azuremicrosoft-graph-api

Privileged Identity Management - My roles


I've created an Azure security group called "contoso-ad-adm-teams-administrator". Under "Privileged Identity Management" I added an eligible assignment for the member Adele. enter image description here

In the Azure portal, I can see all the groups available to me (Adele) via “Privileged Identity Management” -> “My roles” -> Groups under “Eligible assignments”. enter image description here

I'm writing a tools with C# to manage or abstract Azure PIM. For that I'm using Graph API. For development I'm using https://developer.microsoft.com/en-us/graph/graph-explorer. How can I retrieve PIM -> My roles via the Graph API?


Solution

  • Initially, I created one security group named "contoso-ad-adm-teams-administrator" and added one eligible assignment under PIM for user 'Sri' as below:

    enter image description here

    You can also find this here: “Privileged Identity Management” -> “My roles” -> Groups under “Eligible assignments”:

    enter image description here

    To retrieve above details via Graph API, you can make use of this API call by granting consent to "PrivilegedEligibilitySchedule.Read.AzureADGroup" permission:

    GET https://graph.microsoft.com/v1.0/identityGovernance/privilegedAccess/group/eligibilityScheduleInstances/filterByCurrentUser(on='principal')
    

    Response:

    enter image description here

    Reference:

    privilegedAccessGroupEligibilityScheduleInstance: filterByCurrentUser - Microsoft Graph