miaa PrivateGroups offers a rich API to implement delegated administration, access control for identity-of-things and eco-system management.

Sharing Access

The miaa PrivateGroups API enables self-administration of access to assets and the relations of people with assets. Such asset can be an appliance, a device, a subscription, a VIP lounge, a confidential report, a sensitive operation, an animal, an event, or an identity-of-things.

We use the ‘carnet’ as the digital representation of the asset. The carnet can initially be provisioned from a back-end system, such as an ERP or purpose-built application. Its further administration is done by the end-users, for example using the miaa Self-service App.

While end-users share an asset in real-life, miaa PrivateGroups allows them to share its corresponding carnet within the Identity Management platform. For example, they can:

  • share the maintenance role for an appliance, and connect appliance owners with professionals such as the vendor, the store and the technicians
  • share the monitoring role of internet-of-things, and connect building owners with professionals such as the vendor, the technicians and the alarm centre
  • share the function to upload sensitive data and obtain confidential reports
  • share subscriptions between the payer and family members, such as magazines, video streams, music and other paid content
  • share subscriptions between the buyer and team members, such as reading restricted information, performing sensitive uploads, producing confidential reports and other delicate operations
  • share a caring role for animals, plants, vehicles or buildings, and connect the owner with caretakers
  • share an employment relationship between the HR manager and the employees and subcontractors
  • share a loyalty scheme between the card owner and the family members, and shops
  • share membership to a club or association, and connect members.

This way, miaa PrivateGroups has proven to enable you to actively manage your ecosystem in a granular and relevant way. The carnet represents the identity of your core assets. It becomes the digital glue between users, representing their real-life relationships.

Please refer to EcosystemAppliance registration and Sharing access for typical use cases.

Delegated administration

The key to success of large scale web platforms is self-service for the user. The miaa PrivateGroups API extends the self-service capabilities of an Identity Management platform by enabling users to self-administer their own communities: a team, a household or an association in relation to your core business.

Communities are defined around identity-of-things (‘assets’), such as a household subscription, an appliance, a pet or a loyalty card. Such implicit communities are made explicit and maintainable by miaa PrivateGroups.

Users can invite another user by declaring a relation of that user with the asset: ‘is owner of’, ‘is technician of’, ‘is seller of’, etc.

Users can accept the invitation and become member of the implied community around the asset. For users which have not been registered yet, a provisional account is created for them that they will activate as soon as they accept the invitation. Users can of course also reject the relation if they find it inappropriate. Users can also request to join a community by declaring a relation with the asset. The owner can then approve or reject the relation.

Driving user engagement

The miaa PrivateGroups API allows a source of e-mail addresses to be used to invite people to register with a full user profile.

miaa PrivateGroups produces a clickable, secure and verifiable token that embeds an instruction for the user to activate his provisional account. This so-called RequestToken is tailored for your use case(s). For example:

  • preregistration-as-a-service: set up a campaign and stimulate people who have been recorded by an e-mail harvesting platform to register with a full profile. E-mail harvesting may use old newsletter subscriptions, contest participation, conference attendance lists, e-commerce transaction logs, etc.
  • encourage people who were invited by a colleague or family member to register with a full profile when
  • ask people to confirm a change of e-mail address before making it definitive
  • ask people to confirm a second (professional) e-mail address before using it for granting access
  • ask people to confirm their subscription before granting access to premium content
  • etc.

Available as managed service

All Personally identifiable information (PII) is persistently stored in the Identity Management platform only and miaa PrivateGroups does not persistently store any PII. Even though PII can temporarily occur in volatile memory, it is not kept in any database or log of the miaa PrivateGroups.

miaa PrivateGroups can be further customised using our Build services:

  • to include custom attributes and/or tailor-made rules for the authorisation matrix
  • to include logic to interpret user invitations from a different source
  • to tailor the contents of the request-token to include as clickable link in an e-mail
  • to tailor the group constraints, e.g. a group may only contain 1 owner and no more than 4 other members
  • to define the record for shareable assets, e.g. a group represents a paid article, or an appliance, a pet, a set of subscriptions, or a loyalty discount
  • to tailor the access rules, e.g. only the owner can invite new members, yet members can create a group for sharing other subscriptions

The following component is also separately available:

  • miaa ProfileConnect that helps you gain as many registered profiles as possible. This plug-in invites people to register based on sources of e-mail addresses, such as newsletters, contest participation and conference attendance lists.