings, and service account usage.
- Integrate and maintain Azure AD Connect, including directory synchronization, ADFS federation, and cloud identity lifecycle management.
- Collaborate with infrastructure, security, and compliance teams to align identity architecture with NIST, CIS, and Microsoft security baselines.
- Participate in access reviews, cleanup of stale accounts, and identity lifecycle processes (joiners, movers, leavers).
- Implement and maintain audit logging and SIEM integrations (e.g., Microsoft Sentinel) for identity-related activity.
Qualifications:
- 7+ years of hands-on experience with Active Directory and IAM
- Proven experience designing and troubleshooting authentication solutions, including MFA and SSO
- Deep knowledge of PAM tools (e.g., CyberArk, BeyondTrust, Thycotic) and secure credential practices
- Experience in testing, implementing, and supporting AD/IAM configurations in complex environments
- Familiarity with hybrid identity models, including Azure AD and federation services
- Strong problem-solving skills and ability to work independently on technical investigations
- Excellent documentation and communication skills
- Certifications such as Microsoft Certified: Identity and Access Administrator, CISSP, or similar are an asset
About Robert Half
Robert Half, the world’s first and largest specialized talent solutions firm, connects opportunities at great companies with highly skilled job seekers. We offer contract, temporary and permanent placement solutions for roles in finance and accounting, technology, marketing and creative, legal, and administrative and customer support. Named to Fortune’s World’s Most Admired Companies and 100 Best Companies to Work For® lists and a Forbes Best Employer for Diversity, Robert Half is the parent company of Protiviti®. Robert Half is traded on the New York Stock Exchange (symbol: RHI) and is a member of the S&P 500 index.