US Patent 10931673 Policy activation for client applications

A policy management service receives a request from an application to access another service. The request identifies a desired access control policy and/or policy-related permissions associated with access to the service. The policy management service generates a record associated with the request, and provides, to an authenticating entity, an activation code that corresponds to the record. The policy management service validates the activation code and the authenticating entity and enables the authenticating entity to review the record to determine whether to approve creation of the principal and attachment of the desired permissions and/or access control policy to the principal. If approved, the policy management service creates the principal and attaches the desired permissions and/or the access control policy to the principal. The policy management service provides the information associated with the principal to the application to enable access by the application to the service.