PricewaterhouseCoopers logo

CEDA -TMS - ICA - Cloud, CRM & Identity (SSO) Engineer - Senior Associate - Operate

PricewaterhouseCoopers
7 days ago
Full-time
On-site
Bengaluru, India
Web, SaaS & Digital Infrastructure

Industry/Sector

Not Applicable

Specialism

Managed Services

Management Level

Senior Associate

Job Description & Summary

Job Title: Senior Associate – Cloud, CRM & Identity (SSO) Analyst  

Line of Service: Managed Services 

Industry/Sector: Healthcare  

Specialism: Cloud, CRM & Identity/Access Management Operations 

 

Management Level 

Senior Associate 

 

Job Description & Summary 

A career within PwC Managed Services will provide you with the opportunity to support clients in running secure, reliable, and compliant cloud infrastructure, CRM platforms, and identity/SSO services at scale, ensuring seamless authentication, strong access governance, and stable application operations across the enterprise. 

As a Senior Associate, you will support a cross-cutting technology scope spanning Single Sign-On (SSO) / Identity & Access Management (IAM), cloud platforms (primarily Microsoft Azure), Salesforce / CRM systems, cloud integrations, and security & access management for Bassett Health, a US-based healthcare system operating hospitals, clinics, and outpatient facilities. SSO/identity and cloud services underpin the entire enterprise application landscape—connecting clinical (EHR), financial (Infor CSF), HR/Payroll (UKG(FORMERLY KRONOS)), CRM (Salesforce), and departmental applications. Authentication failures or access issues impact every application and every user, making this role foundational to the managed services engagement. 

This is a Managed Services engagement (not implementation or consulting) focused on steady-state operations, L2/L3 support, configuration management, monitoring, incident resolution, SLA adherence, security & access governance, and continuous improvement. You will perform hands-on execution with moderate autonomy, contributing to incident resolution, configuration changes, and operational improvements while collaborating with and escalating to senior team members as needed. 

You will work from PwC's India Acceleration Center (India AC), supporting US business hours/shifts as required, and will coordinate with onshore delivery teams and client stakeholders across IT, security/SOC, application teams (Finance, HR, clinical, enterprise apps), and infrastructure teams. You will also participate in transition and knowledge transfer activities from the incumbent vendor. 

Note to Hiring/TA team: This is a cross-domain technical operations role—not a single-skill specialist position. The ideal candidate is comfortable working across identity/SSO infrastructure, cloud platforms (Azure), and CRM/Salesforce administration, with strong security awareness and healthcare compliance understanding (HIPAA). The candidate must understand that SSO/identity is a high-criticality, high-urgency service area where incidents have enterprise-wide impact. 

 

Responsibilities 

As a Senior Associate, you'll work as part of a team of problem solvers helping clients maintain secure, reliable, and compliant cloud, CRM, and identity operations. Specific responsibilities include: 

Single Sign-On (SSO) & Identity/Access Management (IAM) 

SSO Provider Administration: 

  • Provide L2/L3 support for the client's SSO/identity infrastructure—ensuring seamless, secure authentication across the enterprise application portfolio (Infor CSF, UKG(FORMERLY KRONOS), Salesforce, EHR, employee portals, departmental applications) 

  • Administer the SSO/identity provider platform (e.g., Microsoft Entra ID/Azure AD, Okta, Ping Identity, ADFS, or similar)—managing SSO configurations, federation trusts, and identity provider (IdP) settings 

  • Manage SAML, OIDC, and OAuth integration configurations for enterprise applications—maintaining relying party trusts, client IDs/secrets, redirect URIs, claim rules, and token configurations 

Application SSO Onboarding & Troubleshooting: 

  • Support SSO onboarding for new applications—configuring federation trusts, testing authentication flows, and validating end-to-end SSO functionality 

  • Troubleshoot authentication failures across applications: 

  • SAML trace analysis—reading SAML assertions, identifying claim/attribute mapping errors, and resolving assertion validation failures 

  • OAuth/OIDC token flow diagnosis—analyzing token issuance, expiration, scope issues, and refresh token problems 

