Adrian is available for hire
Hire AdrianAdrian Johnson
Verified Expert in Engineering
IT Infrastructure Engineer and Developer
Seattle, WA, United States
Toptal member since April 14, 2025
Bio
Adrian is a senior systems infrastructure engineer with experience spanning startups and Fortune 100s. Skilled in hands-on operations and strategic planning, he tackles tough challenges and delivers pragmatic, business-aligned tech solutions. With deep expertise across hardware, operating systems, databases, and enterprise architectures, Adrian has built data centers, IT departments, and eCommerce platforms. He is a speaker and published contributor on global tech and project management topics.
Portfolio
The University of Texas at Dallas
Active Directory (AD), Shibboleth, Identity & Access Management (IAM)...
City and County of San Francisco, CA
Active Directory (AD), Windows 10...
Boston University
Active Directory (AD), Active Directory Federation Services (AD FS), Shibboleth...
Experience
- Active Directory Federation Services (AD FS) - 20 years
- Windows Server - 20 years
- Active Directory (AD) - 20 years
- Microsoft Exchange - 20 years
- Domain Name System (DNS) - 20 years
- PKI - 20 years
- Keyfactor - 7 years
- Microsoft Entra ID - 5 years
Availability
Full-time
Preferred Environment
Windows, Linux
The most amazing...
...project I've led was rebuilding a global eCommerce infrastructure in 90 days, cutting downtime by 80% and boosting revenue performance.
Work Experience
Senior SSO Engineer
2024 - 2025
The University of Texas at Dallas
- Integrated the Shibboleth single sign-on (SSO) solution with Active Directory (AD) and public key infrastructure (PKI) for 10,000+ users.
- Evaluated and planned enhancements in the AD service and cloud integration with AWS.
- Troubleshot AD and DNS issues with the operations teams. Delivered runbooks for operational continuity.
Technologies: Active Directory (AD), Shibboleth, Identity & Access Management (IAM), Single Sign-on (SSO), Certificate Services, AWS Certificate Manager, Algorithms, Azure Active Directory, Azure, DevOps, Security, Duo 2FA, Windows, Windows 10, Compliance, IT Security, Product Security, System Administration, Microsoft 365, Remediation Scripting, Vulnerability Remediation, SAML, SCIM
Senior AD Migration Engineer
2022 - 2024
City and County of San Francisco, CA
- Migrated 15,000 users across 50+ domain controllers into a hybrid Entra ID.
- Hardened the AD environment and documented all procedures.
- Assessed and upgraded the AD forest and site topology, enhancing security and reducing support management by 50%.
Technologies: Active Directory (AD), Windows 10, Active Directory Certificate Services (AD CS), Certificate Services, Azure Active Directory, Azure, Security, Duo 2FA, Windows, Identity & Access Management (IAM), IT Security, Product Security, System Administration, Remediation Scripting, Vulnerability Remediation, Microsoft Entra
IAM Engineer III
2021 - 2024
Boston University
- Engineered and maintained a high-availability Shibboleth SSO environment servicing over 65,000 users, ensuring 99.99% uptime and seamless access to critical academic and administrative applications.
- Diagnosed and resolved complex cross-platform authentication issues, reducing service desk tickets related to SSO and MFA by over 30% through documentation and automation.
- Automated user lifecycle workflows using PowerShell and scheduled jobs, reducing manual AD account provisioning and de-provisioning times by 70%.
- Collaborated with security and compliance teams to enforce NIST and EDUCAUSE-aligned IAM policies, achieving successful audits and reducing identity-related vulnerabilities.
- Led the rollout of Duo MFA across faculty, staff, and students, driving adoption to over 95% coverage within 12 months and significantly reducing account compromise incidents.
- Administered and optimized an enterprise Active Directory environment comprising over 40,000 objects, enforcing security baselines and GPOs to meet evolving compliance needs.
Technologies: Active Directory (AD), Active Directory Federation Services (AD FS), Shibboleth, PKI, Red Hat Ansible Automation Platform, Compliance, IT Security, Product Security, Risk Management, System Administration, Microsoft 365, Remediation Scripting, Vulnerability Remediation, Microsoft Entra, SAML, SCIM, React
AD and PKI Engineer
2020 - 2021
CBRE
- Utilized active directory (AD) group policy objects (GPO). Automated the deployment of certificates to all corporate workstations. Automated expiration and renewal of internal certificates.
- Designed and deployed Keyfactor to automate both internal and external certificate management. Provided clear documentation that empowered ops teams to maintain and troubleshoot AD/PKI independently.
- Secured enterprise authentication via modernized, policy-driven certificate management.
Technologies: Active Directory (AD), Active Directory Certificate Services (AD CS), PKI, Windows PowerShell, Python, Certificate Services, Algorithms, Azure Active Directory, Azure, Security, Duo 2FA, Windows, Identity & Access Management (IAM), Windows 10, Venafi Trust Protection Platform (TPP), Keyfactor, Single Sign-on (SSO), Compliance, IT Security, Product Security, Risk Management, System Administration, Remediation Scripting, Vulnerability Remediation, Microsoft Entra, SCIM
Experience
PKI Modernization & AD Optimization for Universal Music Group
Led the migration and modernization of Universal Music Group’s PKI and AD environment. I also transitioned legacy certificate systems to Microsoft Active Directory Certificate Services (AD CS), streamlined domain controller performance, and established enterprise-wide certificate security policies.
