Start-CafPimRole
Activates the user's PIM Role assignment.
Syntax
Start-CafPimRole
-Justification <string>
[-DurationHours <int>]
[-RoleId <string>]
[-TenantId <string>]
[-NoMsalFallback]
[-ShowMsalErrors]
[-Wait]
Description
Checks if the user is eligible for the role and activates the assignment.
Example
Start-CafPimRole
-Justification "Do privileged activities"
-TenantId "yourTenantId"
Parameter
-DurationHours
The duration in hours for the assignment.
| Property | Value |
|---|---|
| Type: | int |
| Default value: | 1 |
| Required: | False |
-Justification
The reason why you want to activate the assignment.
| Property | Value |
|---|---|
| Type: | string |
| Default value: | None |
| Required: | True |
-RoleId
The id of the role. Default is "Global Administrator".
| Property | Value |
|---|---|
| Type: | string |
| Default value: | "62e90394-69f5-4237-9190-012177145e10" |
| Required: | False |
-TenantId
The tenant id you want to activate the role on.
| Property | Value |
|---|---|
| Type: | string |
| Default value: | None |
| Required: | False |
-NoMsalFallback
If set, the command will not retry using MSAL.PS to force MFA authentication.
| Property | Value |
|---|---|
| Type: | SwitchParameter |
| Default value: | False |
| Required: | False |
-ShowMsalErrors
If set, raw MSAL errors are shown in the output.
| Property | Value |
|---|---|
| Type: | SwitchParameter |
| Default value: | False |
| Required: | False |
-Wait
If set this will ensure that the execution continues after the request was approved and the user is member of the role.
| Property | Value |
|---|---|
| Type: | SwitchParameter |
| Default value: | False |
| Required: | False |
See also
Stop-CafPimRole— deactivates the role assignment activated by this command