Skip to content

Provide Azure Privileged Identity Manager admins a more concise summary of all upcoming eligible and assigned roles for users across all subscriptions in the environment

License

Notifications You must be signed in to change notification settings

cameron-doherty/az-pim-expiry-notifier

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 

Repository files navigation

Description

Azure Privileged Identity Management -- a.k.a. PIM -- can produce quite the large number of emails for Administrators to sift through and in a more complex environment where you are managing PIM assignments across multiple subscriptions and wanting to track upcoming expirations, its difficult to gain value out of the deluge of expiration notification messages that are coming in to your inbox. The Azure Portal also falls a bit short in giving you a summarized view of all expirations across all Azure scopes/resources as you need to click into each relevant scope (e.g. Subscription, Resource Group) and view the specific assignments there-in to gain any insight.

This Logic App is meant to assist those responsible for reviewing the expirations so that updates/extensions can be processed prior to impacting a user or group of users being able to activate their relevant role(s) in the environment.

Logic App Flow

flowchart TD
    A[Time Based Start] --> B(Get Eligible Expirations)
    A --> C(Get Assigned Expirations)
    B --> D[[For each eligible, get end date]]
    C --> E[[For each assigned, get end date]]
    D --> F(Merge Results)
    E --> F
    F --> G(Send email with summary)
Loading

About

Provide Azure Privileged Identity Manager admins a more concise summary of all upcoming eligible and assigned roles for users across all subscriptions in the environment

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published