Forum Discussion
Solved
Activating Multiple AD roles together with PIM
I have got users with multiple Azure AD roles and PIM has been enabled. Is there a way to activate PIM once which will then activate two or more roles at the same time or users have no choice that to...
- Hi,
you can use Privileged Access Groups feature:
https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/groups-features#activate-multiple-role-assignments-in-a-single-request
Hi,
you can use Privileged Access Groups feature:
https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/groups-features#activate-multiple-role-assignments-in-a-single-request
you can use Privileged Access Groups feature:
https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/groups-features#activate-multiple-role-assignments-in-a-single-request
Hi,
We would like to combine the following Entra ID roles into one group so that the user is assigned all roles in one step:
- Global Reader
- Security Reader
- Attribut Assignment Reader
According to this link (https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/concept-pim-for-groups#making-group-of-users-eligible-for-microsoft-entra-role), this needs to be done via step 2 (Make active assignment of a role to a group and assign users to be eligible to group membership) BUT the next paragraph states that this is not recommended with security-relevant groups (may take significant time). What is the best practices in my case?
Many thanks and regards, Daniel
We would like to combine the following Entra ID roles into one group so that the user is assigned all roles in one step:
- Global Reader
- Security Reader
- Attribut Assignment Reader
According to this link (https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/concept-pim-for-groups#making-group-of-users-eligible-for-microsoft-entra-role), this needs to be done via step 2 (Make active assignment of a role to a group and assign users to be eligible to group membership) BUT the next paragraph states that this is not recommended with security-relevant groups (may take significant time). What is the best practices in my case?
Many thanks and regards, Daniel