> For clean Markdown of any page, append .md to the page URL. > For a complete documentation index, see https://developer-test.atomicwork.com/llms.txt. > For full documentation content, see https://developer-test.atomicwork.com/llms-full.txt. > For AI client integration (Claude Code, Cursor, etc.), connect to the MCP server at https://developer-test.atomicwork.com/_mcp/server. # Create an entitlement POST https://{tenant}.atomicwork.com/api/v1/iga/entitlements Content-Type: application/json Create a new identity entitlement. Requires app_id and type. The entitlement can then be associated with policies and granted to users. Reference: https://developer-test.atomicwork.com/api-reference/atomicwork-public-api/access-management/postapi-v-1-iga-entitlements ## OpenAPI Specification ```yaml openapi: 3.1.0 info: title: collection version: 1.0.0 paths: /api/v1/iga/entitlements: post: operationId: postapi-v-1-iga-entitlements summary: Create an entitlement description: > Create a new identity entitlement. Requires app_id and type. The entitlement can then be associated with policies and granted to users. tags: - subpackage_accessManagement parameters: - name: X-Api-Key in: header required: true schema: type: string - name: X-Workspace-Id in: header required: false schema: type: string responses: '200': description: Successful response content: application/json: schema: $ref: >- #/components/schemas/Access Management_postapi_v1_iga_entitlements_Response_200 requestBody: description: Request body for creating an entitlement via the public API content: application/json: schema: type: object properties: name: type: string description: Name of the entitlement description: type: string description: Description of the entitlement app_id: type: integer format: int64 description: ID of the identity resource app this entitlement belongs to status: $ref: >- #/components/schemas/ApiV1IgaEntitlementsPostRequestBodyContentApplicationJsonSchemaStatus description: >- Status of the entitlement. Defaults to UNPUBLISHED if not specified. provisioning_config: $ref: >- #/components/schemas/ApiV1IgaEntitlementsPostRequestBodyContentApplicationJsonSchemaProvisioningConfig deprovisioning_config: $ref: >- #/components/schemas/ApiV1IgaEntitlementsPostRequestBodyContentApplicationJsonSchemaDeprovisioningConfig required: - name - app_id servers: - url: https://{tenant}.atomicwork.com description: Your Atomicwork tenant components: schemas: ApiV1IgaEntitlementsPostRequestBodyContentApplicationJsonSchemaStatus: type: string enum: - UNPUBLISHED - PUBLISHED description: Status of the entitlement. Defaults to UNPUBLISHED if not specified. title: ApiV1IgaEntitlementsPostRequestBodyContentApplicationJsonSchemaStatus ApiV1IgaEntitlementsPostRequestBodyContentApplicationJsonSchemaProvisioningConfigProvider: type: string enum: - OKTA - AZURE_AD - MS_INTUNE - JUMPCLOUD - GOOGLE_WORKSPACE - TUEBORA - MANUAL description: Provisioning provider title: >- ApiV1IgaEntitlementsPostRequestBodyContentApplicationJsonSchemaProvisioningConfigProvider ApiV1IgaEntitlementsPostRequestBodyContentApplicationJsonSchemaProvisioningConfigType: type: string enum: - OKTA_GROUP_PROVISIONING - AZURE_GROUP_PROVISIONING - INTUNE_GROUP_PROVISIONING - JUMPCLOUD_GROUP_PROVISIONING - GOOGLE_WORKSPACE_GROUP_PROVISIONING - MANUAL_PROVISIONING description: Type of provisioning configuration title: >- ApiV1IgaEntitlementsPostRequestBodyContentApplicationJsonSchemaProvisioningConfigType ApiV1IgaEntitlementsPostRequestBodyContentApplicationJsonSchemaProvisioningConfigValueIcon: type: object