  • Certificate management—monitoring SSL/TLS and signing certificate expirations, coordinating certificate renewals, and resolving certificate-related authentication failures 

  • Redirect and session issues—diagnosing redirect loop errors, session timeout configurations, and cross-domain authentication problems 

  • Interpret Azure AD/Entra ID sign-in logs and audit logs to diagnose authentication failures, identify patterns, and support security investigations 

Multi-Factor Authentication (MFA): 

  • Support MFA policy administration—managing MFA enrollment, configuring MFA methods (authenticator app, phone, FIDO2 keys), and troubleshooting MFA failures (locked accounts, device registration issues, bypass requests) 

  • Support MFA rollout and adoption activities—user communication, enrollment support, and exception management 

Conditional Access Policies: 

  • Configure and maintain conditional access rules in coordination with security teams: 

  • Device compliance requirements 

  • Location-based access restrictions (trusted locations, geo-blocking) 

  • Risk-based authentication (sign-in risk, user risk) 

  • Application-specific access policies 

  • Session controls (sign-in frequency, persistent browser) 

  • Troubleshoot conditional access-related access denials and policy conflicts 

User Lifecycle & Access Management: 

  • Support user lifecycle management from an identity perspective: 

  • Account provisioning and deprovisioning aligned to HR lifecycle events 

  • Group membership management and role-based access assignments 

  • Automated provisioning support (SCIM-based provisioning, HR-driven provisioning from UKG(FORMERLY KRONOS)) and troubleshooting of provisioning sync failures 

  • Support periodic access reviews and recertification—generating access reports, identifying excessive privileges, and supporting least-privilege enforcement 

  • Manage privilege audits—reviewing administrative access, service accounts, and API credentials across identity-connected applications 

Directory Services Support: 

  • Support Active Directory (AD) administration—user/group management, OU structure maintenance, group policy troubleshooting, and AD replication health monitoring 

  • Support Azure AD/Entra ID administration—user/group management, directory sync (AD Connect) health monitoring, device management, and hybrid identity configuration support 

  • Troubleshoot AD Connect/sync issues—synchronization errors, attribute mapping discrepancies, and password hash sync/pass-through authentication problems 

HIPAA Identity Compliance: 

  • Ensure identity and access management practices comply with HIPAA Security Rule requirements: 

  • Access controls (unique user identification, emergency access procedures) 

  • Audit controls (login audit trails, access event logging) 

  • Minimum necessary access enforcement 

  • Workforce clearance and termination procedures (timely deprovisioning) 

  • Support HIPAA audit evidence collection—access logs, provisioning/deprovisioning records, access review documentation, and MFA enrollment reports 

Cloud Platforms (Azure/AWS) 

Azure Resource Management: 

  • Provide L2/L3 support for the client's Microsoft Azure cloud environment—ensuring resource health, performance, and availability 

  • Support Azure resource administration: 

  • Virtual Machines (VMs)—provisioning, sizing, start/stop management, disk management, and performance troubleshooting 

  • App Services—application deployment support, scaling configuration, and health monitoring 

  • Azure SQL—database health monitoring, performance troubleshooting, backup validation, and access management 

  • Storage Accounts—blob/file/table storage management, access key rotation, and lifecycle management policies 

  • Networking—VNet configurations, subnet management, NSG rule administration, load balancer health, and DNS zone management 

  • Resource Groups—organizing resources, tagging, and access control (RBAC) at the resource group level 

Cloud Monitoring & Alerting: 

  • Configure and manage Azure Monitor, Log Analytics, and Application Insights—ensuring comprehensive monitoring of cloud-hosted applications and infrastructure 

  • Manage alert rules—configuring thresholds, notification channels (email, Teams, PagerDuty/webhooks), and alert suppression during maintenance windows 

  • Monitor and respond to cloud resource alerts—VM health, disk space, CPU/memory utilization, application errors, and availability degradation 

  • Support log analysis and diagnostics—querying Log Analytics (KQL) for troubleshooting and performance investigation 

Cloud Cost Management: 

  • Monitor Azure consumption and spend—tracking resource utilization against budgets 

