Create a grant for a user | Atomicwork

Required fields: user_id and entitlement_id. Call GET /iga/apps then GET /iga/entitlements?app_id={id} to discover valid entitlement IDs.

Optional fields:

policy_id or policy_key — link the grant to a specific access policy
granted_by — record which user or system initiated the grant
granted_at — backdate the grant timestamp (ISO 8601); defaults to now

The grant method (how provisioning happens) is automatically derived from the entitlement’s provisioning configuration — Okta, Azure AD, JumpCloud, Google Workspace, or manual service request.

Returns the created grant with its id, resolved status, entitlement, app, and provisioning details.

Create an identity grant directly without going through the IGA approval workflow. This is the primary endpoint for programmatic access provisioning — use it when an external system (HRMS, onboarding tool, compliance platform) needs to grant access to a user. **Required fields:** `user_id` and `entitlement_id`. Call `GET /iga/apps` then `GET /iga/entitlements?app_id={id}` to discover valid entitlement IDs. **Optional fields:** - `policy_id` or `policy_key` — link the grant to a specific access policy - `granted_by` — record which user or system initiated the grant - `granted_at` — backdate the grant timestamp (ISO 8601); defaults to now The grant method (how provisioning happens) is automatically derived from the entitlement's provisioning configuration — Okta, Azure AD, JumpCloud, Google Workspace, or manual service request. Returns the created grant with its `id`, resolved `status`, `entitlement`, `app`, and provisioning details.

Authentication

X-Api-Keystring

API Key authentication via header

Headers

X-Workspace-IdstringOptional

Request

Request body for creating a grant via the public API

user_idlongRequired

The ID of the user who will receive the grant

entitlement_idlongRequired

The ID of the entitlement to grant

policy_idlongOptional

Optional policy ID to associate with the grant

policy_keystringOptional

Optional policy key (alternative to policy_id)

granted_bylongOptional

Optional user ID of who authorized this grant. Defaults to the API key owner.

granted_atdatetimeOptional

Optional timestamp of when the grant was authorized. Defaults to current time.

Response

Successful response

Required fields: user_id and entitlement_id. Call GET /iga/apps then GET /iga/entitlements?app_id={id} to discover valid entitlement IDs.

Optional fields:

policy_id or policy_key — link the grant to a specific access policy
granted_by — record which user or system initiated the grant
granted_at — backdate the grant timestamp (ISO 8601); defaults to now

The grant method (how provisioning happens) is automatically derived from the entitlement’s provisioning configuration — Okta, Azure AD, JumpCloud, Google Workspace, or manual service request.

Returns the created grant with its id, resolved status, entitlement, app, and provisioning details.

$	curl -X POST https://{tenant}.atomicwork.com/api/v1/iga/grants \
>	-H "X-Workspace-Id: {{workspace_id}}" \
>	-H "X-Api-Key: <apiKey>" \
>	-H "Content-Type: application/json" \
>	-d '{
>	"user_id": 123456,
>	"entitlement_id": 78910,
>	"policy_id": 555,
>	"policy_key": "POLICY-ACCESS-ADMIN",
>	"granted_by": 98765,
>	"granted_at": "2024-04-15T09:30:00Z"
>	}'