Create a grant for a user
POST https://{tenant}.atomicwork.com/api/v1/iga/grants
Create an identity grant directly without going through the IGA approval workflow. This is the primary endpoint for programmatic access provisioning — use it when an external system (HRMS, onboarding tool, compliance platform) needs to grant access to a user.
Required fields: user_id and entitlement_id. Call GET /iga/apps then GET /iga/entitlements?app_id=\{id\} to discover valid entitlement IDs.
Optional fields:
policy_idorpolicy_key— link the grant to a specific access policygranted_by— record which user or system initiated the grantgranted_at— backdate the grant timestamp (ISO 8601); defaults to now
The grant method (how provisioning happens) is automatically derived from the entitlement's provisioning configuration — Okta, Azure AD, JumpCloud, Google Workspace, or manual service request.
Returns the created grant with its id, resolved status, entitlement, app, and provisioning details.
Authorization
X-Api-KeyrequiredHeaders
X-Workspace-IdBody
user_idrequiredThe ID of the user who will receive the grant
entitlement_idrequiredThe ID of the entitlement to grant
policy_idOptional policy ID to associate with the grant
policy_keyOptional policy key (alternative to policy_id)
granted_byOptional user ID of who authorized this grant. Defaults to the API key owner.
granted_atOptional timestamp of when the grant was authorized. Defaults to current time.
Response
Successful response