How to get all groups managed by PIM using either rest API or any SDK API?

Eyal Kaufman 0

Is it possible to retrieve all groups managed by PIM?

for example, the groups shown here:

User's image

In addition, I want to get a list of all these groups and get the "Eligible assignments" of each group, but I didn't find any API that can do this.

I have tried to use this documentation but I didn't find what I was looking for:

https://learn.microsoft.com/en-us/graph/api/resources/privilegedidentitymanagementv3-overview?view=graph-rest-1.0

Any suggestions?

Any help is appreciated!

1 answer

Andy David - MVP 157.8K Reputation points MVP Volunteer Moderator

2023-03-21T12:09:15.6466667+00:00

Maybe grab all the group IDs then see which are role-assignable?

https://learn.microsoft.com/en-us/azure/active-directory/roles/groups-view-assignments
Please sign in to rate this answer.
Eyal Kaufman 0 Reputation points

2023-03-22T10:36:52.56+00:00

Unfortunately, this doesn't return the data I seek, as it returns the role assignments of a group, not including PIM assignments.

I want to get all the groups managed by PIM and their eligible and active assignments.

Jillis Reijmers 0 Reputation points

2024-04-16T07:57:09.43+00:00

Groups that can be managed by PIM do not have to be role assignable. You can - for example - also create an Entra ID group which is not role assignable and assign it to some custom role in either Intune or Defender XDR RBAC.

https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/concept-pim-for-groups#relationship-between-role-assignable-groups-and-pim-for-groups
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Your answer