Securing Identities,
Governing Access.
I help organisations design and implement identity governance programs that reduce risk, enforce least privilege, and pass audits — using SailPoint, Okta, and Azure AD.
End-to-End Identity Governance
From role architecture to attestation campaigns, I deliver IAM programs that scale with your organisation.
Role Engineering & RBAC
Deep-dive role mining using both top-down and bottom-up methodologies. I build scalable role catalogues that enforce least privilege across every department.
SoD Policy Design
Define and implement Segregation of Duties policies — both entitlement-based and role-based — including cross-application conflict detection and exception workflows.
Certification Campaigns
Orchestrate manager and application-owner access reviews, configure lifecycle phases, and automate revocation workflows to reduce certification fatigue.
Connector Integration
Build and maintain connectors for Active Directory, Azure AD/Entra ID, Okta, and custom applications — including schema configuration, aggregation, and provisioning rules.
Compliance & Audit Readiness
Prepare comprehensive evidence packages, policy violation reports, and exception documentation to satisfy SOX, ISO 27001, and internal audit requirements.
What I Deliver & When
IAM Health Check and initial consultation are complimentary. Engagement pricing is discussed at your first meeting.
| Service | What's Delivered | Timeline | Investment |
|---|---|---|---|
| IAM Health Check | Scorecard PDF, 3 priority actions | Free / 1 day | Free |
| Current State / Target State Assessment | Gap analysis, roadmap document | 2–4 weeks | Scoped to engagement |
| AD Cleanup & Identity Hygiene | Stale accounts removed, groups rationalised | 2–4 weeks | Scoped to engagement |
| MFA Rollout | Entra MFA or Okta MFA deployed, policy configured | 2–4 weeks | Scoped to engagement |
| Conditional Access Policy Design | CA policies built, tested, documented | 1–2 weeks | Scoped to engagement |
| Joiner/Mover/Leaver Automation | Automated provisioning via Entra / SailPoint | 4–8 weeks | Scoped to engagement |
| Role Engineering & RBAC Design | Role catalogue, least-privilege mapping | 4–8 weeks | Scoped to engagement |
| SoD Policy Design | SoD ruleset, violation report, exception process | 3–6 weeks | Scoped to engagement |
| IGA Platform Implementation | SailPoint IIQ/IDN or Entra ID Governance end-to-end | 8–16 weeks | Scoped to engagement |
| PAM Implementation | Entra PIM or CyberArk for privileged accounts | 4–8 weeks | Scoped to engagement |
| Cloud Identity Migration | On-prem AD → Entra ID, hybrid → cloud-only | 8–16 weeks | Scoped to engagement |
| ACSC Essential 8 IAM Uplift | Maturity level 1→2 for identity controls (E8 3, 5, 6) | 4–8 weeks | Scoped to engagement |
| APRA CPS 234 Compliance & Audit Readiness | Evidence packages, attestation, policy documentation | 3–6 weeks | Scoped to engagement |
| Ongoing vIAM Retainer | Monthly access reviews, policy updates, advisory | Ongoing | Scoped to engagement |
Technology Expertise
Hands-on experience with the industry's leading identity governance and administration platforms.
SailPoint IIQ
IdentityIQ administration, role mining, SoD policies, certification campaigns, workflow configuration, and BeanShell customisation.
Okta
SSO federation, MFA policies, lifecycle management, OAuth 2.0/OIDC integration, and Universal Directory configuration.
Azure AD / Entra ID
Conditional Access policies, Privileged Identity Management, App Registrations, SAML/SCIM configuration, and hybrid identity setup.
Active Directory
OU structuring, Group Policy, PowerShell automation, user lifecycle scripts, and AD-to-IGA connector configuration.
API & Web Services
OAuth 2.0 token flows, REST API integration, web services connectors, and Postman-based testing for identity provisioning pipelines.
Network & Infra
Cisco networking (Layer 1–3), network infrastructure troubleshooting, and identity-aware network access control integration.
Real-World IAM Projects
Production-inspired environments built to demonstrate enterprise-grade IAM capability end to end.
Metaverse IAM Lab
Enterprise Identity Governance & Hybrid Identity Environment
Overview
A production-inspired Identity and Access Management environment built across multiple VMs to demonstrate enterprise-grade capability in IAM systems architecture, identity governance engineering, access automation, and operational troubleshooting.
Key Capabilities Demonstrated
Architecture
Project Screenshots
Keyur Purohit
I am an IAM specialist based in Melbourne, Australia, with deep expertise in identity governance, role engineering, and access management. My work spans the full IGA lifecycle — from initial role mining and RBAC strategy through SoD policy implementation and certification campaign orchestration.
I combine infrastructure knowledge (Cisco networking, Active Directory, Azure) with identity governance platforms (SailPoint IdentityIQ, Okta) to deliver solutions that are technically sound and operationally practical. Whether building a greenfield IAM program or optimising an existing deployment, I focus on outcomes: reduced risk, cleaner access, and audits that pass the first time.
How I Work
A structured, risk-focused approach to every engagement.
Discovery
Map your current access landscape — who has what, where, and why. Identify orphan accounts, over-provisioned roles, and toxic combinations.
Architecture
Design your role catalogue, SoD rules, and governance workflows. Define birthright access, request policies, and exception processes.
Implementation
Configure connectors, deploy policies, build certification campaigns, and test end-to-end in your IGA platform of choice.
Optimisation
Refine policies based on real violation data, tune certification schedules, and establish continuous improvement cadences.
Let's Talk Identity
Whether you need a full IAM program build or a targeted SoD audit, I am ready to help.