properties: name: type: string description: Icon name type: type: string description: Icon type url: type: - string - 'null' description: Icon URL (for OKTA/AZURE) title: >- ApiV1IgaEntitlementsPostRequestBodyContentApplicationJsonSchemaProvisioningConfigValueIcon ApiV1IgaEntitlementsPostRequestBodyContentApplicationJsonSchemaProvisioningConfigValue: type: object properties: label: type: string description: Group label/name (for OKTA/AZURE) or Workspace name (for MANUAL) icon: $ref: >- #/components/schemas/ApiV1IgaEntitlementsPostRequestBodyContentApplicationJsonSchemaProvisioningConfigValueIcon value: type: string description: Group ID (for OKTA/AZURE) or Workspace ID (for MANUAL) title: >- ApiV1IgaEntitlementsPostRequestBodyContentApplicationJsonSchemaProvisioningConfigValue ApiV1IgaEntitlementsPostRequestBodyContentApplicationJsonSchemaProvisioningConfig: type: object properties: provider: $ref: >- #/components/schemas/ApiV1IgaEntitlementsPostRequestBodyContentApplicationJsonSchemaProvisioningConfigProvider description: Provisioning provider type: $ref: >- #/components/schemas/ApiV1IgaEntitlementsPostRequestBodyContentApplicationJsonSchemaProvisioningConfigType description: Type of provisioning configuration value: $ref: >- #/components/schemas/ApiV1IgaEntitlementsPostRequestBodyContentApplicationJsonSchemaProvisioningConfigValue required: - provider - type - value title: >- ApiV1IgaEntitlementsPostRequestBodyContentApplicationJsonSchemaProvisioningConfig ApiV1IgaEntitlementsPostRequestBodyContentApplicationJsonSchemaDeprovisioningConfigProvider: type: string enum: - OKTA - AZURE_AD - MS_INTUNE - JUMPCLOUD - GOOGLE_WORKSPACE - TUEBORA - MANUAL description: Deprovisioning provider title: >- ApiV1IgaEntitlementsPostRequestBodyContentApplicationJsonSchemaDeprovisioningConfigProvider ApiV1IgaEntitlementsPostRequestBodyContentApplicationJsonSchemaDeprovisioningConfigType: type: string enum: - OKTA_GROUP_DEPROVISIONING - AZURE_GROUP_DEPROVISIONING - INTUNE_GROUP_DEPROVISIONING - JUMPCLOUD_GROUP_DEPROVISIONING - GOOGLE_WORKSPACE_GROUP_DEPROVISIONING - MANUAL_DEPROVISIONING description: Type of deprovisioning configuration title: >- ApiV1IgaEntitlementsPostRequestBodyContentApplicationJsonSchemaDeprovisioningConfigType ApiV1IgaEntitlementsPostRequestBodyContentApplicationJsonSchemaDeprovisioningConfigValueIcon: type: object properties: name: type: string description: Icon name type: type: string description: Icon type url: type: - string - 'null' description: Icon URL (for OKTA/AZURE) title: >- ApiV1IgaEntitlementsPostRequestBodyContentApplicationJsonSchemaDeprovisioningConfigValueIcon ApiV1IgaEntitlementsPostRequestBodyContentApplicationJsonSchemaDeprovisioningConfigValue: type: object properties: value: type: string description: Group ID (for OKTA/AZURE) or Workspace ID (for MANUAL) label: type: string description: Group label/name (for OKTA/AZURE) or Workspace name (for MANUAL) icon: $ref: >- #/components/schemas/ApiV1IgaEntitlementsPostRequestBodyContentApplicationJsonSchemaDeprovisioningConfigValueIcon title: >- ApiV1IgaEntitlementsPostRequestBodyContentApplicationJsonSchemaDeprovisioningConfigValue ApiV1IgaEntitlementsPostRequestBodyContentApplicationJsonSchemaDeprovisioningConfig: type: object properties: provider: $ref: >- #/components/schemas/ApiV1IgaEntitlementsPostRequestBodyContentApplicationJsonSchemaDeprovisioningConfigProvider description: Deprovisioning provider type: $ref: >- #/components/schemas/ApiV1IgaEntitlementsPostRequestBodyContentApplicationJsonSchemaDeprovisioningConfigType description: