Create Policy Identity Access Request

Create access requests for identities managed by LCM policies

Overview

Creates an access request for an identity managed by a Lifecycle Management Policy. Use this to grant additional entitlements beyond birthright access.

post

Authorizations

AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Path parameters

policy_idstringRequired

idstringRequired

Body

policy_idstringOptional

idstringOptional

request_typeinteger · enumOptional

reasonstringOptional

datasource_idstringOptional

target_entity_typestringOptional

target_entity_idsstring[]Optional

access_profile_idstringOptional

jit_duration_in_secondsinteger · int32Optional

explanationstringOptional

sync_identity_actionstringOptional

tracking_notification_typeinteger · enumOptional

tracking_notification_idstringOptional

catalog_definition_idstringOptional

Optional, ID of the catalog definition this request is associated with

Responses

200

application/json

valueobjectOptional

default

Default error response

application/json

post

/api/private/lifecycle_management/policies/{policy_id}/identities/{id}:access_request

POST /api/private/lifecycle_management/policies/{policy_id}/identities/{id}:access_request HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 429

{
  "policy_id": "text",
  "id": "text",
  "request_type": 1,
  "reason": "text",
  "datasource_id": "text",
  "target_entity_type": "text",
  "target_entity_ids": [
    "text"
  ],
  "access_profile_id": "text",
  "jit_duration_in_seconds": 1,
  "explanation": "text",
  "sync_identity_action": "text",
  "tracking_notification_type": 1,
  "tracking_notification_id": "text",
  "catalog_definition_id": "text",
  "catalog_definition_config": {
    "@type": "text",
    "ANY_ADDITIONAL_PROPERTY": "anything"
  }
}

{
  "value": {},
  "plans": [
    {
      "id": "text",
      "state": 1,
      "request_type": 1,
      "request_source": 1,
      "plan_source": 1,
      "plan_source_id": "text",
      "plan_jobs": [
        {
          "job_id": "text",
          "data_source": {
            "id": "text",
            "external_id": "text",
            "agent_type": "text",
            "data_provider_id": "text",
            "data_source_config": {
              "@type": "text",
              "ANY_ADDITIONAL_PROPERTY": "anything"
            },
            "data_provider_type": 1,
            "data_provider_secret_refs": [
              {
                "id": "text",
                "secret_id": "text",
                "vault_id": "text",
                "vault": {
                  "id": "text",
                  "name": "text",
                  "vault_provider": "text",
                  "insight_point_id": "text",
                  "deleted": true
                }
              }
            ]
          },
          "input_entities": [
            {
              "entity_type": "text",
              "entity_id": "text",
              "attributes": {
                "ANY_ADDITIONAL_PROPERTY": "text"
              },
              "assigned_to_entity_type": "text",
              "assigned_to_entity_id": "text",
              "entity_name": "text",
              "error_message": "text",
              "unique_identifiers": [
                "text"
              ],
              "datasource_id": "text"
            }
          ],
          "action_type": 1,
          "action_config": {
            "@type": "text",
            "ANY_ADDITIONAL_PROPERTY": "anything"
          },
          "action_job_id": "text",
          "action_name": "text",
          "identity_id": "text",
          "stop_on_error": true,
          "ttl": "text",
          "has_changed_attributes": true,
          "changed_attributes": [
            "text"
          ]
        }
      ],
      "error_message": "text",
      "request_source_id": "text",
      "jit_duration_in_seconds": 1,
      "jit_revoke_at": "2026-03-28T04:25:05.586Z",
      "jit_revoke_jobs": [
        {
          "job_id": "text",
          "data_source": {
            "id": "text",
            "external_id": "text",
            "agent_type": "text",
            "data_provider_id": "text",
            "data_source_config": {
              "@type": "text",
              "ANY_ADDITIONAL_PROPERTY": "anything"
            },
            "data_provider_type": 1,
            "data_provider_secret_refs": [
              {
                "id": "text",
                "secret_id": "text",
                "vault_id": "text",
                "vault": {
                  "id": "text",
                  "name": "text",
                  "vault_provider": "text",
                  "insight_point_id": "text",
                  "deleted": true
                }
              }
            ]
          },
          "input_entities": [
            {
              "entity_type": "text",
              "entity_id": "text",
              "attributes": {
                "ANY_ADDITIONAL_PROPERTY": "text"
              },
              "assigned_to_entity_type": "text",
              "assigned_to_entity_id": "text",
              "entity_name": "text",
              "error_message": "text",
              "unique_identifiers": [
                "text"
              ],
              "datasource_id": "text"
            }
          ],
          "action_type": 1,
          "action_config": {
            "@type": "text",
            "ANY_ADDITIONAL_PROPERTY": "anything"
          },
          "action_job_id": "text",
          "action_name": "text",
          "identity_id": "text",
          "stop_on_error": true,
          "ttl": "text",
          "has_changed_attributes": true,
          "changed_attributes": [
            "text"
          ]
        }
      ],
      "created_at": "2026-03-28T04:25:05.586Z",
      "started_at": "2026-03-28T04:25:05.586Z",
      "completed_at": "2026-03-28T04:25:05.586Z",
      "identity_id": "text",
      "jit_revoke_completed_at": "2026-03-28T04:25:05.586Z"
    }
  ]
}

