Share via

Not getting Activate button after validating the request from the assigned role to access AWS icon from "My Apps"

Padmini Abburi (Supplier) 0 Reputation points
2026-05-14T13:38:38.5266667+00:00

Not getting Activate button after validating the request from the assigned role to access AWS icon from "My Apps"

Azure Role-based access control
Azure Role-based access control

An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. VEMULA SRISAI 13,140 Reputation points Microsoft External Staff Moderator
    2026-05-14T15:00:52.9366667+00:00

    Hello Padmini Abburi (Supplier),

    The “Activate” option in My Apps will only appear if the access is configured via Microsoft Entra Privileged Identity Management (PIM) and the assignment type is Eligible, not Active.

    Please validate the following:

    • Ensure the AWS application role is assigned as Eligible (PIM) and not Active or directly assigned.
    • Confirm PIM is enabled for the application (Enterprise App → Privileged Identity Management → Roles).
    • Ask the user to check under My Roles (https://portal.azure.com → PIM) instead of only relying on My Apps.

    If the role is directly assigned or already active, the Activate button will not appear, and access should be immediate via the AWS tile.

    https://learn.microsoft.com/en-us/entra/identity/saas-apps/aws-single-sign-on-tutorial

    https://aws.amazon.com/blogs/security/implementing-just-in-time-privileged-access-to-aws-with-microsoft-entra-and-aws-iam-identity-center/

    Was this answer helpful?

    0 comments

  2. AI answer

    2026-05-14T13:38:52.39+00:00

    The AWS app icon in My Apps is shown based on Microsoft Entra app assignment and provisioning, not on a PIM “Activate” button in My Apps itself. The “Activate” action for privileged roles happens in Microsoft Entra Privileged Identity Management (PIM), not in the My Apps portal.

    To access the AWS icon and the correct AWS role from My Apps, check these areas:

    1. Confirm the AWS app and role assignment
      • In the Microsoft Entra admin center, verify that the user is assigned to the AWS enterprise application and mapped to the correct AWS role via group/role mapping.
      • If the role or app is missing, the AWS icon or role options will not appear in My Apps.
      • If a role cannot be selected, go back to the Provisioning page for the AWS app and confirm that provisioning has completed successfully and that the IAM user/role in AWS has the correct permissions. If needed, restart the provisioning engine and let it re-import roles.
    2. If using PIM for Microsoft Entra roles
      • The “Activate” button for an eligible Microsoft Entra role appears in PIM, not in My Apps.
      • Go to Microsoft Entra admin center → ID Governance → Privileged Identity Management → My roles → Microsoft Entra roles.
      • Find the eligible role and select Activate. Complete MFA and justification as required, then select Activate.
      • After activation, sign out and sign back in if permissions do not appear immediately, because propagation and portal caching can delay the effect.
    3. If using PIM for Azure resource roles (not needed just for AWS SSO icon)
      • For Azure resource roles, use PIM under My Azure Resource roles (web or Azure mobile app) and choose Action > Activate on the role.
    4. Test AWS SSO from My Apps
      • Open a private browser session.
      • Go to https://myapps.microsoft.com and sign in with the test/user account.
      • Confirm that the AWS Console app icon is visible and select it. Once SSO succeeds, verify that the AWS Management Console shows the expected role and permissions.

    If the AWS icon is visible but the expected AWS role is missing, focus on the AWS app provisioning and group/role mapping. If the icon is missing entirely, verify app assignment and that the user has the necessary Entra role or group membership.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.