Type of deprovisioning configuration value: $ref: >- #/components/schemas/ApiV1IgaEntitlementsPostRequestBodyContentApplicationJsonSchemaDeprovisioningConfigValue required: - provider - type - value title: >- ApiV1IgaEntitlementsPostRequestBodyContentApplicationJsonSchemaDeprovisioningConfig Access Management_postapi_v1_iga_entitlements_Response_200: type: object properties: {} description: Empty response body title: Access Management_postapi_v1_iga_entitlements_Response_200 securitySchemes: ApiKeyAuth: type: apiKey in: header name: X-Api-Key ``` ## Examples **Request** ```json { "name": "Finance Team Access", "app_id": 12345, "description": "Entitlement granting access to the Finance department resources and applications.", "status": "UNPUBLISHED", "provisioning_config": { "provider": "OKTA", "type": "OKTA_GROUP_PROVISIONING", "value": { "label": "Finance Team Group", "icon": { "name": "finance-icon", "type": "svg", "url": "https://okta.com/icons/finance.svg" }, "value": "00g1a2b3c4d5e6f7g8h9" } }, "deprovisioning_config": { "provider": "OKTA", "type": "OKTA_GROUP_DEPROVISIONING", "value": { "value": "00g1a2b3c4d5e6f7g8h9", "label": "Finance Team Group", "icon": { "name": "finance-icon", "type": "svg", "url": "https://okta.com/icons/finance.svg" } } } } ``` **Response** ```json {} ``` **SDK Code** ```python import requests url = "https://{tenant}.atomicwork.com/api/v1/iga/entitlements" payload = { "name": "Finance Team Access", "app_id": 12345, "description": "Entitlement granting access to the Finance department resources and applications.", "status": "UNPUBLISHED", "provisioning_config": { "provider": "OKTA", "type": "OKTA_GROUP_PROVISIONING", "value": { "label": "Finance Team Group", "icon": { "name": "finance-icon", "type": "svg", "url": "https://okta.com/icons/finance.svg" }, "value": "00g1a2b3c4d5e6f7g8h9" } }, "deprovisioning_config": { "provider": "OKTA", "type": "OKTA_GROUP_DEPROVISIONING", "value": { "value": "00g1a2b3c4d5e6f7g8h9", "label": "Finance Team Group", "icon": { "name": "finance-icon", "type": "svg", "url": "https://okta.com/icons/finance.svg" } } } } headers = { "X-Workspace-Id": "{{workspace_id}}", "X-Api-Key": "", "Content-Type": "application/json" } response = requests.post(url, json=payload, headers=headers) print(response.json()) ``` ```javascript const url = 'https://{tenant}.atomicwork.com/api/v1/iga/entitlements'; const options = { method: 'POST', headers: { 'X-Workspace-Id': '{{workspace_id}}', 'X-Api-Key': '', 'Content-Type': 'application/json' }, body: '{"name":"Finance Team Access","app_id":12345,"description":"Entitlement granting access to the Finance department resources and applications.","status":"UNPUBLISHED","provisioning_config":{"provider":"OKTA","type":"OKTA_GROUP_PROVISIONING","value":{"label":"Finance Team Group","icon":{"name":"finance-icon","type":"svg","url":"https://okta.com/icons/finance.svg"},"value":"00g1a2b3c4d5e6f7g8h9"}},"deprovisioning_config":{"provider":"OKTA","type":"OKTA_GROUP_DEPROVISIONING","value":{"value":"00g1a2b3c4d5e6f7g8h9","label":"Finance Team Group","icon":{"name":"finance-icon","type":"svg","url":"https://okta.com/icons/finance.svg"}}}}' }; try { const response = await fetch(url, options); const data = await response.json(); console.log(data); } catch (error) { console.error(error); } ``` ```go package main import ( "fmt" "strings" "net/http" "io" ) func main() { url := "https://{tenant}.atomicwork.com/api/v1/iga/entitlements" payload := strings.NewReader("{\n \"name\": \"Finance Team Access\",\n \"app_id\": 12345,\n \"description\": \"Entitlement granting access to the Finance department resources and applications.