Staff who are eligible owners of PIM groups in their area can activate the owner role to manage eligible assignments in that group. This guide details how the owner can grant to new employees the ability to activate privileged roles, to perform administrative tasks in UConn’s Entra ID or Microsoft 365 environments.
Navigate to or bookmark https://aad.portal.azure.com/#view/Microsoft_Azure_PIMCommon/CommonMenuBlade/~/aadgroup to quickly access & elevate to the owner role of a PIM group. Step by step instructions are below.
Roles can be activated for up to 8 hours at a time.
Navigate to https://entra.microsoft.com and login with your NetIDAdmin account
Expand the Identity Governance section and click on Privileged Identity Management (PIM)
Optionally pin PIM as a favorite by clicking the star icon to the right of its entry.
Click on Groups under the Manage section on the left-hand side
Click on the PIM group you manage for your area, select My Roles in the Tasks section, then Activate your owner role within the Eligible assignments section
Specify a duration, provide a short justification, and click Activate. Once activated, you can manage the group to add/remove other eligible assignments.
To grant another user the ability to activate the admin roles associated with your PIM group, navigate to Assignments in the Manage section, click the Eligible assignments tab and click Add assignments
Select Member as the role, choose the user(s) to grant this assignment and click next
Ensure the assignment type is Eligible and specify a duration (max 1 year)
The selected user(s) will now be eligible members and can activate their admin roles by following Activating "Just in Time" Microsoft Admin Roles via Privileged Identity Management (PIM)
