Torchora
Back to Home

Key Responsibilities and Required Skills for User Account Technician

πŸ’° $45,000 - $70,000

IT SupportIdentity and Access ManagementHelp Desk

🎯 Role Definition

The User Account Technician is an operational identity and access specialist responsible for day-to-day account lifecycle management, password and authentication support, and maintaining secure access configurations across directory services and cloud applications. This role is the first line of support for onboarding/offboarding, access requests, and access-related escalations, working closely with HR, security, and application owners to enforce least-privilege access and meet audit/compliance requirements (SOX, HIPAA, GDPR where applicable). Strong technical skills in Active Directory, Azure AD, Okta, ticketing systems (ServiceNow/Jira), and automation (PowerShell) are essential.

πŸ“ˆ Career Progression

Typical Career Path

Entry Point From:

  • Help Desk Technician / Service Desk Analyst
  • Desktop Support Technician
  • IT Support Specialist

Advancement To:

  • Identity & Access Management (IAM) Analyst / Specialist
  • Systems Administrator (Windows/Azure)
  • IT Security Analyst / Access Control Analyst

Lateral Moves:

  • IT Asset Manager
  • Desktop/Endpoint Support Engineer
  • Application Support Specialist

Core Responsibilities

Primary Functions

  • Provision and de-provision user accounts across on-premises Active Directory and cloud directories (Azure AD, Entra ID), ensuring timely creation, modification and removal of access following HR/manager approvals and onboarding/offboarding workflows.
  • Execute user onboarding and offboarding processes end-to-end: create accounts, assign group memberships and roles, provision mailbox and file access, set up MFA, and verify application access prior to employee start/termination dates.
  • Process and fulfill access requests, role changes and temporary access escalations via the ticketing platform (ServiceNow, Jira Service Desk or equivalent), documenting approvals and maintaining audit trails.
  • Perform password resets, unlock accounts, and troubleshoot authentication failures promptly while adhering to security policies and multi-factor authentication (MFA) procedures to minimize downtime.
  • Manage group membership, distribution lists, shared mailbox permissions and security groups in Exchange/Office 365 (Microsoft 365) and Google Workspace to maintain least-privilege access.
  • Administer single sign-on (SSO), SAML and OAuth-based integrations in identity providers (Okta, Azure AD, OneLogin), troubleshoot SSO failures and coordinate fixes with application owners and vendors.
  • Run and maintain PowerShell, Azure CLI or automation scripts to bulk-provision users, update attributes, perform license assignments and accelerate repetitive tasks with logging and rollback considerations.
  • Maintain up-to-date documentation and runbooks for account procedures, onboarding checklists, role definitions, and escalation paths to ensure consistency and compliance.
  • Conduct periodic access reviews and recertification campaigns with managers and application owners to validate group memberships, privileged access and role assignments.
  • Monitor ticket queues and SLA metrics, prioritize incidents, and escalate complex security or compliance issues to IAM leads or security operations teams.
  • Troubleshoot directory synchronization issues (Azure AD Connect, AD Connect Health), resolve attribute mapping errors and coordinate remediation with infrastructure teams.
  • Carry out license provisioning and management for Microsoft 365, Salesforce, and other SaaS platforms to ensure cost-effective access and compliance with vendor licensing.
  • Generate and analyze audit logs, access reports and exception lists for internal audit, SOX or regulatory compliance reviews; provide evidence and remediation steps as required.
  • Support device and mobile access provisioning in conjunction with MDM solutions (Microsoft Intune, JAMF), enroll devices, troubleshoot conditional access policies and help remediate compliance failures.
  • Investigate suspicious account activity, lockouts or potential credential compromise; apply account containment procedures and collaborate with security incident responders when needed.
  • Validate and apply role-based access control (RBAC) templates and least-privilege policies across business applications, recommending role changes when recurring exceptions are found.
  • Coordinate closely with HR to reconcile leavers, transfers and business approvals to prevent orphaned accounts and reduce insider risk.
  • Participate in IAM and cross-functional projects β€” migrations, identity platform upgrades, application onboarding β€” providing operational requirements and testing account flows.
  • Provide end-user training and create FAQ/knowledge base articles for common account tasks (password resets, MFA enrollment, SSO usage) to reduce repeat tickets and improve user experience.
  • Support regular cleanup and maintenance activities: disabled account purges, stale mailbox and group clean-up, and archival of user data according to retention policies.
  • Assist with enrollment and troubleshooting of adaptive authentication and conditional access policies, ensuring balance between user productivity and security controls.
  • Maintain on-call rotation (where applicable) to provide after-hours support for critical account incidents and cross-timezone operations.

