Assign Eligibility Azure Active Directory (Azure AD) Roles In Privileged Identity Management (PIM)

In this article, you will learn how to assign eligibility Azure Active Directory (Azure AD) roles in Privileged Identity Management (PIM).

Introduction

 
The Azure AD Privileged Identity Management (PIM) administration likewise permits Privileged Role Administrators to make permanent administrator role assignments. Also, Privileged Role Administrators can make clients eligible for Azure AD administrator roles. An eligible admin can activate the role when they need it, and after that their permissions expire once they're finished.
 
With Azure Active Directory (Azure AD), a global administrator can make permanent Azure AD administrator job assignments. These role assignments can be made utilizing the Azure portal or utilizing PowerShell commands.
 

User eligible for a role

 
Sign in to the Azure portal. Open Azure AD Privileged Identity Management.
 
Assign Eligibility Azure Active Directory (Azure AD) Roles In Privileged Identity Management (PIM)
 
After that, click Azure AD Roles and then, click Roles or Members.
 
Assign Eligibility Azure Active Directory (Azure AD) Roles In Privileged Identity Management (PIM)
 
Then, click "Add member" to add managed members.
 
Assign Eligibility Azure Active Directory (Azure AD) Roles In Privileged Identity Management (PIM)
 
After that, click "Select a role". Click a role you want to manage, and then click "Select".
 
Assign Eligibility Azure Active Directory (Azure AD) Roles In Privileged Identity Management (PIM)
 
And the second option is to click "Select members" and select which users you want to assign to the role and then click "Select".
 
Assign Eligibility Azure Active Directory (Azure AD) Roles In Privileged Identity Management (PIM)
 
Finally, in "Add managed members" section, click OK to add the user to the role.
 
Assign Eligibility Azure Active Directory (Azure AD) Roles In Privileged Identity Management (PIM)
 
See the notification of "Successfully added".
 
Assign Eligibility Azure Active Directory (Azure AD) Roles In Privileged Identity Management (PIM)
 
Then, click the role you just assigned to see the list of members. When the role is assigned, the user you selected will appear in the member list as "Eligible" for the role.
 
Assign Eligibility Azure Active Directory (Azure AD) Roles In Privileged Identity Management (PIM)
 
Now, the user is eligible for the role.
 

A role assignment to permanent

 
New users are only eligible for an Azure AD admin role. Follow these steps to make a role assignment to permanent.
 
Open Azure AD Privileged Identity Management. Click Azure AD roles and click Members.
 
Assign Eligibility Azure Active Directory (Azure AD) Roles In Privileged Identity Management (PIM)
 
Then, select and click an Eligible role that you want to make permanent.
 
Assign Eligibility Azure Active Directory (Azure AD) Roles In Privileged Identity Management (PIM)
 
Click More and see two options then click "Make permanent".
 
Assign Eligibility Azure Active Directory (Azure AD) Roles In Privileged Identity Management (PIM)
 
See the notification for successful change.
 
Assign Eligibility Azure Active Directory (Azure AD) Roles In Privileged Identity Management (PIM)
 
After that, see the role is now listed as permanent.
 
Assign Eligibility Azure Active Directory (Azure AD) Roles In Privileged Identity Management (PIM)
 

Remove a user from a role

 
Open Azure AD Privileged Identity Management.
 
Click Azure AD roles and Click Members.
 
Assign Eligibility Azure Active Directory (Azure AD) Roles In Privileged Identity Management (PIM)
 
Then, select and click a role assignment which one wants to remove.
 
Then, click More >> Remove.
 
Assign Eligibility Azure Active Directory (Azure AD) Roles In Privileged Identity Management (PIM)
 
See this message that asks you to confirm, click Yes.
 
Assign Eligibility Azure Active Directory (Azure AD) Roles In Privileged Identity Management (PIM)
 
The role assignment is removed.