Enable synchronized AD groups (or AAD groups) to map to PIM.
Rather than adding single accounts from AAD (which may be synched from AD), it would be great to map AAD (or synched AD) groups to eligibility rules. E.g. AAD group A is eligible for Role Exchange Admin. That way, one could administer AD groups for privileged access like in RBAC and use PIM to activate the privileges. Adding single users may be difficult to handle in large environments.
Robert Tucker commented
Is there a roadmap planned? Which semester will this be included in? 2019?
Hey folks, just letting you know this is on our roadmap and we haven't forgotten about this one!
Jan Bakker commented
Any update on this? Would be a great feature!
This would be really good. We are currently only 14 users in PIM but the need is there, even with such a small team.
This feature is desperately needed. Any view on when we will be able to use groups with AD directory roles through PIM?