Setting up eligible PIM in large hub and spoke (ALZ) environment with several development teams.

[LarsVidingSE]

Hi,

I shall deploy eligible PIM in a "large" Hub and spoke environment with scope to Azure subscription and resource groups and to several development team which has only eligible for their workloads and each team has two types of member roles. Member and System Architect. Each workload has four environment development, testing, acceptance and lastly production. My goal is to setup this via code.

We shall set this up for 6 different Azure RBAC roles. And we have 7 development teams and two member roles in each dev team.

The reader role shall be setup as permanent on scope Az Subscription level.
All the other will be eligible with require of MFA and only for 5 hours.

I have built a script that is importing all RBAC groups, member groups, Azure Roles, eligible Types and the scope level.

Today I have a problem with the eligible PIM.

Do you think that I will be more successful with your module and be able to use my source of truth which today is my excel file?

[kayasax]

Hi @LarsVidingSE sorry I missed your message.
I cannot tell you if it will be more successful with my module (what is your error?)
EasyPIM can export / import PIM settings to CSV files, you'll have to create your own logic if you want to use your own file format....
Hope that helps!