Skip to content

Activation Profiles

Jump to bottom
Sebastian F. Markdanner [MVP] edited this page May 7, 2026 · 3 revisions

Activation Profiles

Activation profiles are saved role sets that you can re-activate with a single click. They live in your browser's IndexedDB and survive across sessions on the same browser profile.

Why profiles?

If you regularly activate the same combination of roles to do a job — say, an "incident response" set that bundles Security Reader on a subscription with Compliance Administrator in Entra and Member of an "incident-response" PIM group — a profile turns that into one click instead of three checkboxes plus a justification.

Creating a profile

  1. Tick the eligible roles you want to bundle.
  2. Open the Profiles menu and choose Save as profile.
  3. Give it a name. Optionally pre-fill:
    • Default justification (used unless you override at activation time)
    • Default ticket number
    • Default duration in hours and minutes (still capped to each role's policy maximum)

Using a profile

Pick the profile from the Profiles menu. Its roles are pre-selected, its defaults pre-filled. Edit any field, then click Activate.

The portal updates the profile's lastUsedAt timestamp so your most common rotations stay at the top of the menu.

Tenant scoping

Profiles can be scoped to a specific tenant. Enable Tenant-scoped profiles in Settings and each new profile is bound to the tenant in which it was created. When you switch tenants, only the profiles for that tenant appear.

This is most useful in guest scenarios where you have eligibilities in multiple directories and want clean separation.

Editing and deleting

From the Profiles menu, choose Manage profiles to rename, edit defaults, change role membership, or delete profiles.

Storage details

Profiles are stored in IndexedDB under a single object store. Each record carries:

Field Meaning
id Stable UUID
name Display name
roles Array of role uids
tenantId Tenant the profile is scoped to (when tenant scoping is on)
justification Optional default justification
ticket Optional default ticket information
durationHours, durationMins Optional default duration
createdAt, lastUsedAt Timestamps

Nothing in a profile leaves your browser. Profiles are not synchronized across devices or browser profiles.

What if a role disappears?

If you delete an eligibility, change tenants, or are removed from a PIM group, the corresponding role uid in your profile becomes stale. The portal silently drops missing roles when the profile loads — your other roles still activate normally. Use Manage profiles to clean up.

Limits

  • Profiles are per-browser-profile. Use a different browser, a different machine, or private browsing and you start with an empty list.
  • IndexedDB has generous quotas in modern browsers; you are unlikely to hit them with profile data.

Live portal · Repository · Issues · Discussions · Changelog · PIMActivation PowerShell module

Get started

Use the portal

Run your own copy

Build and contribute

Live portal · Repository · PowerShell module

Clone this wiki locally