Identity Consultant

About Kocho

We believe specialist UK firms deserve the same level of service they would give their own clients. We know that clients want expertise, a service they can rely on and intimate support from a named individual who knows their business.

Our relentless commitment to finding the best solution, our sense of pride in helping our clients achieve their goals and our thirst for understanding how technology improves business are what make us successful.

With us it’s Personal!

Job Purpose

The Identity Consultant is a delivery-focused role responsible for designing, building, and integrating Microsoft Entra-based identity solutions, with a primary focus on Entra Identity Governance (IGA) and modern API-driven provisioning. You will work directly with clients to implement lifecycle automation, governance controls, and system integrations that support secure and scalable identity management across hybrid and cloud environments.

This hands-on role requires strong technical implementation experience with Microsoft Entra Identity Governance, Logic Apps, and Graph API/SCIM-based provisioning, as well as the ability to translate requirements into working, automated solutions. You will collaborate with clients and internal teams to deliver high-impact identity projects that reduce risk and improve operational efficiency.

Key Responsibilities

Microsoft Entra IGA Delivery

• Lead the deployment and configuration of Microsoft Entra Identity Governance components:
  • Entra ID Provisioning API – configure solutions to align with Joiner-Mover-Leaver (JML) requirements.
  • Lifecycle Workflows – automate user onboarding, offboarding, and change processes.
  • Entitlement Management – manage access packages, access policies, and group memberships.
  • Access Reviews – define and schedule reviews across groups, applications, and privileged roles.
  • Privileged Identity Management (PIM) – configure role activation policies and just-in-time access.
• Map and model access policies that support business roles and audit requirements.

Provisioning and Integration

• Design and implement automatic provisioning to external systems using:
  • HR-driven provisioning via Workday, SAP, or similar platforms.
  • Microsoft Graph API and custom provisioning for bespoke or on-prem applications.
  • SCIM-based connectors for SaaS applications.
• Develop or configure custom identity connectors where native options are unavailable.
• Build and maintain identity workflows using Logic Apps, Power Automate, and related tools.
• Integrate Entra with other systems such as ServiceNow, SuccessFactors, and on-prem directories.

Client Delivery

• Deliver hands-on identity implementations from design through to testing and go-live.
• Lead client workshops to gather requirements and translate them into practical configurations.
• Troubleshoot provisioning and governance issues in complex hybrid environments.
• Document configuration, runbooks, and operational procedures for transition to BAU support.

Collaboration & Knowledge Sharing

• Work collaboratively with fellow consultants, architects, and project managers to deliver end-to-end solutions.
• Mentor team members and support internal capability building in Microsoft Entra IGA.
• Contribute to reusable configuration templates, automation scripts, and service improvement.

Skills and Experience

Essential

• Strong hands-on experience delivering Microsoft Entra Identity Governance:
  • Lifecycle Workflows, Entitlement Management, Access Reviews, PIM.
• Experience with automated provisioning to cloud and on-prem systems using:
  • Microsoft Entra Provisioning Service (SCIM/Graph API)
  • Integration with Workday, SAP, or custom HRIS platforms.
• Proven ability to implement and manage custom provisioning connectors.
• Proficiency with Azure Logic Apps, Power Automate, or equivalent for workflow automation.
• Strong scripting knowledge (e.g. PowerShell, Graph API queries).
• Deep understanding of modern identity protocols and lifecycle patterns (JML).
• Excellent communication and documentation skills in a client-facing environment.

Desirable

• Microsoft certifications (SC-300, SC-100, AZ-104).
• Experience integrating Entra with legacy directories or ticketing systems (e.g. ServiceNow).
• Familiarity with CI/CD pipelines or infrastructure-as-code for Azure (Terraform/Bicep).
• Experience with Microsoft Identity Manager (MIM) for legacy transitions.

What Success Looks Like

• Delivering high-quality, fully integrated identity solutions using Microsoft Entra.
• Successfully implementing API-driven provisioning with full lifecycle automation.
• Helping clients adopt Entra IGA features to improve auditability, governance, and operational efficiency.
• Acting as a trusted technical consultant and problem solver throughout the delivery lifecycle.