Confidential Document

This document is restricted to RRI leadership.

Incorrect password
UNCLOG — Remove What Slows You Down
U3

SSO Unification Across Systems

NOT STARTED Wave 2 · 6-8 weeks

Executive Summary

Customers interact with 11+ separate login systems. Each event purchase, portal visit, and content access requires a separate authentication. During live events, upsell links force customers to re-enter all information as new buyers because there’s no identity bridge between Obv.io and the checkout system.

SSO is the foundation for Mastery Path (S3), Event Passport (S4), and Portal Unification (S5). Without it, none of the SCALE products can deliver a unified customer experience.

Cognito already exists in the RRI stack. The gap is OIDC standards compliance, not infrastructure. Obv.io does NOT support OIDC/SAML for attendees — requires a bridge service (lightweight Node.js service validates Cognito token, looks up Event Credit, redirects to magic link).

What Needs to Happen

5-Phase Implementation

  1. Phase 1: Cognito OIDC configuration — App Clients, scopes, hosted UI. 2 weeks.
  2. Phase 2: Members Portal → Cognito integration — 2 weeks, parallel with D2 Node upgrade.
  3. Phase 3: Tony AI + RPM → Cognito — 2 weeks.
  4. Phase 4: Obv.io SSO Bridge Service — Cognito token → Event Credit lookup → magic link redirect. 3 weeks.
  5. Phase 5: Experience API native OIDC integration — 1 week design.

Migration strategy: Cognito Migrate User Lambda — just-in-time, no bulk import, no password reset. Customer logs in normally; first login triggers seamless migration.

Claude Code acceleration: OIDC integration patterns across 4 systems are well-defined. Cognito App Client configuration, OIDC middleware, and the Obv.io bridge service are all standard patterns Claude Code can generate. Estimated 6-8 weeks → 3-4 weeks with Claude Code scaffolding the OIDC integration layer.

Completion Criteria

  • Single login works across TonyRobbins.com, Members Portal, Tony AI, and Obv.io
  • Zero forced re-registrations during events
  • Cognito OIDC App Clients configured for all 4 systems
  • Migrate User Lambda operational — just-in-time migration with no password resets
  • Obv.io SSO Bridge Service deployed and validated
  • Experience API OIDC design document completed
  • Session continuity maintained across system boundaries

Initiative Attributes

U3 — SSO Unification Across Systems
Cost
$41K-$70K one-time engineering + $495-700/month Cognito
Timeline (Original)
6-8 weeks (Wave 2, 8-10 if D2 must complete first)
Timeline (With Claude Code)
3-4 weeks
~3-4 weeks saved — OIDC integration across 4 systems
Owner
Johnny Yarlott + Nick Jensen + Federico Del Rio (portal phase) + Spork (Cognito config)
Dependencies
Hard: D4 (Cognito must be hardened), D2 (Members Portal must be on Node 22). Soft: U2 (shared identity bridge pattern)
Unblocks
S3 (Mastery Path requires single login), S4 (Event Passport requires unified subscription identity), S5 (Portal Unification depends on U3)
Revenue at Risk
Enables $15M+ — S3 ($5.4M+) + S4 ($10M+) in downstream SCALE products
Success Metrics
Single login works across TonyRobbins.com, Members Portal, Tony AI, and Obv.io; zero forced re-registrations during events

Related Risks

IDRiskSeverityProbabilityMitigation
RF1 Nick Jensen disengagement / departure CRITICAL MEDIUM Lior 1:1 Week 1 post-UPW. Frame S3 + S5 ownership as growth opportunity. Load relief from H4. If Nick leaves, U2, U4, S3, S5 all at risk — he’s bus factor 1 on TonyRobbins.com.