  • Identify cost optimization opportunities—right-sizing underutilized VMs, identifying unused resources (orphaned disks, unattached IPs), recommending reserved instance purchases, and supporting Azure Advisor recommendations 

  • Support cost reporting—generating consumption reports and contributing to budget/spend reviews 

Cloud Security Posture: 

  • Support Azure Security Center/Defender for Cloud recommendations—reviewing security findings, coordinating remediation, and tracking compliance scores 

  • Ensure resource configurations meet security baselines—storage account encryption, network access restrictions, key vault usage, and diagnostic logging enablement 

  • Support vulnerability management—assisting with remediation of security vulnerabilities identified in cloud resources 

  • Ensure encryption at rest and in transit for cloud-hosted data and applications 

Backup & Disaster Recovery: 

  • Support Azure Backup configurations—backup policy management, backup job monitoring, and restore testing support 

  • Support Azure Site Recovery configurations—DR replication health monitoring, failover testing coordination, and RTO/RPO validation 

  • Maintain documentation of DR procedures for cloud-hosted workloads 

Cloud Networking: 

  • Support VPN gateway management—site-to-site and point-to-site VPN health monitoring and troubleshooting 

  • Support ExpressRoute/private connectivity monitoring (if applicable) 

  • Manage Network Security Group (NSG) rules—reviewing, updating, and auditing NSG configurations for security compliance 

  • Support DNS zone management—Azure DNS record management and resolution troubleshooting 

Patch & Update Management: 

  • Support Azure Update Management or similar for cloud VM patching—scheduling patch windows, monitoring patch compliance, and troubleshooting failed patches 

  • Coordinate maintenance windows with application teams to minimize disruption to healthcare operations 

Cloud Coordination: 

  • Coordinate with Infor Cloud Operations for Infor-hosted services (Infor CSF, Infor OS)—escalating tenant-level issues, supporting maintenance activities, and validating cloud health after updates 

  • Collaborate with application teams for cloud-hosted application support—ensuring infrastructure meets application performance and availability requirements 

Salesforce / CRM Systems 

Salesforce Administration: 

  • Provide L2/L3 support for Salesforce (or similar CRM platform) used by the client for relationship management, referral management, outreach, fundraising/development, or operational CRM functions 

  • Perform Salesforce administration tasks: 

  • User management—creating/deactivating users, profile and permission set assignments, role hierarchy management 

  • Page layout customization, record type configuration, and field-level security 

  • Validation rules, workflow rules, and process builder/flow maintenance 

  • Email templates, email alerts, and notification configurations 

  • Custom objects, fields, and relationship management 

  • Manage Salesforce data quality—duplicate management, data import/export support (Data Loader, Data Import Wizard), data cleansing, and data retention/archival support 

  • Create and maintain Salesforce reports and dashboards—building reports and dashboards for business users, configuring report scheduling and distribution, and managing list views and report folders 

  • Troubleshoot Salesforce issues: 

  • Login/SSO failures (coordinating with identity/SSO function) 

  • Workflow/automation errors (flow failures, process builder exceptions) 

  • Data sync discrepancies with integrated systems 

  • Performance issues and governor limit concerns 

  • User access and permission problems 

Salesforce Integration Support: 

  • Monitor and troubleshoot integrations between Salesforce and other enterprise systems: 

  • Salesforce ↔ EHR (referral data, patient engagement data) 

  • Salesforce ↔ Finance/Infor CSF (donor/revenue data, if applicable) 

  • Salesforce ↔ Marketing platforms (campaign data, outreach) 

  • Salesforce ↔ Third-party data sources (community health data, partner feeds) 

  • Support API-based and middleware-based integrations—monitoring API usage, troubleshooting connected app issues, and validating data flow accuracy 

  • Coordinate with the Infor ION/IPA integration team for cross-system integration issues 

Salesforce Release & Change Management: 

  • Support sandbox management—creating/refreshing sandboxes, managing sandbox-to-production deployments 

  • Support change set deployments—validating, deploying, and testing configuration changes 

  • Support Salesforce seasonal release readiness—reviewing release notes, testing impact on existing configurations, and coordinating updates with business users 

