Associate IAM Engineer

Passionate about precision medicine and advancing the healthcare industry? Recent advancements in underlying technology have finally made it possible for AI to impact clinical care in a meaningful way. Tempus' proprietary platform connects an entire ecosystem of real-world evidence to deliver real-time, actionable insights to physicians, providing critical information about the right treatments for the right patients, at the right time.

As an Associate IAM Engineer, you will be the frontline defender and administrator of our identity perimeter. You will focus on day‑to‑day identity operations, single sign‑on (SSO) integrations, device assurance, and troubleshooting authentication issues. This role is perfect for someone with a strong foundational understanding of identity protocols (SAML, OIDC) who wants to grow their hands‑on skills in enterprise automation, identity governance, and cloud identity management using Okta.

• Configure, test, and deploy standard SAML 2.0 and OIDC/OAuth 2.0 integrations for onboarding new SaaS applications.
• Serve as the Tier 2/3 point of contact for identity‑related tickets, deep‑dive into system logs and protocol traces to resolve authentication, MFA, and provisioning failures.
• Monitor and maintain automated user provisioning (Joiner/Mover/Leaver processes) across HRIS, Active Directory, and downstream applications; help triage Okta Workflow errors.
• Assist in configuring and monitoring Okta Device Assurance policies to ensure only secure, compliant devices can access corporate resources.
• Support user access reviews and regular entitlement certifications using Okta Identity Governance to ensure alignment with SOC2, ISO 27001, and SOX frameworks.

• 1–3 years of experience in an IT, Security, or Systems Administration role, with at least 1 year of dedicated hands‑on exposure to Okta administration.
• Solid conceptual understanding of the Identity Trinity
  : SAML 2.0 (assertions, entity IDs, ACS URLs);
  OpenID Connect (, Access, Refresh tokens, scopes, authorization flows); SCIM provisioning.
• Comfort navigating and managing Universal Directory (users, groups, OU structures).
• Foundational understanding of REST API concepts (HTTP methods GET, POST, PUT, DELETE and status codes) and comfort using Okta Workflows.
• Basic security principles: MFA, least privilege, zero trust.

Log Detective:
You enjoy digging into event logs and browser developer tools (SAML tracers) to find out exactly why a login failed.

Clear Communicator:
Ability to guide non‑technical employees (or partners in HR) through password resets, MFA setups, or access requests with patience and clarity.

Hungry to Learn:
The identity space moves fast; you are excited to learn advanced tools like Okta Workflows, Terraform, or API management on the job.

• Prior exposure to configuring Okta Device Assurance policies and understanding of how they interface with MDM tools (Jamf, Intune).
• Hands‑on exposure to Okta Identity Governance for managing access requests, approvals, and access certification campaigns.
• Foundational knowledge or exposure to Okta Workflows (or similar low‑code automation platforms) used to orchestrate lifecycle management.

• Okta Certified Professional
• Okta Certified Administrator

CHI - $70,000 - $95,000. The expected salary range above is applicable if the role is performed from Illinois and may vary for other locations (California, Colorado, New York). Actual salary may vary based on qualifications and experience.

Tempus offers a full range of benefits, which may include incentive compensation, restricted stock units, medical and other benefits depending on the position.

We are an equal opportunity employer. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.