Approve or deny requests for Azure AD roles in Privileged Identity Management
With Azure Active Directory (Azure AD) Privileged Identity Management (PIM), you can configure roles to require approval for activation, and choose one or multiple users or groups as delegated approvers. Delegated approvers have 24 hours to approve requests. If a request is not approved within 24 hours, then the eligible user must re-submit a new request. The 24 hour approval time window is not configurable.
Follow the steps in this article to approve or deny requests for Azure AD roles.
View pending requests
As a delegated approver, you'll receive an email notification when an Azure AD role request is pending your approval. You can view these pending requests in Privileged Identity Management.
Sign in to the Azure portal.
Open Azure AD Privileged Identity Management.
Click Azure AD roles.
Click Approve requests.
You'll see a list of requests pending your approval.
Select the requests you want to approve and then click Approve to open the Approve selected requests pane.
In the Approve reason box, type a reason.
The Status symbol will be updated with your approval.
Select the requests you want to deny and then click Deny to open the Deny selected requests pane.
In the Deny reason box, type a reason.
The Status symbol will be updated with your denial.