https://github.com/epomatti/azure-pim-security
Azure Privileged Identity Management (PIM) security scenarios
https://github.com/epomatti/azure-pim-security
azure azure-pim azure-security entra entra-id pim terraform
Last synced: 2 months ago
JSON representation
Azure Privileged Identity Management (PIM) security scenarios
- Host: GitHub
- URL: https://github.com/epomatti/azure-pim-security
- Owner: epomatti
- License: mit
- Created: 2023-12-16T16:50:42.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2023-12-16T17:00:15.000Z (over 2 years ago)
- Last Synced: 2025-07-29T22:11:29.952Z (11 months ago)
- Topics: azure, azure-pim, azure-security, entra, entra-id, pim, terraform
- Language: HCL
- Homepage:
- Size: 56.6 KB
- Stars: 0
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Azure PIM Security
Azure Privileged Identity Management (PIM) security scenarios.
To create the sample resources:
```sh
cp config/template.tfvars .auto.tfvars
terraform init
terraform apply -auto-approve
```
### Role settings
Settings you can require on `activation`:
- MFA, or conditional access authentication context
- Justification
- Ticket information
- Approval
Assignment:
- Allow permanent eligible assignment (or set to expire)
- Allow permanent active assignment (or set ot expire)
- Require Azure MFA on active assignment
- Require justification on active assignment
### Scenario
Here is a scenario for PIM assignment.
The following users will be created:
| Name | Member of |
|----------|----------------|
| User1 | Group1 |
| User2 | Group2 |
| User3 | Group1, Group2 |
> ℹ️ `Group1` and `Group2` are already created with PIM roles assignment enabled
To execute this PIM scenario, configure a role such as `Security Administrator` like this:
`Group1` assignment:
`Group2` assignment:
