Two products, one goal: streamline and enhance the Microsoft Entra ID Privileged Identity Management experience — from the command-line to the browser.
Choose the integration that fits your workflow — use the command-line or open a browser portal, hosted or in your own Azure tenant.
Activate, deactivate, and manage PIM eligible roles without leaving the terminal. Supports Entra ID roles, Azure Resource roles, and PIM for Groups — with justification, ticket number, and MFA step-up handled automatically. Install in seconds from the PowerShell Gallery and script your activation workflows end-to-end.
A zero-backend browser SPA that talks directly to Microsoft Graph and Azure Resource Manager — no server, no stored secrets. Supports bulk activation across all role types, saved activation profiles, Conditional Access auth-context step-up, and real-time expiry tracking. Use the hosted version at portal.pimactivation.com, or deploy a single-tenant instance that creates its own Entra app registration with one click.
Every product in this ecosystem is designed to minimise credential exposure and attack surface.
Client IDs and tenant IDs are injected at deploy time. No credentials are ever stored in the source code.
The portal has no backend — your tokens never leave the browser. Profiles are stored in your own IndexedDB.
All API calls use delegated user tokens. No application permissions, no service-account credentials.
Every line of code is public and auditable. No telemetry, no analytics, no tracking.
PIMActivation
