How To Activate Eligible Membership To A Privileged (PIM) Group?

Introduction

This article provides instructions on how to activate one’s eligible membership to a privileged (PIM) group.

Pre-requisites

• Your account must be assigned as an eligible member of a PIM-enabled group.
• The group must have an eligible role assignment to an Azure management group or resource.

Steps

1. Log into the Azure portal.
2. Open the PIM (Privileged Identity Management) module.
   • In the top center Azure search box, type PIM.
   • Select "Azure AD Privileged Identity Management".
     
3. In the left vertical navigation menu, click on " My Roles."
   
4. In the left vertical navigation menu, select “Privileged access groups” to see all your eligible group assignments.
   • On the right sub-pane, select “Eligible assignments”.
   • Find the row that corresponds with the group and role you are looking for and click Activate.
5. Configure the parameters of the activation.
   • IF YOUR PIM REQUIRES SECONDARY APPROVAL, where possible, choose the custom activation start time to give the approvers time to approve your window in advance to reduce delays. Give as much advanced notice as possible.
   • Choose the duration. Please choose a duration fitting for the task you intend to perform only. If later you perform more privileged activities, you can activate your access again separately, including the details required for the subsequent task.
   • Enter Ticket System
   • Enter the ticket number.
   • Enter the ticket number.
   • Enter the reason.
   • Click Activate.
     
6. Wait for the activation process to be completed, normally less than a minute.
   

Verification Process

1. Navigate to the affected resource.
2. Click "Access Control (IAM)" in the left navigation bar.
3. Under check access, search for the account or group you activated your access for.
4. Select it.
5. Confirm you now have the access you requested.