AAD-Group-Writeback-Script icon indicating copy to clipboard operation
AAD-Group-Writeback-Script copied to clipboard

Published 20 hours ago verified publisher icon goodworkaround

Suggested extension

Open jeremyhagan opened this issue 11 months ago • 0 comments

I was thinking something along the lines of this script, so I may just adapt this one, however my suggested mode of operation is as follows:

  1. Admin is logged into jump host and uses PowerShell to activate PIM group
  2. Script polls the activation request until it is successful (need to think up a way to backgrounding this for PIM requests which require approval)
  3. Once PIM is successful, script activates the write back script running as an automation runbook via a webhook, supplying the PIM group name. Write back script is running on a hybrid worker. Use time base group membership feature so that the removal is not reliant on the script running.
  4. Elevation script then polls the desired on-prem group until membership is active
  5. Once elevation is complete, Elevation script purges the logged in user's Kerberos token so that the elevated access is available immediately.

jeremyhagan avatar Mar 12 '24 23:03 jeremyhagan