![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 5%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERS%3C/text%3E%3C/svg%3E)
2,036 questions
Hi @Ravikiran S · Thank you for reaching out.
The groups with below option enabled are the only groups that can be configured as Privileged Access Groups. Which means, any privilege role like User admin, Global admin, Authentication admin etc. can be assigned to this group.
Classic problem that PAGs solves:
- You can assign administrative role to the group and all group members will get privileges based on the role assigned to the group. Role assignment is not required to be done on per user basis.
- Privileged Access Groups enable just-in-time (JIT) access to the Owner or Member role of this group with the help of Azure AD Privilege Identity Management (PIM). This allows eligible users to be activate their membership of PAG for a specific period of time whenever they need and at the expiry of the specified time, membership will be removed automatically. Previously this could be done only at the role level and not at group level.
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.