Skip to content

Mighty Citizen CraftCMS SSO Knowledge Transfer

VIDEO TRANSCRIPT | Recorded: 2025-10-30 | Verify against current system state

Abstract

Knowledge transfer session with Mighty Citizen on CraftCMS SAML SSO integration with Salesforce. Covers Salesforce Connected App configuration, SAML metadata import into CraftCMS, user attribute mapping, and a blocking issue where auth cookies from legacy Aptify integration prevent second login attempts. Discusses user cleanup strategy for migration from Aptify to Salesforce identifiers.

Key Procedures

  • Configure Salesforce Connected App for SAML SSO
  • Use naming convention: AANP_[AppName] for SSO apps
  • Export SAML metadata URL from Salesforce Experience Cloud
  • Import metadata into CraftCMS SAML Service Provider plugin
  • Map SAML attributes: first name, last name, email
  • Configure Notifications API to retrieve additional member data
  • Parse person account ID from email format for API lookup
  • Delete legacy Aptify users before Salesforce migration
  • Contact Flipbox Digital for SAML plugin support

Notable Statements

  • 0:00:19 "We've started naming our SSO pieces in this format where it's AMP underscore and then the name of the item"
  • 0:01:01 "Is current member is currently just statically set to one"
  • 0:01:39 "All they need is a first name and then they need an email address"
  • 0:02:03 "The email address is set up to return the person account ID as the email address and then at ampuat.com"
  • 0:02:15 "They split it out and they will say, okay, now I'm going to use this person account ID to send over to the notifications API"
  • 0:02:81 "You can actually pull this URL and push it into... CraftCMS, you can just give it this URL and it's going to pull in all the information it needs"
  • 0:06:00 "Their username is the web user ID from Aptify"
  • 0:06:07 "It needs to be the same every single time that they authenticate"
  • 0:07:01 "You can just come in here and delete it. It's not going to hurt anything. The next time that they SSO, it is going to recreate the user"
  • 0:07:17 "There is a script that runs. If somebody hasn't logged in, I think like two years or something, it will delete the user"
  • 0:07:37 "214,207" (number of users in CraftCMS)
  • 0:08:36 "You're going to get duplicates. So Aptify, I mean Salesforce doesn't have this ID"
  • 0:09:03 "You might want to just clean them up and just delete all the ones that are from Aptify"
  • 0:10:88 "The problem was that the auth cookies weren't being created" ACTIONABLE
  • 0:11:26 "I deleted all of the code I could find in CraftCMS related to those auth cookies"
  • 0:11:51 "The second time I tried to log in, I would get an error saying, the system tried to create a new user record, but the username already exists" ACTIONABLE
  • 0:12:22 "They're the ones who create the SAML plug-in for Craft CMS"
  • 0:12:28 "They are very responsive. If you have questions, they will even call you"

Systems & Configurations

Systems Mentioned

  • CraftCMS (website and admin)
  • Salesforce (Connected Apps, Experience Cloud)
  • SAML Service Provider (Flipbox Digital plugin)
  • Aptify (legacy system)
  • Notifications API (member data retrieval)

Specific Configurations

Item Value/Setting Timestamp Notes
SSO app naming AANP_[AppName] 0:00:19 Convention for all SSO apps
Required SAML attributes First name, Last name, Email 0:01:39 Minimum for authentication
Email format PersonAccountID@ampuat.com 0:02:03 ID extraction for API lookup
CraftCMS user count 214,207 0:07:37 Total provisioned users
User cleanup age 2-2.5 years 0:07:55 Auto-delete inactive users
Username source (legacy) Aptify Web User ID 0:06:00 Causes duplicate on migration
Username source (new) Salesforce User ID 0:09:41 Different from Aptify ID

Credentials/Access Mentioned

  • CraftCMS admin login (Marty's account shown)
  • Salesforce App Manager access
  • Flipbox Digital support contact for SAML issues

Vendor Contacts Mentioned

  • Mighty Citizen (CraftCMS development partner)
  • Flipbox Digital (SAML plugin vendor - very responsive, offers screen shares)

Errors & Troubleshooting

  • Error: Auth cookies not created on SSO login
  • Cause: Legacy Aptify auth cookie code interfering
  • Resolution: Deleted legacy auth cookie code from CraftCMS

  • Timestamp: 0:10:88

  • Error: Second login fails with "username already exists"

  • Cause: Unknown issue in Flipbox SAML plugin
  • Resolution: Contact Flipbox Digital for support

  • Timestamp: 0:11:51

  • Issue: Duplicate users after Salesforce migration

  • Cause: Different username IDs between Aptify and Salesforce
  • Resolution: Delete all Aptify users before migration
  • Timestamp: 0:08:36

Transcript Gaps & Quality Notes

  • Knowledge transfer session with Matt (Mighty Citizen handoff)
  • Screen sharing of Salesforce App Manager and CraftCMS admin not captured
  • References to prior SSO setup meetings
  • Blocking issue on second login not yet resolved
  • Recommendation to hand off to Mighty Citizen for completion