Forum Discussion
Enabling JIT Access for Managed Identities through PIM - Possible?
Hello, Azure Community,
I'm exploring the capabilities of Privileged Identity Management (PIM) and have encountered a scenario where I'm seeking guidance.
Scenario:
I have a managed identity that requires various permissions, which should be granted through group assignments. My goal is to utilize PIM for Just-In-Time (JIT) assignment of these permissions to enhance security and minimize the attack surface by limiting the time these elevated permissions are available.
Question:
Is there a known method to enable JIT assignments for a managed identity through PIM? Specifically, I'm looking to understand if it's possible for me as a user to activate JIT assignments on behalf of the managed identity. If this approach isn't feasible, is there an alternative strategy that would achieve similar outcomes in terms of assigning managed identities to groups or roles just in time?
Cheers folks!
- tlakshmananCopper ContributorHello Julian_Friederich,
According to public documentation, JIT access is currently unavailable for managed identities. You can find more information about managed identities for Azure resources here: https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/overview#which-operations-can-i-perform-on-managed-identities