SHN Admin
Issue tier-based magic-link invitations.
Sprint 8 v1.2 LOCKED invitation-management. Sandbox-grade through June 9 Delaware Prior Auth Lab; production-grade Q3 2026. Authorized issuers per CTO Demo Access Reframe Sprint 8 v1.2 §3.1 Option (b) tier-based authority. MSE UX layer; substrate-side wire-contract via Integration Engineer.
5-tier RBAC invitation matrix
| Tier | Audience | Sandbox surface scope | Authorized issuer |
|---|---|---|---|
| Tier 1 | Sovereign + State Medicaid + Governors | Full sandbox + UC22 + multi-role demo | CEO + CSO |
| Tier 2 | Provider org CIOs / leadership | Provider Enterprise Account | COO + Network Coordinator + EPL |
| Tier 3 | Payer counterparts | Payer Enterprise Account | COO + Network Coordinator + EPL |
| Tier 4 | Standards (HL7 + FHIR + DaVinci PAS) | UC22 + FHIR/DaVinci profile mapping | CSO + Julia Skapik |
| Tier 5 | Press / Briefing | Read-only walkthrough | CSO + ML |
CEO retains override authority + revocation authority on any invitation. All invitations logged to substrate-event audit chain via Step 6 endpoint per ADR-022.
Issuance flow
- Authorized issuer selects tier + enters invitee email + organization context
- Substrate-side validates issuer authority + generates magic-link token (cryptographically random; HMAC-SHA256; 14-day expiry)
- Email template rendered with Brand Guide v1 application + tier-specific copy + magic-link URL
- SES outbound delivery with smarthealthhub.net DKIM/SPF/DMARC + reputation monitoring
- Substrate-event-record emitted per ADR-022 (issuance event + tier + invitee + issuer + audit-trail anchor)
- Invitation acceptance → magic-link landing page at smarthealthhub.net/signin/callback?token=... → tier-scoped Enterprise Account UX provisioned
- Per-invitee session expiry: 30 days post-acceptance (sandbox-grade); revocation at session-blacklist trigger