Adding & Removing Users on Miva Merchant

Adding & Removing Users on Miva Merchant — setup, configuration, and best practices for Mivamerchant.

Miva Merchant manages two distinct user types: admin users who access the Miva Admin interface, and customer accounts who interact with the storefront. Admin users are managed through the Admin Console, while customer accounts can be managed via the Admin Console or the Miva JSON API.

How Miva User Management Works

Miva Merchant uses a permission-based admin system where each admin user is assigned to one or more groups. Groups define which areas of the Admin Console the user can access. Customer accounts are separate and tied to storefront functionality (orders, wishlists, saved addresses).

The Admin Console is accessed at https://your-store.com/mm5/admin.mvc (path varies by installation).

Adding Admin Users

Log in to the Miva Admin Console
Navigate to Settings > Users in the left sidebar
Click Add User
Fill in the required fields:
- Login (username for admin access)
- Name (display name)
- Email (for password resets and notifications)
- Password and Confirm Password
Under Groups, check the groups this user should belong to:
- Store Administrators -- Full access to all store functions
- Order Processing -- Access to order management only
- Product Management -- Access to catalog functions
- Design/Template -- Access to template and page editing
- Custom groups you have created
Click Save

Creating Custom Admin Groups

Navigate to Settings > Groups
Click Add Group
Name the group (e.g., "Content Editors")
In the group settings, enable specific permissions:
- Pages, Categories, Products, Orders, Customers, Reports, Settings
- Each section has sub-permissions (view, add, edit, delete)
Click Save
Assign users to this group from the Users screen

Adding Customer Accounts

Via Admin Console

Navigate to Customers > Add Customer
Fill in required fields:
- Login (email address)
- Password
- First Name and Last Name
- Email and Phone
Add optional details: shipping address, billing address, customer notes
Click Save

Via Miva JSON API

# Create a customer account via Miva JSON API
curl -X POST "https://your-store.com/mm5/json.mvc" \
  -H "Content-Type: application/json" \
  -H "X-Miva-API-Authorization: MIVA token_value" \
  -d '{
    "Store_Code": "STORE_CODE",
    "Function": "CustomerInsert",
    "Customer_Login": "jane@example.com",
    "Customer_Password": "SecurePass123!",
    "Customer_ShipFirstName": "Jane",
    "Customer_ShipLastName": "Developer",
    "Customer_ShipEmail": "jane@example.com",
    "Customer_ShipPhone": "555-0100",
    "Customer_BillFirstName": "Jane",
    "Customer_BillLastName": "Developer",
    "Customer_BillEmail": "jane@example.com"
  }'

Batch customer creation:

# Miva JSON API supports batch requests
curl -X POST "https://your-store.com/mm5/json.mvc" \
  -H "Content-Type: application/json" \
  -H "X-Miva-API-Authorization: MIVA token_value" \
  -d '{
    "Store_Code": "STORE_CODE",
    "Operations": [
      {
        "Function": "CustomerInsert",
        "Customer_Login": "user1@example.com",
        "Customer_Password": "TempPass1!",
        "Customer_ShipFirstName": "User",
        "Customer_ShipLastName": "One",
        "Customer_ShipEmail": "user1@example.com"
      },
      {
        "Function": "CustomerInsert",
        "Customer_Login": "user2@example.com",
        "Customer_Password": "TempPass2!",
        "Customer_ShipFirstName": "User",
        "Customer_ShipLastName": "Two",
        "Customer_ShipEmail": "user2@example.com"
      }
    ]
  }'

Bulk User Management

CSV Import

Navigate to Utilities > Import/Export
Select Customer Import

Upload a CSV file with headers matching Miva field names:

Customer_Login,Customer_Password,Customer_ShipFirstName,Customer_ShipLastName,Customer_ShipEmail
user1@example.com,TempPass1!,John,Doe,user1@example.com
user2@example.com,TempPass2!,Jane,Smith,user2@example.com

Map columns in the import wizard
Choose whether to update existing customers or create new only
Click Import

