How to grant end user Reader access to Entra Permission Management Portal

NeelDarji-7992 91 Reputation points
2024-01-20T15:46:34.8+00:00

I want to test Entra Prmission Management. I enabled 30-days Free trial. As I am Global Admin, I can launch the portal and can see Discovery and Remediation. But I want to grant access to my team who can login to Entra Permission Management Portal and can see Permission data. Can anyone send me detailed steps to achieve the same? Should we give these users direct access to Enterprise Application in AD that was created after enabling Entra Free Trial or somewhere from within the tool?

Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
976 questions
{count} votes

Accepted answer
  1. Shweta Mathur 30,296 Reputation points Microsoft Employee Moderator
    2024-01-25T08:32:32.5366667+00:00

    Hi @Neel Darji , Thanks for reaching out. You can manage the permission using Group in Microsoft Entra Permission Management. The least privilege which required is to create group-based permissions is Permissions Management Administrator. You can create a Azure AD group of users you want to assign permissions to and then navigate to Permission management portal. Select User Management by clicking on the profile on the right side. User's image

    Click on the "Create Permission" and select the Azure AD security Group to create permission and permission type. User's image

    This will assign permission to users in that Group to access permission portal. Reference - https://learn.microsoft.com/en-us/entra/permissions-management/how-to-create-group-based-permissions Hope this will help.

    Thanks,

    Shweta


    Please remember to "Accept Answer" if answer helped you.

    1 person found this answer helpful.

2 additional answers

Sort by: Most helpful
  1. Azar 29,520 Reputation points MVP Volunteer Moderator
    2024-01-20T16:14:04.4466667+00:00

    Hey Neel Darji

    So to grant your team members Reader access to the Entra Permission Management Portal,logint to your Azure AD Portal.

    Log in with your Global Admin credentials.

    In the left navigation pane, select Azure Active Directory.

    Under the "Manage" section, click on "Enterprise applications."

    Inside the Enterprise Application, go to the "Users and groups" section.

    Add the users or groups you want to grant access to. Ensure that these users or groups have the appropriate role.

    Go to the "Roles and administrators" section.

    Assign the "Reader" role to the users or groups you added in the previous step. The "Reader" role provides read-only access to view information in Azure AD.

    finally hit Save your changes.

    This is the common method for granting access to specific tools or services integrated with Azure

    Ifthis helps kindly accept the answer thanks much.


  2. Sina Salam 22,031 Reputation points Volunteer Moderator
    2024-01-20T16:32:40.89+00:00

    Hello Neel Darji

    Welcome to the Microsoft Q&A and thank you for posting your questions here. Your question is to know how you can grant end user Reader access to Entra Permission Management Portal. Please, read carefully the below instruction.

    Here is a general guide on how you might grant access to your team:

    1. Login as Global Admin: Log in to the Entra Permission Management Portal as a Global Admin.
    2. Navigate to User Management: Look for a section related to user management, roles, or permissions within the Entra Permission Management Portal.
    3. Create or Locate User Accounts: Create user accounts for your team members if they don't already exist, or locate their existing accounts.
    4. Assign Roles: Assign the appropriate roles to your team members. You may want to assign a role that allows them to view permission data. This could be a "Reader" role or a similar role with read-only access.
    5. Save Changes: Save the changes to the user accounts.
    6. Communicate User Credentials:

    If you created new user accounts, communicate the login credentials securely to your team members. As for whether you should give users direct access to the Enterprise Application in Active Directory (AD), that depends on the architecture and integration of the Entra Permission Management tool. In some cases, access is managed directly within the tool's interface, and users do not need direct access to AD, except your infrastructure and configuration support or integrated with the solution. However, to integrate Microsoft Entra ID (formerly known as Azure Active Directory) with Microsoft Entra Management, you can use Microsoft Entra Connect, which is a tool that helps you manage AD FS (Active Directory Federation Services) and customize sign-in pages.

    For precise guidance, refer to the official documentation of Entra Permission Management below as a reference:

    1. Microsoft Entra Permissions Management
    2. Microsoft Entra Permissions Management 2
    3. Microsoft Entra Connect - AD FS management and customization

    I hope this guide is helpful! Do not hesitate to let me know if you have any other questions.

    Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution. Best Regards, Sina Salam

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.