Enterprise AD & PKI Modernization for the City of San Francisco
Led a full-scale modernization of the City of San Francisco's AD and PKI infrastructure. I consolidated 50+ legacy domain controllers into a streamlined, secure hybrid Entra ID environment. I also migrated enterprise PKI certificates from unsupported platforms to Microsoft AD CS with zero downtime, enforcing strict certificate policies and TLS compliance.
Active Directory and PKI Infrastructure Upgrade for CB Richard Ellis (via Eikon Consulting)
Eikon Consulting engaged me to modernize and stabilize CBRE’s AD and PKI infrastructure. I focused on consolidating domain controllers, cleaning up replication topology, and migrating legacy certificate services to Microsoft AD CS while enabling scalable, secure identity management.
Hybrid IAM Setup for a Manufacturing Company
For a manufacturing client with 1,800 users, I designed a hybrid IAM solution combining on-premises AD with Entra ID.
Key tasks:
• Configured Azure AD Connect for seamless identity synchronization across on-prem and cloud environments.
• Enabled SSO for Microsoft 365 and custom applications, reducing login times by 40%.
• Deployed conditional access policies to restrict access based on device compliance and location, addressing compliance requirements.
• Integrated Entra ID with on-prem applications using Application Proxy, ensuring legacy systems remained accessible.
This project improved operational efficiency and laid the foundation for a full cloud transition.
I’ve also worked with Entra ID’s advanced features, such as dynamic group membership, B2B collaboration, and integration with third-party IdPs like Okta. My approach emphasizes security, scalability, and user experience, ensuring alignment with business objectives.
Key tasks:
• Configured Azure AD Connect for seamless identity synchronization across on-prem and cloud environments.
• Enabled SSO for Microsoft 365 and custom applications, reducing login times by 40%.
• Deployed conditional access policies to restrict access based on device compliance and location, addressing compliance requirements.
• Integrated Entra ID with on-prem applications using Application Proxy, ensuring legacy systems remained accessible.
This project improved operational efficiency and laid the foundation for a full cloud transition.
I’ve also worked with Entra ID’s advanced features, such as dynamic group membership, B2B collaboration, and integration with third-party IdPs like Okta. My approach emphasizes security, scalability, and user experience, ensuring alignment with business objectives.
On-prem to Cloud IAM Migration for a Financial Services Firm
I led an IAM migration for a mid-sized financial services company transitioning from an on-premises Active Directory (AD) to Entra ID. The project involved 2,500 users and required seamless integration with existing applications.
My responsibilities included:
• Assessment and planning: Conducted a thorough audit of the on-premises AD, identifying user accounts, groups, and dependencies. Used Azure AD Connect to map and synchronize identities.
• Configuration: Set up Entra ID with SSO for 20+ SaaS applications (e.g., Salesforce, Workday) using SAML and OAuth. Configured MFA and conditional access policies to enforce security for remote users.
• Migration execution: Executed a phased migration, starting with a pilot group of 200 users. Used Azure AD Connect to sync on-prem AD with Entra ID, ensuring no downtime. Resolved sync errors related to duplicate UPNs and stale accounts.
• Post-migration: Implemented Privileged Identity Management (PIM) to manage admin roles and conducted user training on self-service password resets. Reduced helpdesk tickets by 30% through automation. The migration was completed in four months with zero disruptions, and the client achieved enhanced security and scalability.
My responsibilities included:
• Assessment and planning: Conducted a thorough audit of the on-premises AD, identifying user accounts, groups, and dependencies. Used Azure AD Connect to map and synchronize identities.
• Configuration: Set up Entra ID with SSO for 20+ SaaS applications (e.g., Salesforce, Workday) using SAML and OAuth. Configured MFA and conditional access policies to enforce security for remote users.
• Migration execution: Executed a phased migration, starting with a pilot group of 200 users. Used Azure AD Connect to sync on-prem AD with Entra ID, ensuring no downtime. Resolved sync errors related to duplicate UPNs and stale accounts.
• Post-migration: Implemented Privileged Identity Management (PIM) to manage admin roles and conducted user training on self-service password resets. Reduced helpdesk tickets by 30% through automation. The migration was completed in four months with zero disruptions, and the client achieved enhanced security and scalability.
Skills
Libraries/APIs
React
Tools
Microsoft Exchange, Duo 2FA, Azure MFA, Shibboleth, GPG
Frameworks
Windows PowerShell
Platforms
Linux, Windows Server, Azure, iOS, Windows
Languages
Python, SAML
Paradigms
DevOps, Agile Software Development
Storage
Microsoft Entra ID, Database Administration (DBA), Azure Active Directory, PostgreSQL
Other
Active Directory (AD), Active Directory Federation Services (AD FS), PKI, Domain Name System (DNS), Active Directory Certificate Services (AD CS), Certificate Services, Security, Compliance, IT Security, Product Security, System Administration, Vulnerability Remediation, Microsoft Entra, SCIM, Cisco IOS, CyberArk, Venafi Trust Protection Platform (TPP), Keyfactor, PIM, Risk Management, Microsoft 365, Remediation Scripting, Identity & Access Management (IAM), Windows 10, Single Sign-on (SSO), AWS Certificate Manager, Algorithms, Okta, Red Hat Ansible Automation Platform
Collaboration That Works
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
1
Share your needs
Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2
Choose your talent
Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3
Start your risk-free talent trial
Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.
Top talent is in high demand.
Start hiring