Temporary MidPoint Engineer (IAM – Identity & Access Management)

Overview

A university in the Netherlands is seeking an experienced Temporary MidPoint Engineer (IAM) to strengthen the Technology stream of its Identity & Access Management (IAM) programme within the ICT Service Center.

Due to the end-of-support of SAP IdM by the end of 2027 and the planned migration to MidPoint (Evolveum) the organisation is preparing a major IAM modernisation starting in Q1 2026. The MidPoint Engineer will play a key role in the technical realisation of this transition within a complex academic IT environment with strong SAP integrations.

Currently the IAM Operations and ICT Services teams do not have in-house MidPoint expertise nor sufficient Java capacity. This assignment therefore combines hands-on implementation with knowledge transfer.

Workload: Approximately 3 days per week (25 hours/week 100 hours/month 1200 hours/year)
Location: Maastricht region (hybrid)
On-site Presence: 12 days per week or bi-weekly (to be agreed)
Contract Type: Detachment / Interim Assignment

Why This Assignment

The organisation is undertaking a strategic modernisation of its IAM landscape to ensure that it:

• Aligns with established IAM policies

• Reduces security and compliance risks

• Is user-friendly and secure

• Provides efficient access for employees students guests and partner organisations

As a MidPoint Engineer you will be central to delivering a future-proof IAM solution within a large governance-driven academic organisation.

About the IAM Programme

The IAM programme consists of multiple streams (working groups) coordinated by a Programme Manager.

The Technology stream is responsible for replacing SAP IdM with IAM MidPoint (Evolveum).
You will work within this stream under the direction of an internal project lead closely collaborating with:

• IAM Operations

• ICT Services

• Architecture

• HR

• Policy & Organisation

Scope of the Assignment

Integrations & Provisioning

• Integration of HR administration (SAP SuccessFactors) via an integration hub

• Provisioning to systems including:

  • SAP SuccessFactors EC

  • SAP S/4HANA (Cloud & On-Prem)

  • SAP Ariba Suite

  • SAP SAC

  • SAP BTP

  • SAP Business Warehouse

  • Active Directory (directly connected feeding Entra via Microsoft Sync)

Provisioning to SAP target systems runs via SAP IPS. SAP provides and manages the required connectors between SAP IPS and SAP source systems.
The organisation is responsible for implementing the integration between MidPoint and SAP IPS.

Standardised provisioning protocols (e.g. SCIM) are used where possible.
For systems that do not support standard protocols application owners will implement custom endpoints (e.g. IGA target connectors).

Core IAM Processes

Integrations between MidPoint and connected systems must support:

• Importing application roles (e.g. via CSV)

• Provisioning and de-provisioning of accounts and entitlements

• Reading users and roles for reconciliation processes

Your Role: MidPoint Engineer

As MidPoint knowledge is currently lacking within the IAM Operations team you will bring this expertise and actively transfer knowledge on the job.

Key Responsibilities

• Design and implement a robust SAPMidPoint solution within the IAM architecture

• Install and configure MidPoint in accordance with Evolveum standards

• Configure IAM policies and workflows

• Advise on implementation priorities (Must-have vs Should-have requirements)

• Support risk identification and provide input for the risk log

• Implement integrations with source and target systems

• Import application roles (e.g. via CSV)

• Configure provisioning and de-provisioning of accounts and permissions

• Implement reconciliation processes (users/roles)

• Actively coach and transfer knowledge to IAM Operations team members during implementation

Working Style

• Persuasive and confident

• Sensitive to governance and policy contexts

• Analytical technical and structured

• Independent yet highly collaborative

• Knowledge-sharing and coaching mindset

• Solution-oriented

• Comfortable working in large complex organisations

Minimum Requirements

• Proven medior or senior-level experience with MidPoint implementations (design installation configuration and execution)

• Experience with IAM architectures and provisioning processes

• Experience integrating source and target systems

• Experience with SAP applications (e.g. SuccessFactors S/4HANA Ariba)

• Availability of approximately 3 days per week throughout the entire project

• Willingness to be physically present in Maastricht 12 days per week

• Strong communication skills

• Experience with interim or project-based assignments

Additionally candidates are requested to specify:

• Level of Dutch

• Level of English

• Education diplomas and certifications

• Knowledge and/or experience with Java

• Experience in large and complex organisations and/or tech-driven environments

Diversity and Inclusion Commitment

We are committed to creating an inclusive workplace where everyone is treated with respect. We welcome applications from candidates of all backgrounds and identities and encourage people who meet some but not all of the criteria to apply.

Application Process

Please submit a CV and a brief personal statement describing relevant MidPoint or IAM experience notable technical achievements and availability for the contract period. Shortlisted candidates will be invited to an initial interview and a technical exercise. We will contact only those selected for interview.

Remote B2B Contract