Define and maintain modern authentication standards for applications and APIs (OAuth2/OIDC/SAML), including reference architectures.
Support project teams in implementing and troubleshooting auth flows (Auth Code + PKCE, Device Code, Client Credentials, OBO), including edge cases and production incidents.
Review and harden token/session configurations (lifetimes, refresh behaviour, session controls) and advise on mitigations for common auth threats (replay, token theft).
Design and standardize claims/attributes strategy (least-privilege claims, normalization across IdPs, group/role overage handling) for scalable integrations.
Define API access models and permission strategy (scopes vs roles, delegated vs app permissions) and govern consent patterns (admin/incremental) for least privilege and auditability.
Configure and operate federation integrations (IdP/SP), including metadata management, planned ro...