CLI Reference
The GrantFlow CLI provides a powerful command-line interface for managing privileged access, requesting role activations, and performing administrative tasks. Whether you're a developer integrating GrantFlow into your workflow or an administrator managing access policies, the CLI offers a streamlined, scriptable way to interact with the platform.
Overviewβ
The GrantFlow CLI is built with a focus on security, usability, and automation. It uses Azure Entra ID authentication via OAuth2 device code flow, ensuring your credentials never touch the command line. All actions are logged in the audit trail, maintaining the same compliance standards as the web interface.
Key Featuresβ
You can use the CLI to request just-in-time access to privileged roles, check out managed accounts for temporary use, and review your access historyβall from your terminal. For administrators, the CLI provides full control over identity connectors, on-premises agents, background jobs, and role definitions.
The tool supports multiple output formats including human-readable tables, JSON for scripting, and YAML for configuration management. Every command respects your configured tenant context and automatically handles token refresh, so you can focus on your work rather than authentication mechanics.
Getting Startedβ
If you're new to the GrantFlow CLI, start with the Installation & Setup guide to download the tool and configure your environment. Once installed, you'll authenticate using grantflow login and can immediately begin exploring available commands.
For common workflows, check out the Quick Start Guide which walks through requesting role activations, checking out accounts, and viewing audit logs.
Command Categoriesβ
The CLI organizes commands into logical groups based on your role and use case.
Authenticationβ
Before using the CLI, you'll need to authenticate with your Azure Entra ID credentials. The Authentication Commands section covers logging in, managing your session, and viewing your current configuration.
Roles & Activationsβ
Standard users primarily work with roles and activations. The Role Commands help you discover available privileged roles, while Activation Commands let you request just-in-time access, track approval status, and manage active sessions.
Account Managementβ
For systems requiring direct account credentials, the Account Commands enable you to browse available accounts, view details, and check out credentials for temporary use.
Audit & Complianceβ
Security teams and auditors can use Audit Commands to search access logs, filter by user or action type, and export compliance reports.
Administrative Tasksβ
System administrators have access to additional commands for managing the platform itself. The Admin Commands cover identity connector management, agent monitoring, background job tracking, and role creation.
Configurationβ
The CLI can be configured through multiple methods to fit your workflow. You can use a YAML configuration file for persistent settings, environment variables for CI/CD pipelines, or command-line flags for one-off overrides. Learn more in the Configuration Guide.
Output Formatsβ
Every command supports multiple output formats to suit different use cases. Use table format for interactive terminal sessions, JSON for parsing in scripts, or YAML when generating configuration files. See Output Formats for details and examples.
Common Workflowsβ
Looking for step-by-step guidance on common tasks? Check out these workflow guides:
- Requesting Emergency Access - Fast-track a role activation during an incident
- Account Checkout for Database Work - Securely retrieve temporary credentials
- Approval Workflows for Managers - Review and approve team member requests
- Automating Access with Scripts - Integrate the CLI into your automation tools
Troubleshootingβ
If you encounter issues with authentication, API connectivity, or command errors, the Troubleshooting Guide provides solutions to common problems and explains how to enable debug logging for support requests.
Reference Documentationβ
For detailed information about every command, flag, and parameter, explore the command reference pages linked above. Each page includes syntax examples, parameter descriptions, and real-world usage scenarios.
You can also run any command with --help to see inline documentation directly in your terminal:
grantflow --help
grantflow roles --help
grantflow activations request --help
Supportβ
If you need help that isn't covered in this documentation, contact our support team at support@grantflow.cloud.