Rizwan Haneef

Dedicated AD Engineer with over 15 years of experience in enterprise IAM with strong focus on Microsoft Active Directory, Entra ID (Azure Active Directory) and Access Management solutions for enterprise-level organizations. Skilled in implementing comprehensive identity management solutions, including hybrid identity, SSO, MFA enforcement, conditional access, PAM, PIM and federation services. Proven track record in optimizing security protocols and user access management.

Increasing operational efficiency and security compliance.

AD ENGINEER (ACTIVE DIRECTORY) - JOHNSON MATTHEY SERVICES SDN. BHD - Malaysia

(2020-06)

• Executes all Microsoft Active Directory (AD) related operational and technical level support and maintenance activities, including production tools/applications feeding, synchronized, and used for integration with AD (including federated login, provisioning and deprovisioning).
• Responsible for maintaining AD Forest, Domain, DNS, Replication, Authentication, Security, PKI, ADFS, Group Policy, Intune, AD Recovery and Entra ID
• Perform SSO and MFA integrations using OKTA and Entra ID
• Accountable for Identity Access Management, ensure that the process for setting up for user access management and security group.
• Lead OKTA deployment: agent installation, application integration, policy setup
• Lead ARS, delegated access, policy and workflow.
• Manage the Role Based Access Control (RBAC) on the Active Directory.
• Perform creation, delegation and modification of Group Policy Objects (GPO)
• Supporting other applications such as Enterprise Reporter, Change Auditor, Recovery Manager and CyberArk.
• Provide technical level support to L2 AD Engineer

AD ENGINEER (ACTIVE DIRECTORY) - OKTA Responsibilities - JOHNSON MATTHEY SERVICES SDN. BHD - Malaysia

(2020-06)

• Designed and implemented OKTA as the core Identity Provider for enterprise-wide authentication and access control.
• Integrated key enterprise applications (Workday, Zscaler, Cisco VPN, CyberArk, Office365, Splunk) using SAML and OpenID Connect protocols.
• Set up OKTA Access Gateway to secure on-prem applications with modern authentication policies.
• Developed custom API access policies using OKTA APIs to manage application token lifecycles and enhance API security.
• Implemented and enforced comprehensive MFA strategies including Okta Verify, SMS, Voice Call, Security Questions and FIDO-based authentication and aligned to application risk profiles.
• Managed Push Group provisioning and automated user lifecycle management for applications like Zscaler.
• Established segregation of duties with delegated admin roles and enforced access control across trusted and non-trusted zones.
• Configured and enforced password, sign-on and MFA policies in line with organizational security requirements.
• Integrated Office 365 via WS-Federation, enabling secure sign-on and applying MFA controls through both Okta and Azure AD.

AD ENGINEER (ACTIVE DIRECTORY) - ARS Responsibilities - JOHNSON MATTHEY SERVICES SDN. BHD - Malaysia

(2020-06)

• Installed and configured Quest Active Roles Server (ARS) to centralize and secure AD administration through custom polices, forms, workflows and delegated roles.
• Designed and implemented automated provisioning and deprovisioning workflows using ARS scripting and synchronization service.
• Integrated Workday with ARS to automate account creation, disablement and termination workflows.
• Managed mailbox provisioning via Exchange and enforced policy compliance across environments.
• Managed Quest Starling Connectors and Active Roles Synchronization Service (ARSS) to support seamless integration between cloud HR system Workday and Active Directory.
• Built and maintained data mappings, connection setup, sync logic and transformation rules to support real-time identity provisioning across cloud and on-prem
• Ensured synchronization, reliability and performance by monitoring logs, handling sync failures and coordinating with architecture and security stakeholders.

AD ENGINEER (ACTIVE DIRECTORY) - Microsoft Entra ID (Azure AD) Responsibilities - JOHNSON MATTHEY SERVICES SDN. BHD - Malaysia

(2020-06)

• Managed and configured Enterprise Applications in Entra ID to enable secure SSO and integrate with cloud and on-prem apps via SAML and OpenID connect.
• Created and administered App registrations, configuring API permission, redirect URIs, client secrets, and certificates for secure authentication and authorization.
• Implement and fine-tuned Conditional Access Policies.
• Applied MFA enforcement, session controls and grant controls for high-privilege roles.
• Configured PIM policies for Azure AD roles, enabling approval workflows, MFA enforcement, activation notifications and access reviews.

