If the account you are trying to reset the password has an elevated role, then you need to use
Also see:
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hello! I've assigned the "User Administrator" role for a particular user we'd like to test. Role has been set to "active" in Privileged Access Management. Test user even gets the email that their access has been elevated in AzureAD. I even logged out as the test user and back on but still cannot reset any user passwords. What is wrong?
Test user has the E3 licensing assigned and even tried with an E5 license.
Any help would be appreciated. Thanks!
If the account you are trying to reset the password has an elevated role, then you need to use
Also see:
Hi Dale,
Did the user log into Azure, go to PIM and accept the access?
PIM > My Roles > Eligible Assignments.
You can verify the user has been assigned the role under the Active Assignments tab.
What roles do the accounts you are trying to change have? The "User Administrator" role cannot change the password for accounts with certain roles, such as "Global Admin" and "Privileged Role Admin". It also cannot change the password for normal user accounts which if they are a member/owner of a role-assignable group.
Also keep an eye out for any administrative units which may affect the scope you have permissions over.
There are a few things you can try to resolve the issue:
If none of these steps resolve the issue, you may need to open a support ticket with Microsoft to get further assistance.
Thank you for your post!
I understand that you're having issues resetting another user's password after assigning the User Administrator role to your test user via PIM. Can you share any error messages that you're seeing when trying to reset the user's password?
Troubleshoot portal delay - Permissions aren't granted after activating a role:
When you activate a role in Privileged Identity Management, the activation might not instantly propagate to all portals that require the privileged role. Sometimes, even if the change is propagated, web caching in a portal may cause a delay before the change takes effect. If your activation is delayed, sign out of the portal you're trying to perform the action and then sign back in. In the Azure portal, PIM signs you out and back in automatically.
If you have any other questions, please let me know.