Prasanth Kodakandla

Selected Work

Focusing on high-impact identity transformations. Building systems that are secure by design and invisible by default.

SiteMinder SSO Modernization for ~250 Apps

JavaSpring BootLegacy MigrationSiteMinder

Context

A massive portfolio of 250+ legacy applications relied on brittle, agent-based SiteMinder integration.

Problem

Deep coupling meant any IAM upgrade risked breaking hundreds of apps. The architecture was opaque, and 'unknown unknowns' made migration risky.

Approach

Modernized legacy JSP-based authentication flows into standard Spring Boot patterns. Standardized the integration layer to decouple applications from the underlying proprietary agents.

Key Results

  • Successfully modernized ~250 applications
  • Eliminated direct dependencies on SiteMinder agents
  • Standardized auth patterns across the enterprise

💡 Lessons Learned

"Refactoring legacy code requires archaeological patience. Standardizing the pattern first makes the actual platform switch trivial."

🚀 What I'd Improve Next

Automate the discovery of legacy agent configurations using static analysis tools to speed up the initial assessment phase.

SiteMinder to PingFederate + Cisco Duo MFA

PingFederateCisco DuoOIDC/SAMLMFA

Context

Following the app modernization, the enterprise needed to switch the core IdP from SiteMinder to PingFederate.

Problem

The goal was not just a backend switch, but enhancing security with MFA without disrupting 250+ live business apps.

Approach

Led the platform migration to PingFederate. Integrated Cisco Duo for MFA. Implemented a coexistence strategy where apps could migrate individually to OIDC/SAML.

Key Results

  • Retired legacy SiteMinder infrastructure
  • Rolled out MFA to entire user base
  • Improved system observability and reliability

💡 Lessons Learned

"Identity platforms are the nervous system of an enterprise. Observability during the migration is as critical as the migration itself."

🚀 What I'd Improve Next

Implement risk-based adaptive authentication policies in PingFederate to reduce MFA friction for trusted devices.

Duo Self-Service Enrollment Portal

JavaSpring BootDuo Admin APISelf-Service

Context

Rolling out MFA to thousands of employees created a massive support burden for the helpdesk.

Problem

Users were calling support just to register their devices or troubleshoot basic sync issues, overwhelming the helpdesk.

Approach

Built a custom self-service portal using Java/Spring Boot that interfaced with the Duo Admin API. Allowed users to manage their own devices and bypass helpdesk.

Key Results

  • Drastically reduced helpdesk ticket volume
  • Accelerated MFA adoption timeline
  • Improved user satisfaction scores

💡 Lessons Learned

"Security tools that users hate will fail. Empowering users with self-service is a security feature, not just a convenience."

🚀 What I'd Improve Next

Add WebAuthn/FIDO2 registration support directly to the portal for passwordless onboarding.

Identity Proofing with PingOne Verify

PingOne VerifyPingOne MFAIdentity VerificationREST API

Context

High-risk transactions and remote onboarding required stronger trust than just a username/password.

Problem

Remote users needed a way to prove they were real people (not deepfakes/bots) without visiting a physical office.

Approach

Integrating PingOne Verify for government ID scanning and facial biometrics. Orchestrating the flow via PingOne MFA policies to step-up trust only when necessary.

Key Results

  • Enabling secure remote onboarding
  • Reducing fraud in high-value transactions
  • Modernizing the trust stack

💡 Lessons Learned

"Identity proofing is the new perimeter. It ties the digital credential back to the physical human."

🚀 What I'd Improve Next

Explore reusable identity credentials (verifiable credentials) to remove the need for repeated scanning.