\",\n \"status\": \"UNPUBLISHED\",\n \"provisioning_config\": {\n \"provider\": \"OKTA\",\n \"type\": \"OKTA_GROUP_PROVISIONING\",\n \"value\": {\n \"label\": \"Finance Team Group\",\n \"icon\": {\n \"name\": \"finance-icon\",\n \"type\": \"svg\",\n \"url\": \"https://okta.com/icons/finance.svg\"\n },\n \"value\": \"00g1a2b3c4d5e6f7g8h9\"\n }\n },\n \"deprovisioning_config\": {\n \"provider\": \"OKTA\",\n \"type\": \"OKTA_GROUP_DEPROVISIONING\",\n \"value\": {\n \"value\": \"00g1a2b3c4d5e6f7g8h9\",\n \"label\": \"Finance Team Group\",\n \"icon\": {\n \"name\": \"finance-icon\",\n \"type\": \"svg\",\n \"url\": \"https://okta.com/icons/finance.svg\"\n }\n }\n }\n}") req, _ := http.NewRequest("POST", url, payload) req.Header.Add("X-Workspace-Id", "{{workspace_id}}") req.Header.Add("X-Api-Key", "") req.Header.Add("Content-Type", "application/json") res, _ := http.DefaultClient.Do(req) defer res.Body.Close() body, _ := io.ReadAll(res.Body) fmt.Println(res) fmt.Println(string(body)) } ``` ```ruby require 'uri' require 'net/http' url = URI("https://{tenant}.atomicwork.com/api/v1/iga/entitlements") http = Net::HTTP.new(url.host, url.port) http.use_ssl = true request = Net::HTTP::Post.new(url) request["X-Workspace-Id"] = '{{workspace_id}}' request["X-Api-Key"] = '' request["Content-Type"] = 'application/json' request.body = "{\n \"name\": \"Finance Team Access\",\n \"app_id\": 12345,\n \"description\": \"Entitlement granting access to the Finance department resources and applications.\",\n \"status\": \"UNPUBLISHED\",\n \"provisioning_config\": {\n \"provider\": \"OKTA\",\n \"type\": \"OKTA_GROUP_PROVISIONING\",\n \"value\": {\n \"label\": \"Finance Team Group\",\n \"icon\": {\n \"name\": \"finance-icon\",\n \"type\": \"svg\",\n \"url\": \"https://okta.com/icons/finance.svg\"\n },\n \"value\": \"00g1a2b3c4d5e6f7g8h9\"\n }\n },\n \"deprovisioning_config\": {\n \"provider\": \"OKTA\",\n \"type\": \"OKTA_GROUP_DEPROVISIONING\",\n \"value\": {\n \"value\": \"00g1a2b3c4d5e6f7g8h9\",\n \"label\": \"Finance Team Group\",\n \"icon\": {\n \"name\": \"finance-icon\",\n \"type\": \"svg\",\n \"url\": \"https://okta.com/icons/finance.svg\"\n }\n }\n }\n}" response = http.request(request) puts response.read_body ``` ```java import com.mashape.unirest.http.HttpResponse; import com.mashape.unirest.http.Unirest; HttpResponse response = Unirest.post("https://{tenant}.atomicwork.com/api/v1/iga/entitlements") .header("X-Workspace-Id", "{{workspace_id}}") .header("X-Api-Key", "") .header("Content-Type", "application/json") .body("{\n \"name\": \"Finance Team Access\",\n \"app_id\": 12345,\n \"description\": \"Entitlement granting access to the Finance department resources and applications.\",\n \"status\": \"UNPUBLISHED\",\n \"provisioning_config\": {\n \"provider\": \"OKTA\",\n \"type\": \"OKTA_GROUP_PROVISIONING\",\n \"value\": {\n \"label\": \"Finance Team Group\",\n \"icon\": {\n \"name\": \"finance-icon\",\n \"type\": \"svg\",\n \"url\": \"https://okta.com/icons/finance.svg\"\n },\n \"value\": \"00g1a2b3c4d5e6f7g8h9\"\n }\n },\n \"deprovisioning_config\": {\n \"provider\": \"OKTA\",\n \"type\": \"OKTA_GROUP_DEPROVISIONING\",\n \"value\": {\n \"value\": \"00g1a2b3c4d5e6f7g8h9\",\n \"label\": \"Finance Team Group\",\n \"icon\": {\n \"name\": \"finance-icon\",\n \"type\": \"svg\",\n \"url\": \"https://okta.com/icons/finance.svg\"\n }\n }\n }\n}") .asString(); ``` ```php request('POST', 'https://{tenant}.atomicwork.com/api/v1/iga/entitlements', [ 