MicrosoftMicrosoftFirst of all, this is great stuff and PERFECT timing for us, as we were in the process of building our own process for user entitlements to groups, and then this came along. Our workflow is similar where users are granted group membership to a target group, say Group.ScopeA.Readers, where that group is assigned RBAC role READER in a subscription somewhere.
Depending on their whether they're a pre-approved,the users can be automatically granted membership (via a JIT request) if they are members of Group.ScopeA.Readers.Eligible, if they aren't in the eligible "list", then anybody in Group.ScopeA.Approvers can either temporarily add them to the target group, OR if they are permanently eligible, add them to the Eligible group so users can auto-join at any time.
Given that "schema", we'd need to create an access package for many Scopes. Is there a more programattic method available (either azure cli/graph api/powershell module/ARM, etc) to create these packages?
