Skip to content
/ azure-pim-security Public

Azure Privileged Identity Management (PIM) security scenarios

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

epomatti/azure-pim-security

BranchesTags

Repository files navigation

Azure PIM Security

Azure Privileged Identity Management (PIM) security scenarios.

To create the sample resources:

cp config/template.tfvars .auto.tfvars

terraform init
terraform apply -auto-approve

Role settings

Settings you can require on activation:

  • MFA, or conditional access authentication context
  • Justification
  • Ticket information
  • Approval

Assignment:

  • Allow permanent eligible assignment (or set to expire)
  • Allow permanent active assignment (or set ot expire)
  • Require Azure MFA on active assignment
  • Require justification on active assignment

Scenario

Here is a scenario for PIM assignment.

The following users will be created:

Name Member of
User1 Group1
User2 Group2
User3 Group1, Group2

ℹ️ Group1 and Group2 are already created with PIM roles assignment enabled

To execute this PIM scenario, configure a role such as Security Administrator like this:

Group1 assignment:

Group2 assignment:

About

Azure Privileged Identity Management (PIM) security scenarios

Topics

azure terraform pim azure-security entra entra-id azure-pim

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages