Hi there, sweet tool! I am using the granted-cli tool heavily, and discovered this by looking at documentation. Full disclosure: I have not spun up a glide instance yet, so please forgive any errant preconceived notions or misunderstandings.

I am looking to potentially make use of this with AWS, but the more intriguing use case for me is to hook it up to Entra in order to manage some group memberships. Namely, I have Entra groups defined which are SCIM provisioned out to Netskope, a ZTNA tool. In Netskope, I have rules which open network routes to resources.

The rub is that SCIM provisioning runs on ~40m intervals. So, if a user requests access for 1h, they may only get access for 20 minutes or so of that time, which is less than ideal.

With that said, there exists an API endpoint for submitting on demand provisioning jobs, akin to how you can do an on demand provision job from within the Entra Enterprise Application. Example 1 and/or Example 3 look to be what would be needed. Unsure if it would be possible to build this in, but could be a great feature if indeed possible.

Alternatively, if this is not possible or unlikely to be implemented, I am all ears on if there is someway I can introduce this custom logic. I didn't find anything relevant in the documentation, but I am more than happy to be pointed in the right direction.