Set up question for Azure Privileged Identity Management


Tell me if my setup is correct.

I need to create an access package for some users for User Management so they can request the package through . This is what I did.

- AAD I created M365 Group and named it "UserAdmin-Corp" and added this group to the AAD Role User Administration Active Assignments

-In Identity Governance --> I created a Catalog and added the UserAdmin-Corp to it as a resources

- Created an Access Package Add the UserAdmin-Corp and manage the remaining settings such as Lifecycle duration.

Is this setup correct to create an access package.

Based on my try, the user login to MyAccess and see the Package, request the access and the user automatically added to the group, and once the duration is over, the user automatically removed.

I am not sure if the way i setup it is correct, even though it seems to be working.

actually I am not sure that should the group be in the Active Assignment or the Eligible Assignment.


3 Replies
you explaining an access package. How you get an User into an Group and that maybe for a limited of time.. > access package

PIM = priveledged identity management.. here you can assign AzureAD Roles or Azure Ressource Roles to users. This assignments are limeted and you can define what will happen if someone will activate that role > you can define for how long it can be activated, if an approval is required or if mfa is required
As I have P2 AD, should I keep this implementation of remove the implementation and uses PIM
best response confirmed by niazstinu (Contributor)
I would prefer to use PIM for admin roles and I guess that is best practices.. but at the the end it is up to you :)