Salesforce AppExchange & License Management: 

  • Administer installed AppExchange/managed packages—monitoring package health, coordinating vendor updates, and troubleshooting package issues 

  • Track Salesforce license utilization—monitoring license types, identifying optimization opportunities, and supporting renewal planning 

Healthcare CRM Context: 

  • Understand the healthcare context for CRM usage: 

  • Patient/community outreach and engagement 

  • Physician referral management 

  • Donor/fundraising management (development office) 

  • Community health programs 

  • Ensure PHI/PII handling compliance in CRM data—access controls, data classification, and HIPAA-aligned data governance 

Cloud Integrations & Administration 

Cloud Integration Support: 

  • Support and troubleshoot cloud-based integrations connecting enterprise applications: 

  • Azure Integration Services (Logic Apps, API Management, Service Bus) if applicable—monitoring workflow execution, troubleshooting connector failures, and managing API policies 

  • Cloud-to-on-premises connectivity—hybrid integration support, VPN-based data flows, and on-premises gateway health 

  • API management and monitoring—API health checks, throttling configuration, error rate monitoring, and authentication troubleshooting 

  • Cloud-based file transfer—Azure Blob Storage data exchange, SFTP gateway management, and cloud-based ETL/data flow monitoring 

SaaS Application Administration: 

  • Support cloud application administration for SaaS applications in the client's ecosystem: 

  • License management and utilization tracking across SaaS platforms 

  • Configuration management and vendor coordination for SaaS updates/patches 

  • SSO integration and access management for SaaS applications (coordinating with identity function) 

Security & Access Management (Cross-Cutting) 

Privileged Access Management (PAM): 

  • Support privileged access management practices: 

  • Managing privileged accounts for cloud and application administrators 

  • Supporting just-in-time (JIT) access provisioning for administrative tasks 

  • Monitoring privileged session activity and reviewing access logs 

  • Ensuring privileged accounts follow least-privilege and separation of duties principles 

Security Incident Support: 

  • Assist with investigation of access-related security incidents in coordination with the client's security/SOC team: 

  • Unauthorized access attempts and brute-force detection 

  • Compromised account investigation (credential leak, suspicious sign-in patterns) 

  • Suspicious CRM data access or export activity 

  • Cloud resource access anomalies 

  • Provide identity and access logs/evidence to support security investigations 

Vulnerability Management: 

  • Assist with remediation of security vulnerabilities identified in cloud resources, CRM platforms, and identity infrastructure: 

  • Patching and configuration remediation for cloud VMs and services 

  • Salesforce security health check remediation 

  • SSO/identity configuration hardening 

Compliance Reporting & Audit Support: 

  • Generate compliance and access reports for HIPAA and organizational audits: 

  • Access reports (who has access to what, privilege levels) 

  • Login audit logs (successful/failed authentication events) 

  • Privilege usage reports (administrative actions, elevated access usage) 

  • MFA enrollment and compliance reports 

  • Cloud security posture reports (Defender for Cloud compliance scores) 

  • CRM access and data export logs 

  • Organize and maintain audit evidence in a retrievable and organized manner 

Encryption & Data Protection: 

  • Ensure encryption at rest and in transit across cloud resources, CRM data, and identity infrastructure: 

  • Azure storage/VM disk encryption, Azure SQL TDE, Key Vault management 

  • Salesforce encryption and Shield (if applicable) 

  • TLS/SSL for identity federation and API communications 

  • Support data loss prevention (DLP) policies awareness across cloud and CRM platforms 

Security Baseline Enforcement: 

  • Ensure cloud resources, CRM configurations, and SSO settings adhere to client security policies and HIPAA technical safeguard requirements: 

  • Access controls (unique user identification, role-based access) 

  • Audit controls (comprehensive logging and retention) 

  • Transmission security (encryption in transit) 

  • Integrity controls (data validation and tamper protection) 

Operations & Incident Management 

  • Log, track, and resolve incidents and service requests across cloud, CRM, and identity/SSO within defined SLAs using ticketing tools (e.g., ServiceNow/JSM) 

