[Ontwikkelaars]

Organization Invitations

The Organization Invitations module lets administrators bring new users into an organisation through cryptographically signed, time-limited email invitations that carry the recipient's role from the moment of dispatch, s

Categorie: CollaborationLaatst bijgewerkt: 16 jul 2026
collaborationcomplianceblockchain

Overview#

The Organization Invitations module lets administrators bring new users into an organisation through cryptographically signed, time-limited email invitations that carry the recipient's role from the moment of dispatch, so access is already scoped correctly the instant the invitation is accepted.

Consider a joint counter-terrorism task force that needs analysts from three agencies on the same investigation within hours, each arriving with precisely the role they need and nothing more. An administrator sends a signed invitation encoding the recipient's role; the invitee clicks once, passes token verification, and lands in the platform with access already scoped to their assignment. No manual provisioning ticket, no temporary over-privileged account.

Every new user starts from a zero-privilege baseline. Access exists only when a role has been explicitly assigned through an accepted invitation or a subsequent provisioning action. This default is non-negotiable across all multi-tenant deployments on the platform.

Key Features#

  • Email Invitation System: Invite users to join organisations via email with secure, time-limited tokens and professional email templates
  • Role Assignment at Dispatch: Assign organisational roles at invitation time so permissions are active the moment the invitation is accepted, with no manual follow-up step
  • Token Acceptance Flow: Secure, cryptographic verification of invitation tokens with comprehensive validation against replay, reuse, and expiry
  • Inviter Re-Verification: When an invitation grants privileged roles, both acceptance and activation re-check that the inviting account is still active; invitations from a since-deactivated inviter are rejected without being consumed, and the rejection identifies the cause so administrators can locate and revoke stale invites
  • Invitation Management: Full lifecycle tools covering expiration, resend rate limiting, and cancellation
  • Member Management: Manage organisation members post-invitation with role updates and access control
  • Multi-Organisation Support: Tenant-isolated invitation workflows supporting multiple organisations on the platform, with each invitation scoped to a single organisation
  • Complete Audit Trail: Full tracking of invitation creation, delivery, acceptance, and expiry recorded in the platform record store for compliance reporting

Use Cases#

  • Multi-organisation investigations requiring controlled information sharing between agencies
  • Task force formation where members arrive with defined access levels and nothing broader
  • Cross-jurisdictional case collaboration enabling joint investigation workflows between law enforcement and national security partners
  • Temporary access provisioning for external consultants, legal advisors, and technical experts
  • Administrator offboarding that immediately neutralises the departing administrator's outstanding privileged invitations, so dormant invites cannot become a privilege-escalation backdoor
  • Inter-agency coordination establishing secure shared workspaces for joint operations
  • Multi-tenant platform onboarding for new partner organisations in government and enterprise deployments

Integration#

  • Identity providers (SAML 2.0, OIDC, Zitadel, Keycloak) for single sign-on and directory-backed provisioning
  • Email notification systems for invitation delivery and delivery tracking
  • Organisational directory services for downstream user provisioning
  • Compliance reporting platforms for audit documentation and NIS2 evidence packages

Open Standards#

  • JSON Web Token (RFC 7519) with OAuth 2.0 Bearer usage (RFC 6750): Invitation management and acceptance operations are protected by bearer-token authentication, so every read and write is tied to an authenticated, auditable identity.
  • SAML 2.0 (OASIS): The module integrates with SAML 2.0 identity providers (including Zitadel and Keycloak) so that invited users can complete the acceptance flow via federated single sign-on rather than a local credential.
  • OpenID Connect 1.0 / OAuth 2.0 (RFC 6749): OIDC is supported as an alternative federation path for invitation acceptance; the underlying OAuth 2.0 authorisation framework governs token issuance and delegation to the platform after an invitee authenticates.
  • RFC 4122 (UUID): Every invitation record, participant record, and email template is keyed by a version-4 UUID, and invitation tokens are generated using a cryptographically random URL-safe encoding of equivalent entropy.
  • ISO 8601: All expiry, acceptance, and audit timestamps are serialised and exchanged as ISO 8601 date-time strings, ensuring unambiguous interchange across time zones.
  • SMTP (RFC 5321) with STARTTLS (RFC 3207): Invitation emails are dispatched over SMTP on submission port 587 using STARTTLS for transport-layer encryption, with both HTML and plain-text body parts conforming to RFC 5322 message structure.
  • Role-Based Access Control (NIST RBAC model, ANSI/INCITS 359-2004): Roles are assigned to invitees at dispatch time and enforced on acceptance, implementing the NIST least-privilege principle; participants begin from a zero-privilege baseline and gain only the permissions bound to their assigned role.

Last Reviewed: 2026-07-16 Last Updated: 2026-07-16

Klaar om te Bouwen?

Ga aan de slag met onze API's of neem contact op met ons integratieteam voor ondersteuning.