Murali Ganesan

Senior Identity and Access Management Leader experienced in enterprise-scale identity transformation across banking, education, and complex environments. Achieved strategic alignment and enhanced security through effective delivery of access management, identity governance, and privileged access solutions. Focused on developing scalable identity solutions that meet evolving business needs and security requirements in both cloud and on-premises platforms.

Okta Passwordless - FIDO Passkeys

• Leading enterprise identity transformation initiatives with a defined and delivered passwordless authentication strategy (FIDO2 passkeys), including roadmap, pilot rollout, and enterprise adoption planning.
• Designed authentication and access policies aligned with Zero Trust and NIST assurance levels, improving security posture while maintaining user experience.
• Partnered with business and security stakeholders to translate identity requirements into scalable architecture and implementation plans.
• Delivered end-to-end IAM artefacts, including solution design, build guides, operating models, and adoption frameworks.
• Supported client engagement and delivery governance, ensuring alignment with scope, timelines, and quality outcomes.
• Collaborated with stakeholders to drive secure authentication transformation and adoption metrics.

One Identity Safeguard (SPP/SPS) - Privileged Access Management

• Led the design and implementation of an enterprise PAM solution across 500+ assets and privileged users.
• Delivered credential vaulting, automated rotation, and secure privileged session management via RDP/SSH with session recording and analytics.
• Installed and initialized Safeguard SPP and SPS virtual appliances, including network configuration and secure connectivity.
• Configured SNAT, firewall rules, and secure RDP/SSH routing via SPS gateway.
• Established privileged access governance model, embedding least privilege, audit controls, and operational processes.
• Integrated MFA (Defender, Cisco ISE) into privileged workflows, strengthening access security.
• Defined disaster recovery, operational runbooks, and break-glass procedures.
• Engaged stakeholders to uplift PAM maturity and align with compliance requirements.

Okta CIAM

• Designed and implemented customer and workforce identity solutions, including registration, authentication, and lifecycle management.
• Built self-service identity capabilities, improving user experience and reducing operational overhead.
• Implemented adaptive MFA and risk-based access controls.
• Delivered identity lifecycle automation (JML processes) using workflows and APIs.
• Collaborated with application teams to integrate identity services across enterprise systems.
• Developed identity architecture and user journey designs.

Microsoft Entra ID (Azure AD) 

• Designed and implemented Conditional Access, Identity Protection, and MFA across enterprise users.
• Designed Privileged Identity Management (PIM) with JIT access controls.
• Led enterprise-wide MFA rollout and legacy authentication decommissioning.
• Integrated applications using SSO (SAML/OIDC) and SCIM provisioning.
• Designed and implemented Identity Verification for onboarding and credential authentication using Microsoft Entra ID Verified ID.
• Strengthened identity governance controls and access lifecycle management.

Active Directory Risk Assessment

• Performed enterprise AD security assessment, identifying privilege risks and misconfigurations.
• Analyzed privileged groups, GPOs, ACLs, trust relationships, and delegation models.
• Delivered risk-based remediation roadmap aligned with Microsoft and Zero Trust standards.
• Presented findings to stakeholders and supported identity governance improvements.

PingOne Advanced Services & PingOne DaVinci - Identity Verification

• Designed onboarding and self service password reset journey using PingOne Verify and PingOne DaVinci orchestration.
• Set up P1AS cloud environment and managed network configurations.
• Implemented Identity Verification to automate the onboarding process in financial sectors.
• Implemented risk based validation and verification using PingID, PingOne Protect, and Verify.
• Configured risk-based authentication policies and bot detection (reCAPTCHA).
• Customized user experience using HTML, CSS, and JavaScript.
• Implemented CI/CD pipelines using GitLab and Bamboo.
• Implemented secure MFA and passwordless authentication journeys.
• Configured PingOne application onboarding and MFA enforcement.
• Managed Ping certificates and reporting.
• Guided support teams and resolved authentication integration issues.

PingFederate 

• Led roadmap planning, resource allocation, and Agile ceremonies.
• Performed upgrades and high-availability configurations.
• Configured IDP/SP connections, authentication adapters, policy contracts, PCV, and data stores.
• Implemented SSO integrations using SAML, OAuth, and OpenID Connect.
• Enabled Certificate-Based Authentication and automated certificate rotation.
• Implemented passwordless authentication using FIDO2, HYPR, and YubiKey.
• Managed P1/P2 incidents and collaborated with vendor support for enhancements.

PingAccess & SiteMinder Migration

• Configured authorization policies and application protection rules.
• Integrated PingFederate with PingAccess for OAuth-secured applications.
• Migrated legacy SiteMinder applications to PingAccess.
• Troubleshot access and federation issues.

• Ping Identity Certified Professional (PingOne DaVinci, PingFederate, PingAccess, PingOne)
• Microsoft Identity and Access Administrator (SC - 300)
• Okta Certified Administrator
• SailPoint Identity Security Expert
• One Identity Safeguard Privileged Access Management – Presales & Administrator
• Enterprise Observability (EO)
  SRE Primer (Site Reliability Engineer)