Overview#
The Organization Invitations module lets administrators bring new users into an organisation through cryptographically signed, time-limited email invitations that carry the recipient's role from the moment of dispatch, so access is already scoped correctly the instant the invitation is accepted.
Consider a joint counter-terrorism task force that needs analysts from three agencies on the same investigation within hours, each arriving with precisely the role they need and nothing more. An administrator sends a signed invitation encoding the recipient's role; the invitee clicks once, passes token verification, and lands in the platform with access already scoped to their assignment. No manual provisioning ticket, no temporary over-privileged account.
Every new user starts from a zero-privilege baseline. Access exists only when a role has been explicitly assigned through an accepted invitation or a subsequent provisioning action. This default is non-negotiable across all multi-tenant deployments on the platform.
Key Features#
- Email Invitation System: Invite users to join organisations via email with secure, time-limited tokens and professional email templates
- Role Assignment at Dispatch: Assign organisational roles at invitation time so permissions are active the moment the invitation is accepted, with no manual follow-up step
- Token Acceptance Flow: Secure, cryptographic verification of invitation tokens with comprehensive validation against replay, reuse, and expiry
- Inviter Re-Verification: When an invitation grants privileged roles, both acceptance and activation re-check that the inviting account is still active; invitations from a since-deactivated inviter are rejected without being consumed, and the rejection identifies the cause so administrators can locate and revoke stale invites
- Invitation Management: Full lifecycle tools covering expiration, resend rate limiting, and cancellation
- Member Management: Manage organisation members post-invitation with role updates and access control
- Multi-Organisation Support: Tenant-isolated invitation workflows supporting multiple organisations on the platform, with each invitation scoped to a single organisation
- Complete Audit Trail: Full tracking of invitation creation, delivery, acceptance, and expiry recorded in the platform record store for compliance reporting
Use Cases#
- Multi-organisation investigations requiring controlled information sharing between agencies
- Task force formation where members arrive with defined access levels and nothing broader
- Cross-jurisdictional case collaboration enabling joint investigation workflows between law enforcement and national security partners
- Temporary access provisioning for external consultants, legal advisors, and technical experts
- Administrator offboarding that immediately neutralises the departing administrator's outstanding privileged invitations, so dormant invites cannot become a privilege-escalation backdoor
- Inter-agency coordination establishing secure shared workspaces for joint operations
- Multi-tenant platform onboarding for new partner organisations in government and enterprise deployments
Integration#
- Identity providers (SAML 2.0, OIDC, Zitadel, Keycloak) for single sign-on and directory-backed provisioning
- Email notification systems for invitation delivery and delivery tracking
- Organisational directory services for downstream user provisioning
- Compliance reporting platforms for audit documentation and NIS2 evidence packages
Open Standards#
- JSON Web Token (RFC 7519) with OAuth 2.0 Bearer usage (RFC 6750): Invitation management and acceptance operations are protected by bearer-token authentication, so every read and write is tied to an authenticated, auditable identity.
- SAML 2.0 (OASIS): The module integrates with SAML 2.0 identity providers (including Zitadel and Keycloak) so that invited users can complete the acceptance flow via federated single sign-on rather than a local credential.
- OpenID Connect 1.0 / OAuth 2.0 (RFC 6749): OIDC is supported as an alternative federation path for invitation acceptance; the underlying OAuth 2.0 authorisation framework governs token issuance and delegation to the platform after an invitee authenticates.
- RFC 4122 (UUID): Every invitation record, participant record, and email template is keyed by a version-4 UUID, and invitation tokens are generated using a cryptographically random URL-safe encoding of equivalent entropy.
- ISO 8601: All expiry, acceptance, and audit timestamps are serialised and exchanged as ISO 8601 date-time strings, ensuring unambiguous interchange across time zones.
- SMTP (RFC 5321) with STARTTLS (RFC 3207): Invitation emails are dispatched over SMTP on submission port 587 using STARTTLS for transport-layer encryption, with both HTML and plain-text body parts conforming to RFC 5322 message structure.
- Role-Based Access Control (NIST RBAC model, ANSI/INCITS 359-2004): Roles are assigned to invitees at dispatch time and enforced on acceptance, implementing the NIST least-privilege principle; participants begin from a zero-privilege baseline and gain only the permissions bound to their assigned role.
Last Reviewed: 2026-07-16 Last Updated: 2026-07-16