Secondary Functions

  • Support ad-hoc data requests and exploratory data analysis.
  • Contribute to the organization's data strategy and roadmap.
  • Collaborate with business units to translate data needs into engineering requirements.
  • Participate in sprint planning and agile ceremonies within the data engineering team.
  • Assist IAM engineers with scoped testing during upgrades, patches and integration changes.
  • Help prepare training materials and run short onboarding sessions for new hires on account usage and security best practices.

Required Skills & Competencies

Hard Skills (Technical)

  • Active Directory administration (user accounts, group policy basics, OU management) and account lifecycle operations.
  • Azure AD / Microsoft Entra ID and Microsoft 365 (Office 365) user and license management.
  • Identity provider experience: Okta, OneLogin, PingFederate or comparable SSO/IAM platforms.
  • Familiarity with ServiceNow, Jira Service Desk or other ITSM/ticketing tools for request intake, approvals and SLA reporting.
  • PowerShell scripting for automation of bulk account operations, reporting and remediation tasks.
  • Knowledge of SAML, OAuth, OpenID Connect and general single-sign-on (SSO) concepts and troubleshooting.
  • Multi-factor authentication (MFA) enrollment and troubleshooting (Microsoft Authenticator, Duo, Okta Verify, YubiKey).
  • Directory synchronization familiarity (Azure AD Connect, LDAP) and basic troubleshooting of sync errors.
  • Microsoft Exchange/Exchange Online mailbox provisioning and permission management.
  • Mobile device management basics (Microsoft Intune, JAMF) as it relates to account-device mapping and conditional access.
  • Basic logging, reporting and query skills (Excel, CSV handling, simple SQL or log queries) for audit and compliance tasks.
  • Understanding of RBAC, least-privilege principles, and common compliance frameworks (SOX, HIPAA, GDPR) as they relate to access control.
  • Basic networking and authentication troubleshooting knowledge (DNS, kerberos, LDAP binds) to triage account problems.

Soft Skills

  • Strong customer service mentality with the ability to communicate clear, empathetic guidance to non-technical users.
  • Excellent verbal and written communication for approvals, documentation and cross-team coordination.
  • High attention to detail to avoid privilege creep, misconfiguration and audit findings.
  • Analytical problem-solving skills to troubleshoot authentication issues and diagnose root causes.
  • Time management and prioritization to meet SLA targets under a high-volume ticket environment.
  • Team player who collaborates effectively with HR, security, systems and application teams.
  • Discretion and the ability to handle sensitive user and access-related information confidentially.
  • Adaptability to rapidly changing identity platforms, policies and security requirements.
  • Process-oriented mindset to document repeatable procedures and reduce manual errors.
  • Continuous learning attitude to stay current on identity trends, cloud directory features and tooling.

Education & Experience

Educational Background

Minimum Education:

  • High school diploma or equivalent. Relevant technical certificate or coursework preferred.

Preferred Education:

  • Associate degree or Bachelor’s in Information Technology, Computer Science, Information Systems, Cybersecurity or related field.
  • Industry certifications such as Microsoft Certified: Identity and Access Administrator Associate, CompTIA Security+/A+, or Okta Administrator are a plus.

Relevant Fields of Study:

  • Information Technology
  • Computer Science
  • Information Systems
  • Cybersecurity
  • Network Administration

Experience Requirements

Typical Experience Range: 1–4 years of hands-on IT support or identity/account management experience.

Preferred:

  • 2–5 years supporting user account lifecycle and identity platforms in enterprise environments.
  • Demonstrated use of Active Directory, Azure AD, Microsoft 365, and at least one SSO/IAM provider (Okta, OneLogin).
  • Experience working with ITSM systems (ServiceNow/Jira) and following ITIL-aligned processes.
  • Exposure to compliance/audit cycles, access reviews and role recertification processes.
Explore More Careers