How to onboard customer with multiple eligible authorisations
tm19
5
Reputation points
How do I onboard a customer subscription but with multiple eligible Authorisations. The sample file listed here only shows you how to add one. Microsoft documentation does now show you how to onboard a customer with more than one eligible authorization. I've tried to add 2 PIM roles, and while the onboarding deployment succeeds, it only registers the one of the eligible authorizations. Sample file below:
{
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"mspOfferName": {
"value": "Test Offer"
},
"mspOfferDescription": {
"value": "Test"
},
"managedByTenantId": {
"value": "000-0000-0000-00000-0000"
},
"authorizations": {
"value": [
{
"principalId": "000-0000-0000-00000-0000",
"roleDefinitionId": "fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64",
"principalIdDisplayName": "Billing Reader"
},
{
"principalId": "000-0000-0000-00000-0000",
"roleDefinitionId": "acdd72a7-3385-48ef-bd42-f606fba81ae7",
"principalIdDisplayName": "Reader"
}
]
},
"eligibleAuthorizations":{
"value": [
{
"justInTimeAccessPolicy": {
"multiFactorAuthProvider": "None",
"maximumActivationDuration": "PT8H"
},
"principalId": "000-0000-0000-00000-0000",
"principalIdDisplayName": "Contributor",
"roleDefinitionId": "b24988ac-6180-42a0-ab88-20f7382dd24c"
}
],
"value": [
{
"justInTimeAccessPolicy": {
"multiFactorAuthProvider": "None",
"maximumActivationDuration": "PT8H"
},
"principalId": "000-0000-0000-00000-0000",
"principalIdDisplayName": "Virtual Machine Contributor",
"roleDefinitionId": "9980e02c-c2be-4d73-94e8-173b1dc7cf3c"
}
]
}
}
}