I've created an Azure security group called "contoso-ad-adm-teams-administrator". Under "Privileged Identity Management" I added an eligible assignment for the member Adele.
In the Azure portal, I can see all the groups available to me (Adele) via “Privileged Identity Management” -> “My roles” -> Groups under “Eligible assignments”.
I'm writing a tools with C# to manage or abstract Azure PIM. For that I'm using Graph API. For development I'm using https://developer.microsoft.com/en-us/graph/graph-explorer. How can I retrieve PIM -> My roles via the Graph API?
Initially, I created one security group named "contoso-ad-adm-teams-administrator" and added one eligible assignment under PIM for user 'Sri' as below:
You can also find this here: “Privileged Identity Management” -> “My roles” -> Groups under “Eligible assignments”:
To retrieve above details via Graph API, you can make use of this API call by granting consent to "PrivilegedEligibilitySchedule.Read.AzureADGroup" permission:
GET https://graph.microsoft.com/v1.0/identityGovernance/privilegedAccess/group/eligibilityScheduleInstances/filterByCurrentUser(on='principal')
Response:
Reference:
privilegedAccessGroupEligibilityScheduleInstance: filterByCurrentUser - Microsoft Graph