How to enable PIM for groups using the API

Question

So you've got a somewhat readable page about how to use the Graph API to integrate with PIM for groups here however that require you to have already pressed the button in the AD group -> Privileged Identity Management -> "Enable pim for this group".

I'm lost in finding the API that does the same as that button, where might you have hidden that ?

Below you can see the button that provides the functionality I'm looking for in an API.

Answer 1

Hi @Anonymous ,

The given answer is incorrect. I was stuck on the same thing with support for a longer time as I did find api calls to enable PIM for groups but they were not officially documented and delivered 401 unknown error when being called by a managed identity (even if the underlying system change worked).

Anyway, for automation purposes you do not need to send an enablement call. As per document update (2. September 2023) it will automatically enable the group for PIM once you apply the first setting.

"You can't onboard a group to PIM for groups explicitly. When you request to add assignment to group using Create assignmentScheduleRequest or Create eligibilityScheduleRequest, or you update PIM policy (role settings) for a group using Update unifiedRoleManagementPolicy or Update unifiedRoleManagementPolicyRule, the group is onboarded to PIM automatically if it wasn't onboarded before."
https://learn.microsoft.com/en-us/graph/api/resources/privilegedidentitymanagement-for-groups-api-overview?view=graph-rest-1.0#onboarding-groups-to-pim-for-groups