How to Request Temporary Elevated Access in Azure Priviledged Identity Management (PIM)

Purpose

The purpose of this article is to detail the process for elevating your permissions in Azure Cloud.

Target Audience

  • Vanderbilt University Community with access to an Azure subscription.

    • Faculty and Staff

    • Undergraduate Students

    • Graduate and Professional Students

  • VUIT Internal Knowledge  

Prerequisites

  • Ensure you have access to the Azure tenant.
  • You must have read-only access to a VU-managed subscription.
  • You must be added to an AD group eligible to escalate permissions (typically, ending with _Contributor).  

Description

This guide will walk you through the process of requesting temporary "elevated" permissions for specific tasks.

Resolution or Procedure Steps

  1. Sign into the Azure portal using your Vanderbilt email and password
  2. At the top of the page, use the search bar to navigate to Microsoft Entra Privileged Identity Management
  3. Under Tasks, select My Roles, then select Azure Resources
    Screenshot of my roles - Azure resource roles page.
  4. Under Eligible assignments, there will be a list of subscriptions or resources that can be activated. Select Activate next to the subscription you wish to elevate permissions in.
    Screenshot of the opened Activate pane with scope, start time, duration, and reason.
  5. In the pop-up, set your duration between 0.5 and 8 hours, and include your need for elevation within the Reason field.
  6. Once entered, click the Activate button. Once you have been elevated, the browser will refresh.

References

Print Article