Examples

Grant Additional Group Access

curl -X POST "https://your-instance.vezacloud.com/api/private/lifecycle_management/policies/policy-abc-123/identities/identity-xyz-789:access_request" \
  -H "authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "policy_id": "policy-abc-123",
    "id": "identity-xyz-789",
    "request_type": "GRANT",
    "reason": "User needs temporary project access",
    "datasource_id": "lcm-datasource-id",
    "target_entity_type": "ActiveDirectoryGroup",
    "target_entity_ids": [
      "active_directory:domain:example.com:group:project-team-alpha"
    ]
  }'

Response

{
  "value": {
    "id": "0198cfb5-1234-5678-9abc-def012345678",
    "reason": "User needs temporary project access", 
    "datasource_id": "lcm-datasource-id",
    "assignee_entity_type": "ActiveDirectoryUser",
    "assignee_entity_id": "active_directory:domain:example.com:user:jdoe",
    "target_entity_type": "ActiveDirectoryGroup",
    "target_entity_ids": ["active_directory:domain:example.com:group:project-team-alpha"],
    "request_source": "ACCESS_REQUEST",
    "state": "INITIAL",
    "request_type": "GRANT",
    "identity_id": "identity-xyz-789",
    "assignee_entity_name": "John Doe",
    "target_entity_names": ["Project Team Alpha"],
    "created_by": "user-123",
    "created_at": "2025-08-22T10:30:00Z"
  },
  "plans": [
    {
      "id": "plan-def-456",
      "state": "INITIAL",
      "request_type": "GRANT"
    }
  ]
}

Grant Multiple Groups

curl -X POST "https://your-instance.vezacloud.com/api/private/lifecycle_management/policies/policy-abc-123/identities/identity-xyz-789:access_request" \
  -H "authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "policy_id": "policy-abc-123",
    "id": "identity-xyz-789",
    "request_type": "GRANT",
    "reason": "User promoted to team lead",
    "datasource_id": "lcm-datasource-id",
    "target_entity_type": "ActiveDirectoryGroup",
    "target_entity_ids": [
      "active_directory:domain:example.com:group:team-leads",
      "active_directory:domain:example.com:group:project-approvers"
    ]
  }'

Revoke Access

curl -X POST "https://your-instance.vezacloud.com/api/private/lifecycle_management/policies/policy-abc-123/identities/identity-xyz-789:access_request" \
  -H "authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "policy_id": "policy-abc-123",
    "id": "identity-xyz-789",
    "request_type": "REVOKE",
    "reason": "User role changed",
    "datasource_id": "lcm-datasource-id",
    "target_entity_type": "ActiveDirectoryGroup",
    "target_entity_ids": [
      "active_directory:domain:example.com:group:project-team-alpha"
    ]
  }'

PreviousCreate Access Request Policy NextAccess Reviews APIs

Last updated 1 month ago

Was this helpful?

hashtagOverview

hashtagExamples

hashtagGrant Additional Group Access

hashtagResponse

hashtagGrant Multiple Groups

hashtagRevoke Access