Enabling JIT Access for Managed Identities through PIM - Possible?

Julian_Friederich · ‎Mar 08 2024

Hello, Azure Community,

I'm exploring the capabilities of Privileged Identity Management (PIM) and have encountered a scenario where I'm seeking guidance.

Scenario:

I have a managed identity that requires various permissions, which should be granted through group assignments. My goal is to utilize PIM for Just-In-Time (JIT) assignment of these permissions to enhance security and minimize the attack surface by limiting the time these elevated permissions are available.

Question:

Is there a known method to enable JIT assignments for a managed identity through PIM? Specifically, I'm looking to understand if it's possible for me as a user to activate JIT assignments on behalf of the managed identity. If this approach isn't feasible, is there an alternative strategy that would achieve similar outcomes in terms of assigning managed identities to groups or roles just in time?

Cheers folks!

tlakshmanan · ‎Mar 14 2024

Hello @Julian_Friederich,

According to public documentation, JIT access is currently unavailable for managed identities. You can find more information about managed identities for Azure resources here: https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/overview#which-o...

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Enabling JIT Access for Managed Identities through PIM - Possible?

Enabling JIT Access for Managed Identities through PIM - Possible?

Re: Enabling JIT Access for Managed Identities through PIM - Possible?