Jun 20 2023 04:28 AM
Hi,
I would like to use Catalogs and Access Packages to manage eligible membership to PIM managed groups.
I've created the AAD security groups and brought them under PIM management,
I've built the catalog and added the groups as a resource,
I've created the access packages.
When creating the access packages I can select the PIM managed groups, but the only roles I can choose are "Owner" and "Member", but there is no option to select whether this role is to be assigned as "Active" or "Eligible".
Since the whole point of using PIM managed groups is to be able to use Eligible assignments, is seems a bit stupid I can't assign users as eligible using access packages....
So, two questions:
If anyone has the link to vote up this, this is more than welcome!
Thanks for your inputs already!
Jun 20 2023 04:38 AM
Jun 20 2023 05:20 AM
Jun 20 2023 06:15 AM
SolutionNov 22 2023 04:24 PM
@Matthias Vandenberghe
Something, I have been thinking about for a while now too.
I have come up with a theory of double grouping to hopefully solve this issue.
PIM Group contains a normal group as eligible which gets added to the access package.
Still to be tested but hopefully a workaround.
Samrish
Nov 24 2023 04:39 AM
You can use custom extensions (based on logic apps) within Access Packages. In this logic apps flow you can trigger an HTTP post request to Graph API. See: Create eligibilityScheduleRequest - Microsoft Graph v1.0 | Microsoft Learn
Jun 20 2023 06:15 AM
Solution