Case Study 05: ScreenVault Studios — Worked Solution

AI-Generated Content — Use for Reference Only

This content is AI-generated and has only been validated by AI review processes. It has NOT been reviewed or validated by certified Salesforce CTAs or human subject matter experts. Do not rely on this content as authoritative or completely accurate. Use it solely as a reference point for your own study and preparation. Always verify architectural recommendations against official Salesforce documentation.

Solution Context

Heavy domains: D1 System Architecture, D3 Data, D5 Integration | Difficulty: Intermediate Time budget: 180 minutes | Key frameworks: 9 Essential Artifacts

Attempt the Scenario First

If you have not yet worked through the scenario paper, stop here. Set a 180-minute timer and build your own solution before reading this one.

Assumptions

1. Single org with Sales Cloud + Service Cloud + Marketing Cloud + Experience Cloud. Three business lines share content data and need cross-functional visibility. Single org avoids data sync complexity. Marketing Cloud (Engagement) replaces Mailchimp for both B2B and B2C journeys within the 5-month constraint.
2. Data Cloud for Snowflake integration. 50M streaming events/day stay in Snowflake. Data Cloud connects natively via zero-copy, making subscriber engagement scores and content performance metrics available in Salesforce without data replication.
3. Custom objects for content rights modeling. No off-the-shelf Salesforce product handles multi-territory, multi-window content licensing. Custom objects with Apex validation enforce rights conflict detection.
4. Salesforce Mobile + offline via Field Service mobile patterns. Production crews get a mobile app with offline sync for schedules, contacts, and permits. Salesforce Mobile App with briefcase deployment, not Field Service (no dispatch/work order need).
5. MuleSoft Composer or native integrations over full MuleSoft Anypoint. Integration volume (~60K events/day) and system count (8 systems) do not justify enterprise middleware. Native connectors (Data Cloud for Snowflake, Marketing Cloud Connect) handle the highest-volume paths. MuleSoft Composer or a lightweight integration layer handles SAP, Rights DB, and CMS.

Key Architectural Decisions

Decision 1: Content Rights Data Model (D3)

The most critical design challenge. Content licensing involves overlapping dimensions: one title licensed to multiple partners across different territories, time windows, platform types, and exclusivity levels. A flat Opportunity model cannot represent this.

Approach: A dedicated Content Rights object as the junction between Content Title and Account (licensing partner). Each Content Right record captures one specific grant: territory, window dates, platform type, exclusivity, and pricing. Apex trigger-based validation on insert/update checks for conflicts — overlapping exclusive rights for the same title, territory, and window.

Rejected: Modeling rights as Opportunity Products. Products lack the multi-dimensional constraint logic needed, and conflating rights with the deal pipeline makes reporting unreliable.

Decision 2: Snowflake Integration via Data Cloud (D5)

50M streaming events/day cannot enter Salesforce objects. Data Cloud provides zero-copy access to Snowflake, making viewer behavior available for segmentation, churn scoring, and content analytics without moving raw data.

How it works: Data Cloud maps Snowflake tables (viewer profiles, content performance, engagement scores) as data lake objects. Calculated insights generate subscriber-level churn scores and engagement segments. These scores are accessible in Salesforce via related lists and flow-based automation (e.g., create a case when churn score exceeds threshold).

Rejected: Batch ETL of aggregated data into custom objects. This creates stale data (daily at best), requires ongoing maintenance, and misses the real-time segmentation capability Data Cloud provides.

Decision 3: Marketing Cloud Timing and Architecture (D4/D5)

Mailchimp expires in 5 months, creating the hardest timeline pressure in the program. Marketing Cloud Engagement must be operational for at minimum B2C subscriber campaigns by month 5.

Approach: Accelerate Marketing Cloud implementation. Phase 1 (months 1-5) delivers B2C journeys (welcome, re-engagement, winback) using Marketing Cloud Connect to sync subscriber records. Phase 2 adds B2B partner journeys. Data Cloud feeds behavioral segments into Marketing Cloud for behavior-triggered campaigns.

