8.2 Role that requires approval

Task 2: Activate a role that requires approval.

In this task, you will activate a role that requires approval.

  1. In the InPrivate browser window, in the Azure portal, while signed in as the aaduser2 user, navigate back to the Privileged Identity Management | Quick start blade.

  2. On the Privileged Identity Management | Quick start blade, in the Tasks section, click My roles.

  3. On the My roles | Azure AD roles blade, in the list of Eligible assignments, in the row displaying the Global Reader role, click Activate.

  4. On the Activate - Global Reader blade, in the Reason text box, type a text providing justification for the activation, and then click Activate.

  5. Click the Notifications icon in the toolbar of the Azure portal and view the notification informing that your request is pending approval.

    Note: As the Privileged role administrator you can review and cancel requests at any time.

  6. On the My roles | Azure AD roles blade, locate the Security Administrator role, and click Activate.

  7. Click the warning Additional verification required. Click to continue.

  8. Follow the instructions to verify your identity.

    Note: You only have to authenticate once per session.

  9. Once you are back in the Azure Portal interface, on the Activate - Security Administrator blade, in the Reason text box, type a text providing justification for the activation, and then click Activate.

    Note: The auto approval process should complete.

  10. Back on the My roles | Azure AD roles blade, click the Active assignments tab and notice that the listing of active assignments includes Security Administrator but not the Global Reader role.

    Note: You will now approve the Global Reader role.

  11. Sign out of the Azure portal as aaduser2.

  12. Sign into the Azure portal as aaduser3.

    Note: If you run into problems with authenticating by using any of the user accounts, you can sign in to the Azure AD tenant by using your user account to reset their passwords or reconfigure their sign-in options.

  13. In the Azure portal, navigate to Azure AD Privileged Identity Management.

  14. On the Privileged Identity Management | Quick start blade, in the Tasks section, click Approve requests.

  15. On the Approve requests | Azure AD roles blade, in the Requests for role activations section, select the checkbox for the entry representing the role activation request to the Global Reader role by aaduser2.

  16. Click Approve. On the Approve Request blade, in the Justification text box, type a reason for activation, note the start and end times, and then click Confirm.

    Note: You also have the option of denying requests.

  17. Sign out of the Azure portal as aaduser3.

  18. Sign into the Azure portal as aaduser2

  19. In the Azure portal, navigate to Azure AD Privileged Identity Management.

  20. On the Privileged Identity Management | Quick start blade, in the Tasks section, click My roles.

  21. On the My roles | Azure AD roles blade, click the Active Assignments tab and verify that the Global Reader role is now active.

    Note: You might have to refresh the page to view the updated list of active assignments.

  22. Sign out and close the InPrivate browser window.

Result: You have practiced activating PIM roles with and without approval.