Aggregate PIM Groups

Hi, I wanted to understand if it is possible to aggregate PIM groups from Entra into ISC?
We are using AAD connector, and the connector doc mentions that we can aggregate PIM Roles but there is no mention of PIM groups.
Wanted to get a confirmation if this functionality is available today?

Thanks!

Are you referring to Groups attached to PIM roles? These are standard Security Groups and can be managed by SailPoint. (We are already doing this for Azure Resource Roles by just aggregating groups in general)

If you are referring to the PIM Group feature (PIM activate to temporarily instate your Ownership of a group) not sure.

1 Like

I’m affraid not, this is what Entra connector says about PIM management

Yeah correct, that’s what we also noticed. Looks like we can’t aggregate PIM groups into ISC.

I recently went down this rabbit hole as well. It looks like I can manage PIM eligibility for the roles but not the groups. spent hours trying to find the answer in the docs and in testing. Is this on a roadmap somewhere? groups allow merging multiple PIM roles into a singular activation and the desire is to expose someone as PIM eligible with a group but still need to activate the actual PIM within the Azure portal.

This document got me somewhat excited but it appears it’s for creating a group? Azure PIM Provisioning Policy for Microsoft Entra ID Groups

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.