Privileged Identity Management Manager & Visualizer
PIM Manager is a specialized tool designed to simplify, visualize, and manage Microsoft Entra ID Privileged Identity Management (PIM) assignments and configurations.
Managing Privileged Access in complex environments is challenging.
Functional Benefits:
- Visual Clarity: See who has access to what, instantly.
- Governance Focused: Built for admins who need to prove compliance and control.
Architectural Philosophy:
- Client-Side Architecture: PIM Manager runs entirely in your browser. No data is stored on our servers. Your tokens and data stay within your session.
- Direct Graph API Integration: We leverage the official Microsoft Graph API for all operations, ensuring reliability and security.
- Governance First: Built for admins who need to prove compliance, offering visualization and reporting capabilities missing from the native tools.
- Secure by Design: Zero Trust principles applied at the core. PIM Manager runs entirely client-side, storing no data on our servers and strictly adhering to the Principle of Least Privilege.
- Unified Governance: View and manage all your privileged assignments (Directory Roles and PIM Groups) in a single, consolidated view.
- Visual Reporting: Instantly visualize role distribution and assignment types (Eligible vs. Active) to identify security risks.
- Security & Trust: Open Source and client-side executed for maximum transparency and trust.
PIM Manager can be used in two ways:
Visit pimmanager.com — no setup required. Sign in with your Microsoft Entra ID account and start immediately.
Deploy PIM Manager directly into your own Azure environment using Azure Static Web Apps (free tier). No fork or CLI required — everything happens in Azure Portal.
Prerequisites:
- An App Registration in your Microsoft Entra ID tenant with the required permissions
- An Azure subscription
Deploy:
The wizard asks for 3 values:
- Static Web App Name — the resource name in Azure
- Location — Azure region (West Europe recommended)
- Entra Client ID — the Client ID from your App Registration
Azure will create the Static Web App, automatically download the latest release, and deploy it. Your app will be live at the URL shown in the deployment outputs.
After deployment: add your Static Web App URL as a redirect URI in your App Registration:
- Go to Entra ID > App registrations > [Your App] > Authentication
- Under Single-page application, add your SWA URL (e.g.
https://your-app.azurestaticapps.net) - Save
The app will not function until this step is completed. See Deployment docs for full details.
To update: re-run the template or delete and redeploy.
See CHANGELOG.md for the latest features, improvements, and security updates.
Comprehensive documentation is available in the docs/ directory.
- Architecture - Deep dive into the client-side design.
- Data Flow - How we fetch and process Graph data.
- Security Model - Authentication, authorization, and data protection.
- Key Concepts - PIM terminology and technical concepts.
PIM Manager's architecture, security model, and zero-trust principles were designed by Joël Prins. Generative AI was used to assist in the coding and research of this project. Every file, function, and logic block has been verified, sanitized, and approved by a human engineer to ensure security and reliability.
For details on how we process data, see Data Flow.
This project is licensed under the GNU General Public License v3.0. See the LICENSE file for details.