AD ENGINEER (ACTIVE DIRECTORY) - CyberArk Administration - JOHNSON MATTHEY SERVICES SDN. BHD - Malaysia

(2020-06)

• Responsible for day-to-day administration of CyberArk Privileged Access Management (PAM) system.
• Onboarded privileged accounts and managed safes, platforms and user permissions.
• Configured password rotation policies, access control and session monitoring
• Supported user access request, troubleshooting and issue resolution.
• Worked with SME to maintain secure and compliant privileged access.

ACTIVE DIRECTORY ENGINEER - HUNTSMAN GLOBAL BUSINESS SERVICES SDN. BHD - Malaysia

(2015-03 - 2020-05)

• Executes all Microsoft Active Directory (AD) related operational and technical level support and maintenance activities, including production tools/applications feeding, synchronized, and used for integration with AD (including federated login and provisioning).
• Execute all operational and technical support activities related to Microsoft Active Directory (AD), including integration with production systems for federated login, user provisioning, and application synchronization.
• Supervise AD technical teams in handling incident management, including high-priority escalations, change control, and service requests beyond standard operational thresholds.
• Ensure adherence to Change Management processes for all AD configuration and access control updates.
• Collaborate on AD architecture design to meet evolving project and business requirements, contributing to scalability, security, and performance improvements.
• Recommend and drive initiatives for automation, standardization, and consolidation within Directory Services to improve operational efficiency and reduce manual effort.
• Support a wide range of IAM and infrastructure applications, including Azure AD, OKTA, Active Roles Server, Quick Connect, TPAM, InTrust, Enterprise Reporter, Change Auditor, CyberArk, Infoblox, and Workday.
• Participate in internal audits, including sox compliance, and ensure control standards are applied across identity and access-related systems, both internal and external.

ACTIVE DIRECTORY ENGINEER - Microsoft Entra ID (Azure AD) Responsibilities - HUNTSMAN GLOBAL BUSINESS SERVICES SDN. BHD - Malaysia

(2015-03 - 2020-05)

• Managed and configured Enterprise Applications in Entra ID to enable secure SSO and integrate with cloud and on-prem apps via SAML and OpenID connect.
• Created and administered App registrations, configuring API permission, redirect URIs, client secrets, and certificates for secure authentication and authorization.
• Implement and fine-tuned Conditional Access Policies.
• Applied MFA enforcement, session controls and grant controls for high-privilege roles.
• Configured PIM policies for Azure AD roles, enabling approval workflows, MFA enforcement, activation notifications and access reviews.

ACTIVE DIRECTORY ENGINEER - CyberArk Administration - HUNTSMAN GLOBAL BUSINESS SERVICES SDN. BHD - Malaysia

(2015-03 - 2020-05)

• Responsible for day-to-day administration of CyberArk Privileged Access Management (PAM) system.
• Onboarded privileged accounts and managed safes, platforms and user permissions.
• Configured password rotation policies, access control and session monitoring
• Supported user access request, troubleshooting and issue resolution.
• Worked with SME to maintain secure and compliant privileged access.

ACTIVE DIRECTORY ENGINEER - AIG GLOBAL SERVICES (MALAYSIA) - Malaysia

(2014-03 - 2015-02)

• Contribute to the detailed design of the future state AD architecture.
• Perform all technical tasks related to the Active Directory consolidation project of 16 domains.

SENIOR SYSTEMS ENGINEER - WOLTERS KLUWER ASIA PACIFIC - Asia Pacific

(2012-09 - 2014-02)

Enterprise Domain administrator managing the day-to-day operational readiness of all server and Hosting environments in Asia Pac, as well as project work and other duties as required by the Business.

SYSTEMS ENGINEER (AD TECHNICAL CONSULTANT) - PETROLIAM NASIONAL BERHAD (PETRONAS ICT) - Malaysia

(2010-12 - 2012-08)

Involved in the project implementation (Active Directory Migration) for PETRONAS. Works as team members in migration of file and print servers, user profile and computer object from Novell platform to Windows environment. Configures the servers, Active Directory structure and security policy for AD objects.

IT ADMINISTRATOR ANALYST (SHIFT LEAD) - SHELL ACCOUNT (HP)

(2010-12 - 2012-08)

Provide Global IT services for Shell staff and handle IT projects.

Bachelor's Degree - Information Technology