Scribd
Upload
79 views

Azure PIM Process

This document provides steps to assign Azure AD admin roles to users through Privileged Identity Management. It describes making a user eligible for a role by assigning them as eligible, which requires approval for access. It also covers approving or denying pending access requests and provides the justification.

Uploaded by

Naveen Pratap Singh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
79 views

Azure PIM Process

This document provides steps to assign Azure AD admin roles to users through Privileged Identity Management. It describes making a user eligible for a role by assigning them as eligible, which requires approval for access. It also covers approving or denying pending access requests and provides the justification.

Uploaded by

Naveen Pratap Singh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 6

Create User role and approve or deny requests for Azure resource roles

in Privileged Identity Management

Follow these steps to make a user eligible for an Azure AD admin role.

1. Sign in to Azure portal with a user that is a member of the Privileged role
administrator role.
2. Open Azure AD Privileged Identity Management.
3. Select Azure AD roles.
4. Select Roles to see the list of roles for Azure AD permissions.

5. Select Add assignments to open the Add assignments page.


6. Select Select a role to open the Select a role page.
7. Select a role you want to assign, select a member to whom you want to assign to
the role, and then select Next.
8. In the Assignment type list on the Membership settings pane, select Eligible or
Active.
 Eligible assignments require the member of the role to perform an action
to use the role. Actions might include performing a multi-factor
authentication (MFA) check, providing a business justification, or
requesting approval from designated approvers.
 Active assignments don't require the member to perform any action to
use the role. Members assigned as active have the privileges assigned to
the role at all times.
9. To specify a specific assignment duration, add a start and end date and time
boxes. When finished, select Assign to create the new role assignment.
 Permanent assignments have no expiration date. Use this option for
permanent workers who frequently need role permissions.
 Time-bound assignments will expire at the end of a specified period. Use
this option with temporary or contract workers, for example, whose project
end date and time are known.

10. After the role is assigned, an assignment status notification is displayed.


Approve the access request

You can view these pending requests in Privileged Identity Management.

11. Sign in to the Azure portal.


12. Open Azure AD Privileged Identity Management.
13. Select Approve requests.

14. In the Requests for role activations section, you'll see a list of requests pending
your approval.

Approve requests
15. Find and select the request that you want to approve. An approve or deny page
appears.
16. In the Justification box, enter the business justification.
17. Select Approve. You will receive an Azure notification of your approval.
Deny requests
18. Find and select the request that you want to deny. An approve or deny page
appears.

19. In the Justification box, enter the business justification.


20. Select Deny. A notification appears with your denial.

You might also like