After you enable a TAP policy, you can create a TAP policy for users in Microsoft Entra ID. The following roles can perform various actions related to a TAP.

• Privileged Authentication Administrators can create, delete, and view a TAP for admins and members (except themselves).
• Authentication Administrators can create, delete, and view a TAP for members (except themselves).
• Authentication Policy Administrators can enable TAP, include or exclude groups, and edit the Authentication methods policy.
• Global Readers can view TAP details for the user (without reading the code itself).

1. Sign in to the Microsoft Entra admin center as at least an Authentication Administrator.
2. Browse to Entra ID > Users.
3. Select the user you would like to create a TAP for.
4. Select Authentication methods and select Add authentication method.
5. Select Temporary Access Pass.
6. Define a custom activation time or duration and select Add.
7. Once added, the details of the TAP are shown. ImportantMake a note of the actual TAP value, because you provide this value to the user. You can’t view this value after you select Ok.
8. Select OK when you’re done.

https://learn.microsoft.com/en-us/entra/identity/authentication/howto-authentication-temporary-access-pass#create-a-temporary-access-pass