Artifact 1: System Landscape

graph TB
    subgraph LEGEND["Legend"]
        L1["🟢 NEW — being built"]
        L2["⚪ KEEPING — no changes"]
        L3["🔴 RETIRING — decommission"]
        L4["🟠 INTEGRATION LAYER"]
    end

    subgraph SF["Salesforce Platform"]
        SC[Sales Cloud<br/>Licensing Deals]
        SVC[Service Cloud<br/>Subscriber Support]
        MC[Marketing Cloud Engagement<br/>B2B + B2C Journeys]
        EC[Experience Cloud<br/>Partner Portal]
        DCL[Data Cloud<br/>Snowflake Zero-Copy]
        MOB[Mobile App<br/>Production Crews]
    end

    subgraph INT["MuleSoft Composer / Flow External Services"]
        COMP[Integration Layer<br/>Orchestration + Monitoring]
    end

    subgraph EXT["External Systems"]
        RDB[Rights Management DB<br/>PostgreSQL]
        CMS[Content Management System<br/>Node.js]
        SAP[SAP ERP<br/>Finance]
        SF_SNOW[Snowflake<br/>Streaming Analytics]
        S3[AWS S3<br/>Content Assets]
        ADS[Ad Sales Platform]
        PAY[Payment Processor]
        STREAM[Streaming Platform<br/>Subscriber Events]
    end

    SC -->|CDC events| COMP
    COMP -->|REST real-time| RDB
    COMP -->|REST real-time| CMS
    COMP -->|Batch nightly| SAP
    DCL -->|Zero-copy native| SF_SNOW
    MC -->|Behavioral segments| DCL
    COMP -->|REST real-time| PAY
    STREAM -->|Webhooks| COMP
    COMP -->|Platform Events| SVC
    EC -->|Partner self-service| SC
    CMS -->|HTTPS refs| S3
    ADS -->|Batch daily| COMP
    COMP -->|REST| SC

    style SC fill:#1a73e8,color:#fff
    style SVC fill:#1a73e8,color:#fff
    style MC fill:#2e7d32,color:#fff
    style EC fill:#2e7d32,color:#fff
    style DCL fill:#2e7d32,color:#fff
    style MOB fill:#2e7d32,color:#fff
    style COMP fill:#e65100,color:#fff
    style RDB stroke:#c62828,stroke-width:3px,stroke-dasharray: 5 5
    style CMS fill:#9e9e9e,color:#000
    style SAP fill:#9e9e9e,color:#000
    style SF_SNOW fill:#9e9e9e,color:#000
    style S3 fill:#9e9e9e,color:#000
    style ADS fill:#9e9e9e,color:#000
    style PAY fill:#9e9e9e,color:#000
    style STREAM fill:#9e9e9e,color:#000

Artifact 2: Data Model

erDiagram
    ACCOUNT ||--o{ OPPORTUNITY : "licensing deals"
    ACCOUNT ||--o{ SUBSCRIPTION : "D2C subscribers"
    ACCOUNT ||--o{ CASE : "support"
    CONTENT_TITLE ||--o{ CONTENT_RIGHT : "licensed via"
    ACCOUNT ||--o{ CONTENT_RIGHT : "holds rights"
    OPPORTUNITY ||--o{ CONTENT_RIGHT : "negotiated in"
    CONTENT_TITLE ||--o{ PRODUCTION : "produced as"
    PRODUCTION ||--o{ CREW_ASSIGNMENT : "staffed by"
    CONTACT ||--o{ CREW_ASSIGNMENT : "assigned to"
    SUBSCRIPTION ||--o{ ENGAGEMENT_SCORE : "scored by"
    CONTENT_TITLE ||--o{ CONTENT_PERFORMANCE : "measured by"

    ACCOUNT {
        picklist RecordType "Licensing Partner | Subscriber | Production Vendor"
        picklist Region "NA | EMEA | APAC"
        boolean ActivePartner
    }
    CONTENT_TITLE {
        string Title
        picklist Genre
        picklist Status "Development | Production | Post | Released"
        number ProductionBudget
        string ExternalCMSId
    }
    CONTENT_RIGHT {
        lookup ContentTitle
        lookup Account "Licensing partner"
        picklist Territory "US | UK | IN | Global | etc"
        picklist PlatformType "SVOD | AVOD | Linear | Theatrical"
        picklist Exclusivity "Exclusive | Non-Exclusive"
        date WindowStart
        date WindowEnd
        currency LicenseFee
        picklist Status "Proposed | Active | Expired | Terminated"
    }
    SUBSCRIPTION {
        lookup Account
        picklist Tier "Free | Standard | Premium"
        date StartDate
        picklist Status "Trial | Active | Paused | Cancelled"
        number ChurnScore "From Data Cloud"
    }
    PRODUCTION {
        lookup ContentTitle
        picklist Phase "Pre | Active | Post | Complete"
        date StartDate
        date WrapDate
        currency Budget
    }

