Azure AD Role Assignment

Question

Hi All, 
 When I assign an Administrator role to an Azure AD user, the user's Assignment Type is automatically set to Permanent in the Azure Portal. Is there a way to have 1IM set the Assignment Type to Eligible instead? 
 Thanks.

Markus Weiss-Ehlers · Answer

30698 hence PIM support is still not part of the official MS API. In contrary the original MS Beta API has stopped working May 31, 2021 and has been replaced by a new MS Beta API. Just as a reminder why we are trying to prevent Beta APIs. This is the statement from Microsoft about the new API ( https://docs.microsoft.com/en-us/graph/api/resources/rolemanagement?view=graph-rest-beta&preserve-view=true ) (I have highlighted the important part). 
 Important 
 APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported . To determine whether an API is available in v1.0, use the Version selector.

Trevor Pike · Answer

Hey Valiant, I have replied to your service request as well: 
 It doesn't look like this can be configured on the 1IM side of things, out of box. 
 As the documentation states, "Administrator roles are loaded into One Identity Manager by synchronization. You can edit individual master data of administrator roles but cannot create new administrator roles in One Identity Manager." 
 So I think any change of assignment type has to be done on the Azure side of things. 
 Although, I suppose it would be possible to add a custom column that could be mapped to the applicable attribute in Azure, and do it that way. Trevor

Endpoint Privilege Management

Azure AD Role Assignment

Top Replies