Create Policy Identity Access Request
Create access requests for identities managed by LCM policies
Overview
Creates an access request for an identity managed by a Lifecycle Management Policy. Use this to grant additional entitlements beyond birthright access.
post
Authorizations
Path parameters
policy_idstringRequired
idstringRequired
Body
policy_idstringOptional
idstringOptional
request_typeinteger · enumOptional
reasonstringOptional
datasource_idstringOptional
target_entity_typestringOptional
target_entity_idsstring[]Optional
access_profile_idstringOptional
jit_duration_in_secondsinteger · int32Optional
explanationstringOptional
sync_identity_actionstringOptional
Responses
200
OK
application/json
default
Default error response
application/json
post
/api/private/lifecycle_management/policies/{policy_id}/identities/{id}:access_requestPOST /api/private/lifecycle_management/policies/{policy_id}/identities/{id}:access_request HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 251
{
"policy_id": "text",
"id": "text",
"request_type": 1,
"reason": "text",
"datasource_id": "text",
"target_entity_type": "text",
"target_entity_ids": [
"text"
],
"access_profile_id": "text",
"jit_duration_in_seconds": 1,
"explanation": "text",
"sync_identity_action": "text"
}{
"value": {},
"plans": [
{
"id": "text",
"state": 1,
"request_type": 1,
"request_source": 1,
"plan_source": 1,
"plan_source_id": "text",
"plan_jobs": [
{
"job_id": "text",
"data_source": {
"id": "text",
"external_id": "text",
"agent_type": "text",
"data_provider_id": "text",
"data_source_config": {
"@type": "text",
"ANY_ADDITIONAL_PROPERTY": "anything"
},
"data_provider_type": 1,
"data_provider_secret_refs": [
{
"id": "text",
"secret_id": "text",
"vault_id": "text",
"vault": {
"id": "text",
"name": "text",
"vault_provider": "text",
"insight_point_id": "text",
"deleted": true
}
}
]
},
"input_entities": [
{
"table": "text",
"primary_key": [
"text"
],
"constraints": [
{
"type": 1,
"field_names": [
"text"
]
}
]
}
],
"action_type": 1,
"action_config": {
"@type": "text",
"ANY_ADDITIONAL_PROPERTY": "anything"
},
"action_job_id": "text",
"action_name": "text",
"identity_id": "text",
"stop_on_error": true,
"ttl": "text"
}
],
"error_message": "text",
"request_source_id": "text",
"jit_duration_in_seconds": 1,
"jit_revoke_at": "2025-11-08T03:37:38.893Z",
"jit_revoke_jobs": [
{
"job_id": "text",
"data_source": {
"id": "text",
"external_id": "text",
"agent_type": "text",
"data_provider_id": "text",
"data_source_config": {
"@type": "text",
"ANY_ADDITIONAL_PROPERTY": "anything"
},
"data_provider_type": 1,
"data_provider_secret_refs": [
{
"id": "text",
"secret_id": "text",
"vault_id": "text",
"vault": {
"id": "text",
"name": "text",
"vault_provider": "text",
"insight_point_id": "text",
"deleted": true
}
}
]
},
"input_entities": [
{
"table": "text",
"primary_key": [
"text"
],
"constraints": [
{
"type": 1,
"field_names": [
"text"
]
}
]
}
],
"action_type": 1,
"action_config": {
"@type": "text",
"ANY_ADDITIONAL_PROPERTY": "anything"
},
"action_job_id": "text",
"action_name": "text",
"identity_id": "text",
"stop_on_error": true,
"ttl": "text"
}
],
"created_at": "2025-11-08T03:37:38.893Z",
"started_at": "2025-11-08T03:37:38.893Z",
"completed_at": "2025-11-08T03:37:38.893Z",
"identity_id": "text",
"jit_revoke_completed_at": "2025-11-08T03:37:38.893Z"
}
]
}Examples
Grant Additional Group Access
curl -X POST "https://your-instance.vezacloud.com/api/private/lifecycle_management/policies/policy-abc-123/identities/identity-xyz-789:access_request" \
-H "authorization: Bearer YOUR_API_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"policy_id": "policy-abc-123",
"id": "identity-xyz-789",
"request_type": "GRANT",
"reason": "User needs temporary project access",
"datasource_id": "lcm-datasource-id",
"target_entity_type": "ActiveDirectoryGroup",
"target_entity_ids": [
"active_directory:domain:example.com:group:project-team-alpha"
]
}'Response
{
"value": {
"id": "0198cfb5-1234-5678-9abc-def012345678",
"reason": "User needs temporary project access",
"datasource_id": "lcm-datasource-id",
"assignee_entity_type": "ActiveDirectoryUser",
"assignee_entity_id": "active_directory:domain:example.com:user:jdoe",
"target_entity_type": "ActiveDirectoryGroup",
"target_entity_ids": ["active_directory:domain:example.com:group:project-team-alpha"],
"request_source": "ACCESS_REQUEST",
"state": "INITIAL",
"request_type": "GRANT",
"identity_id": "identity-xyz-789",
"assignee_entity_name": "John Doe",
"target_entity_names": ["Project Team Alpha"],
"created_by": "user-123",
"created_at": "2025-08-22T10:30:00Z"
},
"plans": [
{
"id": "plan-def-456",
"state": "INITIAL",
"request_type": "GRANT"
}
]
}Grant Multiple Groups
curl -X POST "https://your-instance.vezacloud.com/api/private/lifecycle_management/policies/policy-abc-123/identities/identity-xyz-789:access_request" \
-H "authorization: Bearer YOUR_API_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"policy_id": "policy-abc-123",
"id": "identity-xyz-789",
"request_type": "GRANT",
"reason": "User promoted to team lead",
"datasource_id": "lcm-datasource-id",
"target_entity_type": "ActiveDirectoryGroup",
"target_entity_ids": [
"active_directory:domain:example.com:group:team-leads",
"active_directory:domain:example.com:group:project-approvers"
]
}'Revoke Access
curl -X POST "https://your-instance.vezacloud.com/api/private/lifecycle_management/policies/policy-abc-123/identities/identity-xyz-789:access_request" \
-H "authorization: Bearer YOUR_API_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"policy_id": "policy-abc-123",
"id": "identity-xyz-789",
"request_type": "REVOKE",
"reason": "User role changed",
"datasource_id": "lcm-datasource-id",
"target_entity_type": "ActiveDirectoryGroup",
"target_entity_ids": [
"active_directory:domain:example.com:group:project-team-alpha"
]
}'Last updated
Was this helpful?