New-AzManagedServicesEligibleAuthorizationObject
Create a in-memory object for EligibleAuthorization
Note
This is the previous version of our documentation. Please consult the most recent version for up-to-date information.
Syntax
New-AzManagedServicesEligibleAuthorizationObject
-PrincipalId <String>
-RoleDefinitionId <String>
[-JustInTimeAccessPolicyManagedByTenantApprover <IEligibleApprover[]>]
[-JustInTimeAccessPolicyMaximumActivationDuration <TimeSpan>]
[-JustInTimeAccessPolicyMultiFactorAuthProvider <MultiFactorAuthProvider>]
[-PrincipalIdDisplayName <String>]
[<CommonParameters>] Description
Create a in-memory object for EligibleAuthorization
Examples
Example 1: Creates new Azure Lighthouse eligible authorization object to use with Registration definition
New-AzManagedServicesEligibleAuthorizationObject -PrincipalId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -PrincipalIdDisplayName "Test user" -RoleDefinitionId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
PrincipalId PrincipalIdDisplayName RoleDefinitionId
----------- ---------------------- ----------------
xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx Test user xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxCreates new Azure Lighthouse eligible authorization object to use with Registration definition.
Example 2: Create new Azure Lighthouse eligible authorization with JustInTime settings
$approver = New-AzManagedServicesEligibleApproverObject -PrincipalId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -PrincipalIdDisplayName "Approver group"
$eligibleAuth = New-AzManagedServicesEligibleAuthorizationObject -PrincipalId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -PrincipalIdDisplayName "Test user" -RoleDefinitionId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -JustInTimeAccessPolicyManagedByTenantApprover $approver -JustInTimeAccessPolicyMultiFactorAuthProvider Azure -JustInTimeAccessPolicyMaximumActivationDuration 0:30
$eligibleAuth | Format-List -Property PrinciPalId, PrincipalIdDisplayName, RoleDefinitionId, JustInTimeAccessPolicyManagedByTenantApprover, JustInTimeAccessPolicyMultiFactorAuthProvider, JustInTimeAccessPolicyMaximumActivationDuration
PrincipalId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
PrincipalIdDisplayName : Test user
RoleDefinitionId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
JustInTimeAccessPolicyManagedByTenantApprover : {Approver group}
JustInTimeAccessPolicyMultiFactorAuthProvider : Azure
JustInTimeAccessPolicyMaximumActivationDuration : 00:30:00Creates new Azure Lighthouse eligible authorization object with JustInTime (JIT) settings.
Parameters
The list of managedByTenant approvers for the eligible authorization. To construct, see NOTES section for JUSTINTIMEACCESSPOLICYMANAGEDBYTENANTAPPROVER properties and create a hash table.
| Type: | IEligibleApprover[] |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
The maximum access duration in ISO 8601 format for just-in-time access requests.
| Type: | TimeSpan |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
The multi-factor authorization provider to be used for just-in-time access requests.
| Type: | MultiFactorAuthProvider |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
The identifier of the Azure Active Directory principal.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
The display name of the Azure Active Directory principal.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
The identifier of the Azure built-in role that defines the permissions that the Azure Active Directory principal will have on the projected scope.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Outputs
Notes
ALIASES
COMPLEX PARAMETER PROPERTIES
To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.
JUSTINTIMEACCESSPOLICYMANAGEDBYTENANTAPPROVER <IEligibleApprover[]>: The list of managedByTenant approvers for the eligible authorization.
PrincipalId <String>: The identifier of the Azure Active Directory principal.[PrincipalIdDisplayName <String>]: The display name of the Azure Active Directory principal.