Forum Discussion

Julian_Friederich's avatar
Julian_Friederich
Copper Contributor
Mar 08, 2024

Enabling JIT Access for Managed Identities through PIM - Possible?

Hello, Azure Community,

I'm exploring the capabilities of Privileged Identity Management (PIM) and have encountered a scenario where I'm seeking guidance.

 

Scenario:

I have a managed identity that requires various permissions, which should be granted through group assignments. My goal is to utilize PIM for Just-In-Time (JIT) assignment of these permissions to enhance security and minimize the attack surface by limiting the time these elevated permissions are available.

 

Question:

Is there a known method to enable JIT assignments for a managed identity through PIM? Specifically, I'm looking to understand if it's possible for me as a user to activate JIT assignments on behalf of the managed identity. If this approach isn't feasible, is there an alternative strategy that would achieve similar outcomes in terms of assigning managed identities to groups or roles just in time?

 

Cheers folks!

Resources