Key design points:

• Content Right is the central licensing object. Junction between Content Title and Account. Each record represents one specific rights grant with territory, window, platform type, and exclusivity.
• Rights conflict detection: Before-insert/before-update Apex trigger queries existing active Content Right records for the same Content Title + Territory + overlapping date range where Exclusivity = Exclusive. If a conflict exists, the trigger blocks the save and surfaces a clear error message.
• Subscription is a custom object (not standard Opportunity) because subscriber lifecycle differs fundamentally from B2B sales pipeline. ChurnScore field populated by Data Cloud calculated insight.
• Account RecordTypes separate the three personas: Licensing Partner (B2B), Subscriber (B2C), Production Vendor.
• Content Title’s ExternalCMSId field links to the source CMS for metadata sync.

Artifact 3: Role Hierarchy & Sharing Model

graph TB
    CEO --> VPLicensing["VP Content Licensing"]
    CEO --> VPConsumer["VP Consumer"]
    CEO --> CTO
    CEO --> HeadProd["Head of Production"]
    CEO --> CFO
    VPLicensing --> LicMgr["Licensing Managers<br/>by Region"]
    LicMgr --> LicRep["Licensing Reps"]
    VPConsumer --> SubMgr["Subscriber Ops Mgr"]
    VPConsumer --> MktgMgr["Marketing Manager"]
    SubMgr --> SubAgents["Support Agents"]
    MktgMgr --> MktgSpec["Marketing Specialists"]
    HeadProd --> ProdMgr["Production Managers"]
    ProdMgr --> Crew["Production Crew"]
    CFO --> FinTeam["Finance Team"]

Object	OWD	Mechanism
Account (Licensing Partner)	Private	Role hierarchy; licensing team ownership
Account (Subscriber)	Private	Consumer team ownership; support via queues
Content Title	Public Read Only	All employees need catalog visibility
Content Right	Controlled by Parent	Inherits from Account (Licensing Partner)
Subscription	Controlled by Parent	Inherits from Account (Subscriber)
Opportunity	Private	Licensing team ownership
Case	Private	Queue-based assignment; consumer support team
Production	Public Read Only	Cross-team visibility; edit restricted to production team via profiles
Crew Assignment	Controlled by Parent	Inherits from Production

Key sharing decisions:

• Content Title is Public Read Only because licensing reps, marketing, production, and executives all need catalog access. Financial terms live on Content Right (private), not Content Title.
• Licensing financial data isolation: Content Right is Controlled by Parent (Account). Subscriber team cannot see licensing deal terms. Licensing team cannot see subscriber PII. Separation via role hierarchy branches and OWD.
• Permission Set for deal pricing: Content Right financial fields (LicenseFee, payment terms) use Field-Level Security restricted to Licensing and Finance profiles only.
• Partner portal: Experience Cloud sharing set scopes partners to their own Account and related Content Rights. Partners see the content catalog (Public Read Only) but only their own deal terms.

Artifact 4: Integration Architecture

graph LR
    subgraph LEGEND["Legend"]
        L1["🟢 NEW"]
        L2["⚪ KEEPING"]
        L3["🔴 RETIRING"]
        L4["🟠 INTEGRATION LAYER"]
    end

    subgraph SF["Salesforce"]
        PE[Platform Events]
        CDC[Change Data Capture]
        MCC[Marketing Cloud Connect]
        DCLINK[Data Cloud Connector]
    end

    subgraph INT["MuleSoft Composer"]
        COMP[Orchestration<br/>Error Handling<br/>Monitoring]
    end

    subgraph EXT["External Systems"]
        RDB[Rights DB]
        CMS[CMS]
        SAP[SAP]
        SNOW[Snowflake]
        STRM[Streaming Platform]
        PAY[Payment Processor]
    end

    CDC -->|CDC events| COMP
    COMP -->|REST bidirectional| RDB
    COMP -->|REST scheduled daily| CMS
    COMP -->|Batch nightly + REST on deal close| SAP
    DCLINK -->|Zero-copy native| SNOW
    STRM -->|Webhooks| COMP
    COMP -->|Platform Events| PE
    PAY -->|Webhooks| COMP
    MCC -->|MC Connect sync| SF

    style PE fill:#1a73e8,color:#fff
    style CDC fill:#1a73e8,color:#fff
    style MCC fill:#1a73e8,color:#fff
    style DCLINK fill:#2e7d32,color:#fff
    style COMP fill:#e65100,color:#fff
    style RDB stroke:#c62828,stroke-width:3px,stroke-dasharray: 5 5
    style CMS fill:#9e9e9e,color:#000
    style SAP fill:#9e9e9e,color:#000
    style SNOW fill:#9e9e9e,color:#000
    style STRM fill:#9e9e9e,color:#000
    style PAY fill:#9e9e9e,color:#000

