diff --git a/homeassistant/components/zwave_js/api.py b/homeassistant/components/zwave_js/api.py
index 37ce9a51c91..aef23cb73ea 100644
--- a/homeassistant/components/zwave_js/api.py
+++ b/homeassistant/components/zwave_js/api.py
@@ -805,7 +805,7 @@ async def websocket_add_node(
     ]
     msg[DATA_UNSUBSCRIBE] = unsubs
 
-    if controller.inclusion_state == InclusionState.INCLUDING:
+    if controller.inclusion_state in (InclusionState.INCLUDING, InclusionState.BUSY):
         connection.send_result(
             msg[ID],
             True,  # Inclusion is already in progress
@@ -883,6 +883,11 @@ async def websocket_subscribe_s2_inclusion(
 ) -> None:
     """Subscribe to S2 inclusion initiated by the controller."""
 
+    @callback
+    def async_cleanup() -> None:
+        for unsub in unsubs:
+            unsub()
+
     @callback
     def forward_dsk(event: dict) -> None:
         connection.send_message(
@@ -891,9 +896,18 @@ async def websocket_subscribe_s2_inclusion(
             )
         )
 
-    unsub = driver.controller.on("validate dsk and enter pin", forward_dsk)
-    connection.subscriptions[msg["id"]] = unsub
-    msg[DATA_UNSUBSCRIBE] = [unsub]
+    @callback
+    def handle_requested_grant(event: dict) -> None:
+        """Accept the requested security classes without user interaction."""
+        hass.async_create_task(
+            driver.controller.async_grant_security_classes(event["requested_grant"])
+        )
+
+    connection.subscriptions[msg["id"]] = async_cleanup
+    msg[DATA_UNSUBSCRIBE] = unsubs = [
+        driver.controller.on("grant security classes", handle_requested_grant),
+        driver.controller.on("validate dsk and enter pin", forward_dsk),
+    ]
     connection.send_result(msg[ID])
 
 
diff --git a/tests/components/zwave_js/test_api.py b/tests/components/zwave_js/test_api.py
index 6f341f8f77b..42c5d59d7ad 100644
--- a/tests/components/zwave_js/test_api.py
+++ b/tests/components/zwave_js/test_api.py
@@ -5284,6 +5284,20 @@ async def test_subscribe_s2_inclusion(
     assert msg["success"]
     assert msg["result"] is None
 
+    # Test receiving requested grant event
+    event = Event(
+        type="grant security classes",
+        data={
+            "source": "controller",
+            "event": "grant security classes",
+            "requested": {
+                "securityClasses": [SecurityClass.S2_UNAUTHENTICATED],
+                "clientSideAuth": False,
+            },
+        },
+    )
+    client.driver.receive_event(event)
+
     # Test receiving DSK request event
     event = Event(
         type="validate dsk and enter pin",