Skip to content

epomatti/azure-pim-security

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits

.assets

.assets

 
 

config

config

 
 

modules/entra

modules/entra

 
 

.gitignore

.gitignore

 
 

.terraform.lock.hcl

.terraform.lock.hcl

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

backend.tf

backend.tf

 
 

main.tf

main.tf

 
 

output.tf

output.tf

 
 

provider.tf

provider.tf

 
 

variables.tf

variables.tf

 
 

Repository files navigation

Azure PIM Security

Azure Privileged Identity Management (PIM) security scenarios.

To create the sample resources:

cp config/template.tfvars .auto.tfvars

terraform init
terraform apply -auto-approve

Role settings

Settings you can require on activation:

  • MFA, or conditional access authentication context
  • Justification
  • Ticket information
  • Approval

Assignment:

  • Allow permanent eligible assignment (or set to expire)
  • Allow permanent active assignment (or set ot expire)
  • Require Azure MFA on active assignment
  • Require justification on active assignment

Scenario

Here is a scenario for PIM assignment.

The following users will be created:

Name Member of
User1 Group1
User2 Group2
User3 Group1, Group2

ℹ️ Group1 and Group2 are already created with PIM roles assignment enabled

To execute this PIM scenario, configure a role such as Security Administrator like this:

Group1 assignment:

Group2 assignment:

About

Azure Privileged Identity Management (PIM) security scenarios

Topics

azure terraform pim azure-security entra entra-id azure-pim

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages