Forum Discussion
Entra-ID Privileged Identity Management for Groups
We have used PIM for groups to assign certain Azure Security groups to eligible users. For example a group which provides the contributor role to a certain subscription. This group is added in PIM fo...
You may consider this:
- Create a PIM Management Group: Use this as a "layer" to group users who are eligible for specific roles or privileges.
- Assign Users to the PIM Management Group: By assigning users as members of this group, you create a clear, visible association between the user and the group that grants eligibility for specific privileges.
- Assign PIM Management Groups to PIM-Protected Groups: Instead of assigning individual users directly as eligible to the PIM-protected group, make the PIM management group itself eligible.
Benefits:
- Improved Visibility: By looking at the Groups list, you can easily track and identify the eligibility of a user based on their membership in the management group.
- Ease of Management: Modifications to eligibility can be handled at the group level, simplifying operations compared to managing individual user assignments.