  • Prioritize identity/SSO incidents with appropriate urgency—authentication failures have enterprise-wide impact affecting all users and applications 

  • Follow escalation protocols—escalating complex or high-impact issues (major SSO outages, cloud security incidents, CRM data integrity issues) to senior team members, vendors, or security/SOC teams with clear documentation 

  • Support root cause analysis for recurring incidents—contributing to known-error documentation and preventive actions 

Change Management & Documentation 

  • Follow change management discipline for identity/SSO and cloud changes—recognizing that: 

  • SSO configuration changes can have wide-reaching authentication impacts across all connected applications 

  • Cloud infrastructure changes can affect application availability and performance 

  • CRM configuration changes can impact business workflows and data integrity 

  • Ensure all changes are properly assessed, tested, approved, and documented before deployment 

  • Maintain and update comprehensive documentation with discipline and accuracy: 

  • SSO application catalog—inventory of all SSO-integrated applications with federation type, claim configurations, and certificate expiration dates 

  • Federation trust documentation—SAML/OIDC configuration details for each integrated application 

  • Conditional access policy documentation—policy inventory, logic, and scope 

  • Cloud resource inventory and architecture diagrams—Azure resource catalog, network topology, and dependency maps 

  • CRM configuration documentation—Salesforce object model, automation inventory, integration catalog, and user role matrix 

  • Runbooks and SOPs for routine operations across all three domains 

  • Known-issue logs and troubleshooting guides 

License Management 

  • Track license utilization across cloud and CRM platforms: 

  • Azure subscription and resource consumption 

  • Salesforce user licenses, feature licenses, and platform licenses 

  • SaaS application licenses across the portfolio 

  • Identify optimization opportunities—unused licenses, over-provisioned resources, and consolidation options 

  • Support renewal planning—providing utilization data and recommendations for license renewals 

Cross-Functional Coordination 

  • Coordinate across application teams (Finance/Infor CSF, HR/UKG(FORMERLY KRONOS), clinical/EHR, enterprise apps), infrastructure, and security for: 

  • SSO/authentication issues impacting specific applications 

  • Cloud resource requirements for application deployments 

  • CRM integration issues with backend systems 

  • Security findings requiring cross-team remediation 

  • Access provisioning/deprovisioning coordination across systems 

Transition & Continuous Improvement 

  • Participate in transition and knowledge transfer from incumbent vendor: 

  • SSO configuration documentation—application catalog, federation trusts, conditional access policies, MFA settings 

  • Cloud resource inventory—Azure resource catalog, architecture documentation, monitoring/alerting configurations 

  • CRM configuration capture—Salesforce configuration, automation inventory, integration documentation, and user/role setup 

  • Identity/access governance documentation—access review processes, provisioning procedures, and compliance reporting templates 

  • Identify and propose opportunities for continuous improvement: 

  • SSO onboarding streamlining and certificate lifecycle automation 

  • Cloud monitoring enhancement and alert optimization 

  • CRM workflow optimization and user adoption improvement 

  • Automated provisioning/deprovisioning enhancements 

  • Security posture improvement recommendations 

 

Skills and Experience 

  • 4–8+ years of experience across identity/SSO, cloud platforms, and CRM/application administration, with a blend of skills across at least two of the three domains 

  • SSO/Identity & Access Management experience (strongly preferred): 

  • Hands-on experience with Microsoft Entra ID/Azure AD (preferred), Okta, Ping Identity, ADFS, or similar identity platforms 

  • Understanding of SAML, OIDC, OAuth 2.0 protocols and federation configurations 

  • Experience troubleshooting authentication failures—reading SAML traces, analyzing token flows, diagnosing certificate issues, and interpreting sign-in logs 

  • Experience with MFA administration, conditional access policies, and access review processes 

  • Understanding of Active Directory and hybrid identity (AD Connect) concepts 

  • Cloud platform experience (preferred): 

  • Hands-on experience with Microsoft Azure (preferred) or AWS—resource management, monitoring, networking, and security 

  • Experience with Azure Monitor, Log Analytics, and cloud alerting configurations 

