New-AzManagedServicesEligibleAuthorizationObject

Create a in-memory object for EligibleAuthorization

Syntax

New-AzManagedServicesEligibleAuthorizationObject
   -PrincipalId <String>
   -RoleDefinitionId <String>
   [-JustInTimeAccessPolicyManagedByTenantApprover <IEligibleApprover[]>]
   [-JustInTimeAccessPolicyMaximumActivationDuration <TimeSpan>]
   [-JustInTimeAccessPolicyMultiFactorAuthProvider <MultiFactorAuthProvider>]
   [-PrincipalIdDisplayName <String>]
   [<CommonParameters>]

Description

Create a in-memory object for EligibleAuthorization

Examples

Example 1: Creates new Azure Lighthouse eligible authorization object to use with Registration definition

New-AzManagedServicesEligibleAuthorizationObject -PrincipalId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -PrincipalIdDisplayName "Test user" -RoleDefinitionId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"

PrincipalId                          PrincipalIdDisplayName RoleDefinitionId
-----------                          ---------------------- ----------------
xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx Test user              xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Creates new Azure Lighthouse eligible authorization object to use with Registration definition.

Example 2: Create new Azure Lighthouse eligible authorization with JustInTime settings

$approver = New-AzManagedServicesEligibleApproverObject -PrincipalId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -PrincipalIdDisplayName "Approver group"

$eligibleAuth = New-AzManagedServicesEligibleAuthorizationObject -PrincipalId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -PrincipalIdDisplayName "Test user" -RoleDefinitionId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -JustInTimeAccessPolicyManagedByTenantApprover $approver -JustInTimeAccessPolicyMultiFactorAuthProvider Azure -JustInTimeAccessPolicyMaximumActivationDuration 0:30

$eligibleAuth | Format-List -Property PrinciPalId, PrincipalIdDisplayName, RoleDefinitionId, JustInTimeAccessPolicyManagedByTenantApprover, JustInTimeAccessPolicyMultiFactorAuthProvider, JustInTimeAccessPolicyMaximumActivationDuration

PrincipalId                                     : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
PrincipalIdDisplayName                          : Test user
RoleDefinitionId                                : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
JustInTimeAccessPolicyManagedByTenantApprover   : {Approver group}
JustInTimeAccessPolicyMultiFactorAuthProvider   : Azure
JustInTimeAccessPolicyMaximumActivationDuration : 00:30:00

Creates new Azure Lighthouse eligible authorization object with JustInTime (JIT) settings.

Parameters

-JustInTimeAccessPolicyManagedByTenantApprover

The list of managedByTenant approvers for the eligible authorization. To construct, see NOTES section for JUSTINTIMEACCESSPOLICYMANAGEDBYTENANTAPPROVER properties and create a hash table.

Type:IEligibleApprover[]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-JustInTimeAccessPolicyMaximumActivationDuration

The maximum access duration in ISO 8601 format for just-in-time access requests.

Type:TimeSpan
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-JustInTimeAccessPolicyMultiFactorAuthProvider

The multi-factor authorization provider to be used for just-in-time access requests.

Type:MultiFactorAuthProvider
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-PrincipalId

The identifier of the Azure Active Directory principal.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-PrincipalIdDisplayName

The display name of the Azure Active Directory principal.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-RoleDefinitionId

The identifier of the Azure built-in role that defines the permissions that the Azure Active Directory principal will have on the projected scope.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

Outputs

EligibleAuthorization