Introduction
The Azure AD Privileged Identity Management (PIM) administration likewise permits Privileged Role Administrators to make permanent administrator role assignments. Also, Privileged Role Administrators can make clients eligible for Azure AD administrator roles. An eligible admin can activate the role when they need it, and after that their permissions expire once they're finished.
With Azure Active Directory (Azure AD), a global administrator can make permanent Azure AD administrator job assignments. These role assignments can be made utilizing the Azure portal or utilizing PowerShell commands.
User eligible for a role
Sign in to the Azure portal. Open Azure AD Privileged Identity Management.
After that, click Azure AD Roles and then, click Roles or Members.
Then, click "Add member" to add managed members.
After that, click "Select a role". Click a role you want to manage, and then click "Select".
And the second option is to click "Select members" and select which users you want to assign to the role and then click "Select".
Finally, in "Add managed members" section, click OK to add the user to the role.
See the notification of "Successfully added".
Then, click the role you just assigned to see the list of members. When the role is assigned, the user you selected will appear in the member list as "Eligible" for the role.
Now, the user is eligible for the role.
A role assignment to permanent
New users are only eligible for an Azure AD admin role. Follow these steps to make a role assignment to permanent.
Open Azure AD Privileged Identity Management. Click Azure AD roles and click Members.
Then, select and click an Eligible role that you want to make permanent.
Click More and see two options then click "Make permanent".
See the notification for successful change.
After that, see the role is now listed as permanent.
Remove a user from a role
Open Azure AD Privileged Identity Management.
Click Azure AD roles and Click Members.
Then, select and click a role assignment which one wants to remove.
Then, click More >> Remove.
See this message that asks you to confirm, click Yes.
The role assignment is removed.