Gayathri Bankuru

• Led end-to-end IAM initiatives by bringing together Okta, Okta Universal Directory, Active Directory (AD), Microsoft Identity Manager (MIM), and SailPoint IdentityNow to create a smooth, centralized identity experience across hybrid AWS and on-prem environments.
• Designed secure and user-friendly access with SSO, MFA, and Step-up Authentication using Okta, OAuth 2.0, OIDC, and SAML 2.0, making it easier for employees and customers to log in while keeping security tight.
• Customized Auth0 for customer identity projects, building tailored login flows, scripting rules in JavaScript, and using token-based security for web and mobile apps.
• Delivered large-scale CIAM solutions with Okta CIAM, Okta Customer Identity Cloud (CIC), and AWS Cognito, enabling social login, passwordless authentication (FIDO2, WebAuthn), and progressive profiling to speed up and simplify user onboarding worldwide.
• Automated user provisioning and deprovisioning with Okta Workflows, SailPoint IdentityNow Lifecycle Manager, and SCIM, cutting down manual work and syncing identities across Salesforce, Workday, ServiceNow, and AWS SaaS apps.
• Managed SailPoint IdentityNow certification campaigns for access reviews and manager attestations, helping the organization stay audit-ready and compliant with SOX and PCI DSS.
• Built custom SailPoint IdentityNow rules and workflows in Beanshell to handle data transformations, role assignments, and approvals without manual intervention.
• Secured sensitive data exchanges between systems using X.509 certificates, JWT, and PKI, ensuring that JSON/XML payloads were encrypted in SSO and Okta–AWS API calls.
• Introduced Zero Trust Architecture and enforced NIST SP 800-63 standards, integrating Splunk and AWS GuardDuty to monitor IAM activity, detect threats, and improve incident response.
• Put in place strong authentication and RBAC to meet PCI DSS and 201 CMR 17 compliance, ensuring that sensitive customer data stayed secure both in the cloud and on-prem.
• Served as the offshore lead, working closely with onshore IAM teams to drive smooth operations, ensure timely incident resolution, and deliver reliable identity services.
• Secured privileged accounts with CyberArk (EPV, PSM, AIM) and Break Glass Access, protecting highlevel credentials in AWS and on-prem systems.
• Worked closely with Agile teams to deliver Okta and SailPoint IdentityNow integrations for Salesforce, enabling automated SCIM provisioning and OAuth 2.0-based SSO.
• Developed backend automation services in Python to handle identity lifecycle events, including provisioning, deprovisioning, and access certification workflows, integrating SailPoint and Okta APIs with enterprise systems like Workday and ServiceNow.
• Implemented OIE Inline Hooks and Event Hooks (Python/PowerShell backend) to extend policy logic for conditional access, identity proofing, and custom MFA rules.
• Created custom compliance dashboards and reports using Microsoft Graph API, Python, and AWS SDK (Boto3) for license tracking, audit reporting, and monitoring user activity.

Environment: Okta, Okta Universal Directory, Active Directory (AD), Microsoft Identity Manager (MIM), AWS, SSO, MFA, Step-up Authentication, OAuth 2.0, OpenID Connect (OIDC), SAML 2.0, Okta CIAM, Okta Customer Identity Cloud (CIC), AWS Cognito, Social Login, Passwordless Authentication (FIDO2, WebAuthn)Progressive Profiling, Okta Workflows, SailPoint IdentityNow, Lifecycle Manager, SCIM, RESTful APIs, Salesforce, Workday, ServiceNow, X.509 Certificates, JWT, PKI, JSON, XML, NIST SP 800-63, Zero Trust Architecture, Splunk, AWS GuardDuty, UEBA, CyberArk EPV, CyberArk PSM, CyberArk AIM, Break Glass Access, Beanshell, Microsoft Graph API, Python, AWS SDK (Boto3)

• Designed and implemented enterprise-wide Identity & Access Management (IAM) frameworks, combining Okta, SailPoint IdentityIQ, to manage user provisioning, deprovisioning, and identity lifecycle management across on-premises and hybrid directories, with integration support for Google Cloud Identity.

• Engineered Role-Based Access Control (RBAC) models and Role Engineering processes, integrating IAM Roles and IAM Policies to support scalable access governance and minimize privilege creep across Active Directory (AD), Okta Universal Directory, with policy evaluation extensions for Google Cloud IAM.

• Designed and automated Access Request Workflows and Delegated Administration using SailPoint’s Access Review Campaigns to streamline approvals and reduce administrative overhead across both Okta and GCP-based applications

• Implemented SailPoint workflows, RBAC models, and delegated admin roles, streamlining user provisioning and reducing manual approvals.

• Integrated access review and governance policies with SailPoint to support audit reporting and enforce privilege boundaries.

• Built and governed Identity Federation & Identity Broker mechanisms, enabling secure Single Sign-On (SSO) across SaaS platforms like Salesforce, Workday, and ServiceNow, using OAuth 2.0, SAML 2.0, OpenID Connect (OIDC) deployed across both Google Workspace and GCP-hosted applications.

• Implemented IAM Log Monitoring & Alerting pipelines using Splunk for behavior-based anomaly detection, leveraging UEBA (User & Entity Behavior Analytics) from Okta.

• Configured Privileged Access Management (PAM) using CyberArk EPV, PSM, and AIM, implementing Secrets Vaulting, High Privilege Workflows, Approval Chains, and granular access controls for administrative accounts with access to both Okta and GCP environments.

• Scripted automation logic using Python (with Boto3) and PowerShell, allowing programmatic interactions with Okta while orchestrating GCP IAM role modifications through Google Cloud SDKs.

• Established access management solutions using Okta, making sure we had solid SSO, Multi-Factor Authentication (MFA), and adaptive access policies. I also handled identity federation using industry standards like SAML 2.0, OpenID Connect (OIDC), and OAuth 2.0.

• A big part of my role involved automating how users were brought on board and how their access was removed. I used SCIM, and RESTful APIs to streamline these processes across various applications, which really cut down on manual work.

• I configured security features within both Okta and AWS to keep an eye out for and tackle security threats, particularly by looking for unusual user behaviors and sudden spikes in access.

• I was keen on making sure people only had the access they absolutely needed. I designed and enforced detailed access rules, using things like OAuth scopes, JWT claims all integrated with Okta.

• Keeping us compliant was key. I helped set up comprehensive reporting and ensured Okta audit logs were properly kept. I also used AWS CloudWatch for policy attestation, making sure we met important industry standards like ISO 27018 and NIST 800-63.

• My work contributed to consolidating our various identity systems into one solid core. This meant embedding SSO, MFA, and Federation Protocols right into every access point, primarily leveraging Okta and AWS

Environment: Okta, SailPoint IdentityIQ, Active Directory (AD), Okta Universal Directory, Azure AD, Google Cloud Identity, Google Cloud IAM, Salesforce, Workday, ServiceNow, OAuth 2.0, SAML 2.0, OpenID Connect (OIDC), Splunk, CyberArk (EPV, PSM, AIM), Python, PowerShell, Boto3, Google Cloud SDK. Okta, AWS MFA, SSO, SCIM, RESTful APIs, OAuth Scopes, JWT Claims, AWS CloudWatch, Okta Audit Logs, ISO 27018, NIST 800-63