Batch Admin API Operations

// Node.js script for bulk customer management via Miva JSON API
const fetch = require('node-fetch');

const MIVA_URL = 'https://your-store.com/mm5/json.mvc';
const API_TOKEN = 'your_api_token';

async function bulkCreateCustomers(customers) {
  const operations = customers.map(c => ({
    Function: 'CustomerInsert',
    Customer_Login: c.email,
    Customer_Password: c.tempPassword,
    Customer_ShipFirstName: c.firstName,
    Customer_ShipLastName: c.lastName,
    Customer_ShipEmail: c.email,
  }));

  const response = await fetch(MIVA_URL, {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json',
      'X-Miva-API-Authorization': `MIVA ${API_TOKEN}`,
    },
    body: JSON.stringify({
      Store_Code: 'STORE_CODE',
      Operations: operations,
    }),
  });

  return response.json();
}

// Usage
bulkCreateCustomers([
  { email: 'new1@example.com', tempPassword: 'Temp123!', firstName: 'New', lastName: 'User1' },
  { email: 'new2@example.com', tempPassword: 'Temp456!', firstName: 'New', lastName: 'User2' },
]).then(result => console.log(JSON.stringify(result, null, 2)));

Removing and Deactivating Users

Deactivating Admin Users

Miva does not have a built-in "disable" toggle for admin users. To effectively deactivate:

Navigate to Settings > Users
Click on the admin user
Remove all group assignments (uncheck all groups)
Change their password to a random string
Click Save

The user record remains for audit purposes, but they cannot access any admin functionality.

Deleting Admin Users

Navigate to Settings > Users
Click the Delete icon next to the user
Confirm the deletion

Note: You cannot delete the primary admin account. At least one admin user must exist at all times.

Deactivating Customer Accounts

Miva does not have a native "deactivate" status for customers. Options:

Change password to block access:

curl -X POST "https://your-store.com/mm5/json.mvc" \
  -H "Content-Type: application/json" \
  -H "X-Miva-API-Authorization: MIVA token_value" \
  -d '{
    "Store_Code": "STORE_CODE",
    "Function": "CustomerUpdate",
    "Customer_Login": "jane@example.com",
    "Customer_Password": "DISABLED_RANDOM_STRING_12345"
  }'

Deleting Customer Accounts

Via Admin Console:

Navigate to Customers
Search for the customer
Click the Delete icon
Confirm

What happens to their data:

Order history is preserved (orders reference the customer ID but remain accessible)
Saved addresses and payment methods are deleted
Wishlist items are removed
Newsletter subscriptions are removed
Product reviews authored by the customer remain but may lose attribution

Via API:

curl -X POST "https://your-store.com/mm5/json.mvc" \
  -H "Content-Type: application/json" \
  -H "X-Miva-API-Authorization: MIVA token_value" \
  -d '{
    "Store_Code": "STORE_CODE",
    "Function": "CustomerDelete",
    "Customer_Login": "jane@example.com"
  }'

SSO and Enterprise Authentication

Miva Merchant does not natively support SAML or LDAP for admin users. For enterprise environments, common approaches include:

Reverse proxy SSO: Use an identity-aware proxy (e.g., Azure AD Application Proxy, Cloudflare Access) in front of the Miva admin URL to enforce authentication before Miva's login screen
Custom module: Develop a Miva module that integrates with an OAuth2/OIDC provider for admin login
Customer SSO: For storefront customers, use Miva's template system to integrate social login (Google, Facebook) via JavaScript OAuth flows

Access Audit Checklist

Review all admin users under Settings > Users quarterly
Verify group assignments match current job responsibilities
Check that departed staff have been removed or had credentials changed
Audit API tokens under Settings > Users > API Tokens for unused or overly-permissioned tokens
Review customer account list for test accounts that should be cleaned up
Export the customer list periodically to compare against your CRM for consistency
Document all admin user changes and API token rotations

शीर्ष पर वापस जाएँ