Skip to main content

3rd party single sign-on suite integrated with Drupal 7 and Drupal 8

A professional membership association has a multitude of Drupal 7 and Drupal 8 sites where their members can find information about the organization, earn continual education credits (CEUs), apply for grants and scholarships, as well as an online community with a membership directory. To keep track of their members and information, they implemented a new Association Management Software (AMS), switching from iMIS to Nimble AMS, which is built on top of the Salesforce platform.

With the new AMS in place, they wanted a seamless way for their members to navigate from site to site without requiring them to login multiple times. Nimble AMS includes a membership dashboard that allows users to update their personal information and links to the various website properties. The integration requirements included pulling personal information from the membership dashboard via an API into fields on the Drupal user profiles.

Nimble AMS Integration Features

Single Sign-On Features

Logging In

Skvare created a custom URL that when visited, it checks to see if the user has already logged into Nimble. If the user is logged in, it will automatically log them into Drupal. To provide a seamless login experience, this custom URL is set as the Drupal frontpage URL. If the user is not logged in, it redirects them to the Nimble login page, then redirects the user back to the Drupal website after the Nimble login form is submitted. The redirect path is defined in the custom Nimble AMS Settings configuration page within Drupal. It allows members and non-members to be redirected to different pages. For example, members will be redirected to the membership dashboard and non-members will be redirected to the join or renew membership page.

Salesforce / Drupal Single Sign-On redirect configuration

Admin Login

Only member and non-member users for the Learning Management System have accounts in the Nimble AMS database, administrators do not. To mitigate this issue and allow admins to log into the site without having Nimble accounts, the login form was moved to a new hidden URL and was no longer accessible from the Drupal default /user page.

Logging Out

The organization also wanted to ensure that logging out means logging out everywhere. From the user’s perspective they do not realize that there are actually different sites with different subdomains, and to them it was all one website. A custom logout link was created which when clicked, logged the user out of the Drupal website as well as the Nimble AMS system.

Drupal Profile Pages

Now that all of the users’ personal information is stored in the Nimble AMS system, Nimble is the master database of record. In order to make Nimble the master record, the users are not able to change the value of the fields on their Drupal user profile. When the user clicks the “edit” profile page within Drupal, all of the fields are hidden and a link to Nimble is displayed which redirects the user to the Nimble profile edit page. Some user roles, for example administrators, will still have permissions to view the user edit pages to review the values synced from Nimble. The roles that have permission to view the profile edit page fields are configurable in the Nimble AMS settings page.

Drupal Single Sign-On replace user edit fields

Data Sync from Nimble

Upon user login, the system fetches the user profile information via an API from the Nimble AMS database. The sync occurs each time the user logs into the Drupal website. If the user makes changes to their profile then the changes will be reflected the next time the user logs into the Drupal site. The information synced from Nimble includes data like: name, email address, membership type, company, job title, gender, age, as well as membership start and end dates.  A configuration page lets administrators map the Nimble data to the Drupal user profile fields. This configuration option allows the field mappings to vary from site to site.

Single Sign-On field mappings from Salesforce to Drupal

Drupal User Roles

The organization offers multiple membership types which have their own Drupal user permissions. The membership type is stored in a field within Nimble AMS. When a user logs into the Drupal website, the membership type is synced via the API and the Drupal user role is set accordingly. The user role can have a default setting that gives a role to all users, regardless of membership type. This allows each membership type to be given different Drupal user roles according to the membership type defined in Nimble. These role mappings allow the user roles to vary from site to site.

Single Sign-On Drupal user role mapping based on 3rd party membership type

Free Credit Calculations

This particular organization offers their members free credits for their Learning Management System (LMS) as a membership perk. This allows users to spend credits on courses in the LMS to earn their continual education credits which are reported to their Certification Board to maintain their certification. However the number of credits awarded to the members varies based on the users’ membership start date. For example, 10 credits are awarded if they sign up quarter 1 or quarter 2, 5 credits are awarded if they sign up in quarter 3, and 0 credits are awarded if they sign up in quarter 4. The membership join dates, start dates, and end dates are pulled from Nimble AMS upon login to the Drupal LMS website. A custom calculation determines the number of CEU credits that should be awarded based on the membership start date. If the user has already received their free credits for this year, then the system knows not to award any more credits for the remainder of the calendar year.

Conclusion

The Nimble AMS single-sign on “suite” has provided a seamless process for users to navigate between multiple Drupal 7 and Drupal 8 websites. The integration links the master record from the Nimble AMS system to the Drupal websites’ user profiles. The D7 and D8 modules are developed to be flexible and could apply to any of the websites, allowing administrators to configure redirects, field mappings, and user roles on a site by site basis. The open-source Drupal CMS is very flexible system that makes it a great CMS to integrate with any 3rd party technologies.

Share this post