Share via

Notifying approvers about a PIM approval request without their email property

tak-5409 60 Reputation points
2023-06-29T02:33:18.1266667+00:00

In Azure AD PIM, we aim to notify the approver when a user request to activate their eligible role.

I think by default Azure use the email property of the approver for sending an email for notification. However due to various reasons, we cannot use that property and have to leave the property empty.

Therefore we are not sure about how to notify the approver when the request is sent.

Are there any alternatives to notify the approver about the request bypassing the use of the email property?

Specifically we have considered creating a security group for the approver and set the property "select approver" property as that group in PIM role setting.

However no member in that group has an email property in their user attribute.

Any suggestions or insights would be greatly appreciated.

Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Microsoft Entra | Other
0 comments
Accepted answer
  1. Andy David - MVP 157.8K Reputation points MVP Volunteer Moderator
    2023-06-29T11:34:28.0466667+00:00

    Its gonna be kinda hard to notify people if you dont allow email addresses :)

    And the OtherMails doesnt appear to be supported:

    https://github.com/MicrosoftDocs/azure-docs/issues/90870

    Otherwise, you would prob have to spin up your own process perhaps:

    https://gotoguy.blog/2018/09/15/create-your-own-azure-ad-pim-app-with-powerapps-and-flow-using-microsoft-graph/

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.