Readme
Azure PIM TUI
Activate Azure PIM roles from your terminal. No portal clicking, no context switching.
What it does
Finds all your eligible PIM roles across subscriptions and groups
Activate or deactivate roles, one at a time or in bulk
Shows which roles are active and how long they have left
Displays role permissions in a side-by-side detail panel
Filter by name or switch between all/eligible/active views
Reads justification and duration defaults from a config file
Prerequisites
Install
Homebrew (macOS / Linux)
brew install CosX/tap/azure-pim-tui
Winget (Windows)
winget install CosX.AzurePimTui
Chocolatey (Windows)
choco install azure-pim-tui
cargo-binstall (pre-built binary)
cargo binstall azure-pim-tui
cargo install (build from source)
cargo install azure-pim-tui
Pre-built binaries
Grab a binary for your platform from the latest release .
Build from source
git clone https://github.com/CosX/azure-pim-tui.git
cd azure-pim-tui
cargo install -- path
Usage
az login
azure-pim-tui Keybindings
Key
Action
j k Navigate
g G Jump to first / last
a Enter Activate role
d Deactivate role
Space Toggle selection for bulk ops
A Bulk activate selected
r F5 Refresh
/ Search by name
v Cycle view: all / eligible / active
Ctrl+ d Ctrl+ u Scroll detail panel
? Help
q Ctrl+ C Quit
In the activation modal: Tab Enter Esc
Configuration
A config file is created on first run at ~/.config/azure-pim-tui/config.toml
default_justification = "Local development"
default_duration_hours = 8
auto_refresh_secs = 60
How it works
Authenticates with your existing az login
Queries eligible roles and active assignments across all your subscriptions
Fetches role permissions in the background so you can see what each role allows
Activations and deactivations hit the ARM or Graph API depending on the role type
API calls use scoped endpoints with assignedTo( )
License
MIT