Description
We are a medical practice in New York replacing Citrix virtual desktops with a browser-based Zero Trust architecture for our remote staff in the Philippines. All applications are web-based. We need an experienced engineer to set up the following: Scope of Work: 1. Configure Chrome Enterprise Premium ($6/user/month) with DLP rules: block downloads, uploads, copy/paste, printing, and enable screen watermarking for athenahealth, Epic, VICIdial, and Microsoft 365 web apps. 2. Set up Cloudflare Tunnel on a US-based virtual machine (we provide the VM) and configure Cloudflare Access as a secure gateway in front of athenahealth, replacing our current CyberGhost VPN. 3. Configure OIDC single sign-on from Google Workspace (our identity provider) to AWS, Cloudflare, GitHub, and 1Password. 4. Configure SCIM automated user provisioning from Google Workspace to 1Password Business. 5. Set up 1Password Business vaults so staff access Hetzner and other infrastructure credentials through the browser extension without seeing passwords. 6. Test the full workflow end to end: Philippine staff member opens Chrome, authenticates through Google Workspace, accesses athenahealth through Cloudflare Access, credentials auto-filled by 1Password, all DLP rules enforced, no VPN required. 7. Document the setup with screenshots and admin instructions so we can manage it going forward. Environment: • Google Workspace (already in place, not Enterprise Plus) • athenahealth (web-based EHR, currently accessed thr