Hybrid Identity Consultant at Kocho

We are Kocho

Kocho recognise that technology on its own does not deliver change and offers technology adoption services alongside excellent technical consulting to enable our clients to achieve their business goals on their journey to Become Greater.  

Our head office is in the heart of London’s West End and provides a comfortable working environment with flexible collaboration spaces that encourage our people to Become Greater with the aim to Do What’s Right.  

We now have offices in Cardiff and Cape Town which follow the style of our London space.  

Kocho is an equal opportunities employer. We make recruitment decisions based on qualifications, skill set and experiences. We consider all suitable candidates regardless of their age, sex, gender reassignment, race, religious beliefs, or lack thereof, marital status, disability or sexual orientation or any other protected characteristic. This is mindset aligns with our company values as we understand that we are Better Together.

Job Purpose

The Identity Consultant is a delivery-focused role responsible for designing, building, and integrating Microsoft Entra-based identity solutions, with a primary focus on Entra Identity Governance (IGA) and modern API-driven provisioning. You will work directly with clients to implement lifecycle automation, governance controls, and system integrations that support secure and scalable identity management across hybrid and cloud environments.

This hands-on role requires strong technical implementation experience with Microsoft Entra Identity Governance, Logic Apps, and Graph API/SCIM-based provisioning, as well as the ability to translate requirements into working, automated solutions. You will collaborate with clients and internal teams to deliver high-impact identity projects that reduce risk and improve operational efficiency.

Key Responsibilities

Microsoft Entra IGA Delivery

• Lead the deployment and configuration of Microsoft Entra Identity Governance components:
  • Entra ID Provisioning API – configure solutions to align with Joiner-Mover-Leaver (JML) requirements.
  • Lifecycle Workflows – automate user onboarding, offboarding, and change processes.
  • Entitlement Management – manage access packages, access policies, and group memberships.
  • Access Reviews – define and schedule reviews across groups, applications, and privileged roles.
  • Privileged Identity Management (PIM) – configure role activation policies and just-in-time access.
• Map and model access policies that support business roles and audit requirements.

Provisioning and Integration

• Design and implement automatic provisioning to external systems using:
  • HR-driven provisioning via Workday, SAP, or similar platforms.
  • Microsoft Graph API and custom provisioning for bespoke or on-prem applications.
  • SCIM-based connectors for SaaS applications.
• Develop or configure custom identity connectors where native options are unavailable.
• Build and maintain identity workflows using Logic Apps, Power Automate, and related tools.
• Integrate Entra with other systems such as ServiceNow, SuccessFactors, and on-prem directories.

Client Delivery

• Deliver hands-on identity implementations from design through to testing and go-live.
• Lead client workshops to gather requirements and translate them into practical configurations.
• Troubleshoot provisioning and governance issues in complex hybrid environments.
• Document configuration, runbooks, and operational procedures for transition to BAU support.

Collaboration & Knowledge Sharing

• Work collaboratively with fellow consultants, architects, and project managers to deliver end-to-end solutions.
• Mentor team members and support internal capability building in Microsoft Entra IGA.
• Contribute to reusable configuration templates, automation scripts, and service improvement.

Skills and Experience

Essential

• Strong hands-on experience delivering Microsoft Entra Identity Governance:
  • Lifecycle Workflows, Entitlement Management, Access Reviews, PIM.
• Experience with automated provisioning to cloud and on-prem systems using:
  • Microsoft Entra Provisioning Service (SCIM/Graph API)
  • Integration with Workday, SAP, or custom HRIS platforms.
• Proven ability to implement and manage custom provisioning connectors.
• Proficiency with Azure Logic Apps, Power Automate, or equivalent for workflow automation.
• Strong scripting knowledge (e.g. PowerShell, Graph API queries).
• Deep understanding of modern identity protocols and lifecycle patterns (JML).
• Excellent communication and documentation skills in a client-facing environment.

Desirable

• Microsoft certifications (SC-300, SC-100, AZ-104).
• Experience integrating Entra with legacy directories or ticketing systems (e.g. ServiceNow).
• Familiarity with CI/CD pipelines or infrastructure-as-code for Azure (Terraform/Bicep).
• Experience with Microsoft Identity Manager (MIM) for legacy transitions.

What Success Looks Like

• Delivering high-quality, fully integrated identity solutions using Microsoft Entra.
• Successfully implementing API-driven provisioning with full lifecycle automation.
• Helping clients adopt Entra IGA features to improve auditability, governance, and operational efficiency.
• Acting as a trusted technical consultant and problem solver throughout the delivery lifecycle.