Identity & consent

Scope lifecycle

Atlas treats consent scopes as first-class records. Each scope is explicit (“mls.read”, “third_party.vendor”) and time-bound, with defaults set per workspace. Owners and admins can approve scopes for an office, but every client must accept the scopes they personally use.

Scopes attach to every MCP call. When a user or vendor revokes a scope, the tracker immediately blocks tools that rely on it, even if the bot still has the URL.

• Create: owner/admin issues scope invitations.
• Approve: agent, TC, or client signs off with expiry.
• Renew: Atlas reminds stakeholders before expiry dates.
• Revoke: immediate removal cascades to clients and bots.

Where checks occur

Consent is enforced twice: preflight and postflight. Preflight reads policy counters plus consent scopes, then decides pass, queue, or deny. Postflight records the exact scopes used so auditors can confirm the call stayed within authority.

This mirrors the tracker & guard flow documented in the Knowledge Base, giving finance and compliance a single ledger.

• read policy & counters
• check consent scopes
• decide pass/queue/deny

Consent evidence packet

Every approval produces a packet with actor_id, role, workspace_id, scope name, start/end timestamps, and approver details. The same packet is referenced inside usage events so you can prove “who approved what and when.”

Rollout blueprint

Use the Integration Blueprint checklist when you onboard a new office. Map roles to scopes, load Starter Kit prompts, test on sample properties, then enable consent scopes for any tool that hits third-party data.

• Copy the Atlas MCP server URL into your bot tool list
• Or create your own server in the Server Builder
• Map roles & permissions (Agent, TC, Broker, Client, Vendor)
• Load the Starter Kit prompts
• Test with the sample property set
• Turn on logging, budgets, and the usage dashboard
• Enable consent scopes for tools that fetch third-party data