Forum Discussion

Gurdev Singh's avatar
Gurdev Singh
Iron Contributor
Mar 16, 2022
Solved

PIM for security group membership for a Sass application role

Can PIM be used for membership of a plain security group? We have a Sass application configured with SSO using Azure AD and admin roles in Sass app are controlled via an Azure AD security group. This...
Azure AD
Single sign-on
  • ChristofferL's avatar
    ChristofferL
    Jun 13, 2022

    Have you checked 'Privileged Access groups'?

     

    You can set up just-in-time access to permissions and roles beyond Azure AD and Azure Resource. If you have other resources whose authorization can be connected to an Azure AD security group (for Azure Key Vault, Intune, Azure SQL, or other apps and services), you should enable privileged access on the group and assign users as eligible for membership in the group.

     

    https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/groups-features
    https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/concept-privileged-access-versus-role-assignable

ChristofferL's avatar
ChristofferL
Copper Contributor
Jun 13, 2022

Have you checked 'Privileged Access groups'?

 

You can set up just-in-time access to permissions and roles beyond Azure AD and Azure Resource. If you have other resources whose authorization can be connected to an Azure AD security group (for Azure Key Vault, Intune, Azure SQL, or other apps and services), you should enable privileged access on the group and assign users as eligible for membership in the group.

 

https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/groups-features
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/concept-privileged-access-versus-role-assignable

Resources