  • Understanding of cloud security posture management (Azure Security Center/Defender for Cloud) 

  • Awareness of cloud cost management concepts 

  • Salesforce/CRM administration experience (preferred): 

  • Hands-on Salesforce administration—user management, security model, page layouts, validation rules, workflow/process automation, reports/dashboards 

  • Experience with Salesforce data management and integration support 

  • Understanding of Salesforce release management (sandbox management, change sets) 

  • Experience working in SLA-driven managed services, shared services, or IT operations environments 

  • Strong understanding of security and access management principles—RBAC, least privilege, access reviews, audit logging, and compliance reporting 

  • Knowledge of data privacy and compliance requirements—HIPAA awareness, PHI/PII handling, and healthcare security controls 

  • Structured troubleshooting skills—ability to read logs (SAML traces, Azure sign-in logs, Salesforce debug logs), analyze error messages, and diagnose issues methodically 

  • Experience with ITSM/ticketing tools (ServiceNow, Jira Service Management, or similar) 

  • Strong documentation discipline—experience creating and maintaining configuration documentation, runbooks, and architecture diagrams 

  • Good communication skills—ability to coordinate with diverse teams (application teams, infrastructure, security/SOC, business users) 

  • Ability to work in US shift hours from India AC as required by the engagement 

 

Preferred Knowledge/Skills 

  • Experience supporting US healthcare organizations with complex, multi-application identity and cloud environments 

  • Salesforce certifications (Salesforce Administrator, Salesforce Platform App Builder) or equivalent experience 

  • Microsoft certifications (AZ-104 Azure Administrator, SC-300 Identity and Access Administrator, AZ-500 Azure Security Engineer) or equivalent experience 

  • Experience with automated user provisioning (SCIM, HR-driven provisioning) and integration with HRIS systems (UKG(FORMERLY KRONOS), Workday, or similar) 

  • Exposure to Infor CloudSuite ecosystem (Infor OS, Ming.le, ION) from an identity/SSO or platform perspective 

  • Experience with EHR platforms (Epic, Cerner/Oracle Health, MEDITECH) from an SSO/access management perspective 

  • Familiarity with cloud integration services (Azure Logic Apps, API Management, Service Bus) or comparable middleware 

  • Experience with Privileged Access Management (PAM) tools (CyberArk, BeyondTrust, Azure PIM) 

  • Understanding of HIPAA Security Rule technical safeguards in detail—access controls, audit controls, transmission security, and integrity controls 

  • Experience with cloud cost optimization and FinOps concepts 

  • Familiarity with Infrastructure as Code concepts (ARM templates, Terraform, Bicep) is a plus 

  • Experience participating in managed services transitions—configuration discovery, documentation, and operational handover 

  • Understanding of ITIL v3/v4 service management framework 

 

PwC Professional Skills and Responsibilities 

PwC Professional skills and responsibilities for this management level include but are not limited to: 

  • Apply a structured and security-conscious problem-solving mindset across identity, cloud, and CRM operations—recognizing the enterprise-wide impact of SSO/identity issues and the sensitivity of healthcare data 

  • Use feedback and reflection to continuously develop technical depth across identity/SSO protocols, Azure cloud services, and Salesforce/CRM administration 

  • Handle sensitive healthcare and identity data responsibly—maintaining integrity, confidentiality, and strict compliance with HIPAA, organizational security policies, and access governance requirements 

  • Communicate effectively and professionally with onshore teams, client stakeholders, security/SOC teams, and cross-functional application/infrastructure partners—providing clear status updates, incident documentation, and change communications 

  • Demonstrate strong documentation discipline—maintaining accurate SSO application catalogs, cloud resource inventories, CRM configuration guides, and security/access documentation 

  • Demonstrate ownership and reliability in an offshore delivery model—maintaining responsiveness, quality, and trust across time zones, particularly for high-urgency identity and security incidents 

  • Uphold PwC's code of ethics and business conduct, ensuring strong governance, security awareness, and ethical standards in all operations involving identity, access, cloud, and CRM data 

 

Travel Requirements

Not Specified

Job Posting End Date