Client Background

A New York-based organization, grounded in a science-backed approach, revamping its platform to offer programs, courses, workshops, retreats, and professional training that help men develop emotional intelligence, resilience, and meaningful connections in a supportive community. It equips men with tools to strengthen relationships and make confident, purpose-driven decisions.

The platform also supports therapists, coaches, doctors, and counselors through specialized training.

Project Overview

The platform utilized multiple tech services to manage different aspects of its operations:

1. CMS (Content Management System) – WordPress, managed the marketing site, shared program information, & increased platform awareness.
2. Community Platform – Mighty Network, provided a private, interactive space for members to connect, engage, and grow through facilitated groups, courses, and workshops, while maintaining a structured, members-only environment.
3. CRM (Customer Relationship Management) – HubSpot, handled user data management, engagement tracking, and automated marketing, including email communication & outreach.

The objective was to optimize key user flows through automation and deliver a seamless, unified user experience by:

1. Implementing Single Sign-On (SSO) between the CMS and the Community Platform for seamless user authentication.
2. Integrating and automating data synchronization between the CRM and CMS, eliminating manual processes and improving efficiency.

Challenges & Requirements

The platform relied on multiple independent services, leading to fragmented user experiences & manual workflows.

Existing Flow & Pain Points

• Fragmented User Management → Community members created accounts in Mighty Networks, requiring the Admin Team to manually add, update, and manage user data.
• Manual Workflows → User data had to be manually exported and imported into HubSpot, creating inefficiencies in marketing and communication.
• Disconnected Systems → The CMS functioned solely for content management, lacking integration with other platforms.

Proposed Solution

To streamline user flow & automate processes, the CMS was designated as the central user management & authentication provider.

1. Utilize CMS as the centralized core, managing user registration, authentication, & user data, while also serving as the content management hub for the platform.
2. Integrate CMS & CRM via API, enabling HubSpot (CRM) API connection to automate user creation & data synchronization.
3. Implement Single Sign-On (SSO) between the CMS and Mighty Network Platform, with the CMS acting as the SSO provider for user authentication, access token generation, & validation using OAuth2.0 for secure connectivity.

Enhanced Workflow: New User Registration

A streamlined new user registration process integrating CMS, Community Platform, CRM for seamless authentication & automated data management.

Technical Breakdown

1. User Registers in CMS → A custom registration form collects user details such as name, email, & other required fields, validates inputs, & securely stores credentials.
2. CMS Sends Data to HubSpot → User details are sent via API, creating a CRM entry for segmentation & automation.
3. CMS Sends User Details to Mighty Networks via SSO Protocol → The CMS redirects the user to Mighty Networks, with user details (ID, email, name) for account creation. The user simply clicks “Get Started” on Mighty Networks to complete onboarding.

This automated workflow eliminates manual data entry, ensures centralized user management, & provides a seamless login experience across all platforms.

Enhanced Workflow: Existing User Login

A seamless login process that validates user sessions via SSO, ensuring secure & unified access across the CMS & Community Platform.

Technical Breakdown

1. User Logs In via Mighty Networks → Redirected to CMS authentication endpoint.
2. CMS Checks Session
   • If valid token exists, user is redirected back to Mighty Networks Dashboard.
   • If token is expired or missing, user is redirected to CMS login.
3. User Authenticates in CMS → Credentials are validated, and a new OAuth2 token is issued.
4. CMS Redirects User to Mighty Networks → Token is passed for seamless access to the user dashboard.

This SSO-based login flow eliminates redundant logins, ensuring secure session validation & a unified user experience.

Seamless Workflow: Admin Team Operations

A streamlined process enabling the admin team to efficiently manage user authentication, integrations, & automation with minimal manual intervention.

The admin team benefits from a fully automated process, reducing the need for manual intervention in user authentication & data synchronization. With centralized management of user registration, authentication, & integrations, the team can efficiently oversee the system’s functionality. This workflow ensures smooth operation across the CMS, Community Platform, and CRM, significantly improving efficiency & reducing error rates.