'body' => '{ "name": "Finance Team Access", "app_id": 12345, "description": "Entitlement granting access to the Finance department resources and applications.", "status": "UNPUBLISHED", "provisioning_config": { "provider": "OKTA", "type": "OKTA_GROUP_PROVISIONING", "value": { "label": "Finance Team Group", "icon": { "name": "finance-icon", "type": "svg", "url": "https://okta.com/icons/finance.svg" }, "value": "00g1a2b3c4d5e6f7g8h9" } }, "deprovisioning_config": { "provider": "OKTA", "type": "OKTA_GROUP_DEPROVISIONING", "value": { "value": "00g1a2b3c4d5e6f7g8h9", "label": "Finance Team Group", "icon": { "name": "finance-icon", "type": "svg", "url": "https://okta.com/icons/finance.svg" } } } }', 'headers' => [ 'Content-Type' => 'application/json', 'X-Api-Key' => '', 'X-Workspace-Id' => '{{workspace_id}}', ], ]); echo $response->getBody(); ``` ```csharp using RestSharp; var client = new RestClient("https://{tenant}.atomicwork.com/api/v1/iga/entitlements"); var request = new RestRequest(Method.POST); request.AddHeader("X-Workspace-Id", "{{workspace_id}}"); request.AddHeader("X-Api-Key", ""); request.AddHeader("Content-Type", "application/json"); request.AddParameter("application/json", "{\n \"name\": \"Finance Team Access\",\n \"app_id\": 12345,\n \"description\": \"Entitlement granting access to the Finance department resources and applications.\",\n \"status\": \"UNPUBLISHED\",\n \"provisioning_config\": {\n \"provider\": \"OKTA\",\n \"type\": \"OKTA_GROUP_PROVISIONING\",\n \"value\": {\n \"label\": \"Finance Team Group\",\n \"icon\": {\n \"name\": \"finance-icon\",\n \"type\": \"svg\",\n \"url\": \"https://okta.com/icons/finance.svg\"\n },\n \"value\": \"00g1a2b3c4d5e6f7g8h9\"\n }\n },\n \"deprovisioning_config\": {\n \"provider\": \"OKTA\",\n \"type\": \"OKTA_GROUP_DEPROVISIONING\",\n \"value\": {\n \"value\": \"00g1a2b3c4d5e6f7g8h9\",\n \"label\": \"Finance Team Group\",\n \"icon\": {\n \"name\": \"finance-icon\",\n \"type\": \"svg\",\n \"url\": \"https://okta.com/icons/finance.svg\"\n }\n }\n }\n}", ParameterType.RequestBody); IRestResponse response = client.Execute(request); ``` ```swift import Foundation let headers = [ "X-Workspace-Id": "{{workspace_id}}", "X-Api-Key": "", "Content-Type": "application/json" ] let parameters = [ "name": "Finance Team Access", "app_id": 12345, "description": "Entitlement granting access to the Finance department resources and applications.", "status": "UNPUBLISHED", "provisioning_config": [ "provider": "OKTA", "type": "OKTA_GROUP_PROVISIONING", "value": [ "label": "Finance Team Group", "icon": [ "name": "finance-icon", "type": "svg", "url": "https://okta.com/icons/finance.svg" ], "value": "00g1a2b3c4d5e6f7g8h9" ] ], "deprovisioning_config": [ "provider": "OKTA", "type": "OKTA_GROUP_DEPROVISIONING", "value": [ "value": "00g1a2b3c4d5e6f7g8h9", "label": "Finance Team Group", "icon": [ "name": "finance-icon", "type": "svg", "url": "https://okta.com/icons/finance.svg" ] ] ] ] as [String : Any] let postData = JSONSerialization.data(withJSONObject: parameters, options: []) let request = NSMutableURLRequest(url: NSURL(string: "https://{tenant}.atomicwork.com/api/v1/iga/entitlements")! as URL, cachePolicy: .useProtocolCachePolicy, timeoutInterval: 10.0) request.httpMethod = "POST" request.allHTTPHeaderFields = headers request.httpBody = postData as Data let session = URLSession.shared let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in if (error != nil) { print(error as Any) } else { let httpResponse = response as? HTTPURLResponse print(httpResponse) } }) dataTask.resume() ```