Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Staff who are eligible owners of PIM groups in their area can activate the owner role to manage eligible assignments in that group. This guide details how the owner can grant to new employees the ability to activate privileged roles, to perform administrative tasks in UConn’s Entra ID or Microsoft 365 environments.

Navigate to or bookmark https://aad.portal.azure.com/#view/Microsoft_Azure_PIMCommon/CommonMenuBlade/~/aadgroup to quickly access & elevate to the owner role of a PIM group. Step by step instructions are below.

Roles can be activated for up to 8 hours at a time.

  1. Navigate to https://entra.microsoft.com and login with your NetIDAdmin account

  2. Expand the Identity Governance section and click on Privileged Identity Management (PIM)

    1. Optionally pin PIM as a favorite by clicking the star icon to the right of its entry.

      left-hand navigation in Microsoft Entra ID highlighting the Privileged Identity Management option in the Identity Governance section

  3. Click on Groups under the Manage section on the left-hand side

    image-20241216-172301.png

  4. Click on the PIM group you manage for your area, select My Roles in the Tasks section, then Activate your owner role within the Eligible assignments section

    image-20241216-172621.png

  5. Specify a duration, provide a short justification, and click Activate. Once activated, you can manage the group to add/remove other eligible assignments or extend existing assignments using the steps below.

    image-20241216-172730.png

Adding Additional Assignments

  1. To grant another user the ability to activate the admin roles associated with your PIM group, navigate to PIM Groups and click on the respective group

  2. Navigate to Assignments in the Manage section, click the Eligible assignments tab and click Add assignments

    image-20241216-173852.png

  3. Select Member as the role, choose the user(s) to grant this assignment and click next

    image-20241216-174134.png

  4. Ensure the assignment type is Eligible and specify a duration (max 1 year)

    image-20241216-174402.png

  5. The selected user(s) will now be eligible members and can activate their admin roles by following Activating "Just in Time" Microsoft Admin Roles via Privileged Identity Management (PIM)

    image-20241216-174633.png

Extending Existing Eligible Assignments

  1. Navigate to PIM Groups and click on the respective group

  2. Click on Assignments within the Manage section, click the Eligible assignments tab, and click Update on the expiring assignment you’d like to extend

    image-20241216-180354.png

  3. Specify the new assignment end date and click Save

    image-20241216-180506.png

Related Pages

  • No labels