Forum Discussion
jeremyhAUS
May 16, 2024Brass Contributor
PIM Groups prevent permanent assignment
Hi,
I am designing a PIM implementation and was planning on leveraging PIM groups for most privileged access management scenarios. I created a group and PIM-enabled it and configured the settings to prevent permanent assignment.
However, I find I can still assign permanent members via the normal Entra ID Groups section where you add members to a normal group. Then when I check the PIM section I see a permanent assignment.
Is there a way of preventing this?
Cheers,
Jeremy.
- Bringing the group to PIM does not prevent changes to it (or its members). Even for role-assignable groups, such are possible (but limited to GA and Privileged Role admin). Details are here: https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/concept-pim-for-groups