SSO Implementation

To ensure seamless & secure authentication, OAuth2.0 was implemented as the Single Sign-On (SSO) protocol, with the CMS acting as both the Identity Provider (IdP) and SSO Provider. This allows users to authenticate once in the CMS, which issues OAuth2 tokens, enabling access to Mighty Networks (Service Provider – SP) without requiring separate login credentials.

Key Components of SSO Implementation

1. OAuth2.0 as the Authentication Standard → Enables secure, token-based authentication between the CMS (acting as both the Identity Provider (IdP) and SSO Provider) & Mighty Networks (Service Provider – SP).
2. SSO Provider & Service Provider Role → The CMS (IdP & SSO Provider) manages user authentication & issues OAuth2 tokens, while Mighty Networks (SP) relies on the CMS for validation & access control.

OAuth2.0 SSO Flow

A secure OAuth2.0-based SSO flow, enabling seamless authentication between the CMS (IdP & SSO Provider) & Mighty Networks (SP) through token-based access.

Technical Breakdown

1. User Initiates Login via Mighty Networks
   • The user clicks “Sign In”, triggering a redirect to the SSO Provider’s Authorization URL with:
     • client_id (Configured on the SSO form)
     • redirect_uri (Callback URL)
     • response_type
     • scope (Configured on the SSO form)
     • state (Randomly generated for security)
2. SSO Provider Prompts Authentication
   • The CMS (SSO Provider) displays the login page.
   • The user authenticates using the configured login options (email/password, social login, etc.).
3. SSO Provider Issues Authorization Code & Redirects User
   • After successful authentication, the CMS generates a single-use authorization code.
   • The user is redirected to the Mighty Networks Callback URL with:
     • state (for security validation)
     • code (Single-use authorization code)
4. Mighty Networks Requests Access Token from SSO Provider
   • Mighty Networks sends a POST request to the CMS Token URL, including:
     • code (Single-use authorization code)
     • client_id
     • client_secret
     • grant_type
     • redirect_uri
5. SSO Provider Issues Access Token
   • The CMS validates the request and responds with:
     • access_token (OAuth2.0 token for authentication)
     • id_token (User identity details)
     • refresh_token (For session renewal)
     • expires_in (Token validity duration)
     • token_type
6. Mighty Networks Validates Token & Retrieves User Info
   • Mighty Networks uses the access token as a Bearer token to request user details from the CMS ME URL.
7. CMS Responds with User Data
   • The CMS returns user details (ID, email, first name, last name), ensuring proper account mapping in Mighty Networks.
8. User Gains Access to Mighty Networks
   • Mighty Networks validates the user profile, granting them access to the platform.
9. Session & Token Management
   • The access token is stored in session storage, allowing seamless navigation without repeated logins.
   • The refresh token enables automatic session renewal, maintaining a frictionless user experience.

Role & Impact

As Engineering Manager, I focused on automating workflows and unifying the platform ecosystem by introducing OAuth2.0-based SSO and API integrations. Designed the technical architecture and overseeing seamless system integrations. My role involved managing a cross-functional teams to ensure implementation of centralized authentication, automated user management, and real-time data synchronization across platforms.

Key Skills Demonstrated

• Technical Leadership & System Architecture (Designed and implemented OAuth2.0-based SSO)
• Project Management & Team Collaboration (Led a cross-functional team)
• Platform Unification & Automation (Standardized authentication and data flow)
• Cross-Platform API Integration (Integrated authentication and user management)
• Workflow Automation & Data Synchronization (Eliminated manual processes with automation)
• User Experience & Access Management (Improved login experience and authentication)
• Security & Compliance (Enhanced data security with standardized protocols)
• Performance Optimization & Reliability (Ensured high availability and minimal downtime)
• Scalable Tech & Future-Ready Systems (Built a flexible authentication framework)

This project centralized authentication, eliminated manual user management, and enabled seamless multi-platform synchronization, significantly improving automation, security, and operational efficiency.