Assign Azure AD Roles In PIM 

With Azure Active Directory (Azure AD), a Global administrator can make permanent Azure AD admin role assignments. These role assignments can be created using the Azure portal.

The Azure AD Privileged Identity Management (PIM) service also allows Privileged Role Administrators to make permanent admin role assignments. Additionally, Privileged Role Administrators can make users eligible for Azure AD admin roles. An eligible administrator can activate the role when they need it, and then their permissions expire once they're done. 

How To Make A User Eligible For A Role 

Follow these steps to make a user eligible for an Azure AD admin role. 

  1. Sign in to Azure Portal with a user that is a member of the Privileged Role Administrator role. 
  2. Open Azure AD Privileged Identity Management. 
  3. Click Azure AD roles. 


  1. d. Click Roles or Members. Click Add member to open Add managed members. 


  1. e. Click Select a role, click a role you want to manage, and then click Select. 


  1. f. Click Select members, select the users you want to assign to the role, and then click Select. In Add managed members, click OK to add the user to the role. 




  1. h. In the list of roles, click the role you just assigned to see the list of members.