System	Pattern	Direction	Details
Rights Management DB	Bidirectional sync	Both	Salesforce becomes primary over 6 months; Rights DB read-only then decommissioned. During transition, Change Data Capture pushes SF changes to Rights DB via integration layer.
Content Management System	Request-Reply	Inbound	Scheduled sync pulls title metadata daily. On-demand lookup via External Services for real-time catalog search.
SAP ERP	Request-Reply + Batch	Bidirectional	Deal closure triggers revenue schedule creation in SAP. Nightly batch reconciles financial data.
Snowflake	Zero-copy via Data Cloud	Inbound	No data movement. Data Cloud reads Snowflake tables directly. Calculated insights generate churn scores and engagement segments.
Streaming Platform	Event-Driven	Inbound	Subscriber signup/cancel/payment webhooks publish Platform Events. Flow automation creates or updates Subscription records.
Payment Processor	Event-Driven	Inbound	Payment success/failure webhooks update Subscription status and trigger dunning flows.
Marketing Cloud	Marketing Cloud Connect	Bidirectional	Subscriber and partner records sync to Marketing Cloud. Journey triggers based on Data Cloud segments.
Ad Sales Platform	Scheduled batch	Inbound	Daily pull of ad performance metrics linked to content titles.

Rights DB transition plan: Months 1-3: Salesforce reads from Rights DB (source of truth). Months 3-6: dual-write (both systems updated). Month 6+: Salesforce is source of truth; Rights DB is read-only archive. Month 9+: Rights DB decommissioned. This eliminates the single-developer retention risk.

Artifact 5: Identity & SSO

• Employees (1,200): Corporate IdP (Google Workspace or Okta) via SAML 2.0. Single sign-on for Salesforce, CMS, and internal tools. Permission Set Groups assigned by department (Licensing, Consumer, Production, Finance).
• Licensing partners (500 accounts, ~2,000 portal users): Experience Cloud login with Salesforce Identity. Self-registration with email verification. MFA via TOTP. Large partners (Netflix, BBC) can federate via SAML — Salesforce acts as SP, partner IdP authenticates.
• Subscribers (2M): Not in Salesforce directly for login. Subscriber identity managed by the streaming platform. Salesforce holds subscriber Account records synced from the streaming platform. Self-service portal (Req 13) uses Experience Cloud with Salesforce Identity for the subset of subscribers who access it (estimated 5-10% for billing/support).
• Production crews (200): Same corporate SSO. Salesforce Mobile App on BYOD devices with MDM-enforced device policies (screen lock, remote wipe).

Artifact 6: Data Migration Strategy

Phase 1 — Licensing Data (Months 1-4):

1. Export Rights DB data: 12,000 active contracts, 500 partner accounts, 1,800 content titles, and historical rights records.
2. Map Rights DB schema to Content Title, Content Right, and Account objects. Partner accounts matched against existing 15 Salesforce accounts; remaining ~485 created new.
3. Content Title metadata loaded from CMS export (one-time bulk load, then scheduled sync).
4. Rights conflict validation: run Apex validation against all imported active rights to verify no pre-existing conflicts. Fix data quality issues before go-live.
5. Parallel run (months 4-6): both systems active, dual-write via integration layer. Exit: 30 days with zero discrepancies.

Phase 2 — Subscriber Data (Months 4-8):

6. Subscriber Account records created from streaming platform export: 2M records via Bulk API. Account RecordType = Subscriber. No login credentials in Salesforce.
7. Mailchimp contacts mapped to Subscriber Accounts. Consent and opt-in status migrated with zero loss.
8. Marketing Cloud provisioned and configured by month 4. B2C journeys (welcome, re-engagement) live by month 5 to meet Mailchimp expiry.

Phase 3 — Production Data (Months 8-12):

9. Google Sheets production data cleansed and loaded: active productions, schedules, crew assignments.
10. Historical productions loaded for Content ROI reporting (linking production cost to title revenue).

Artifact 7: Governance

Steering Committee: Monthly. CEO, VP Licensing, VP Consumer, CTO, CFO. Reviews program milestones, budget, and cross-team conflicts.

Technical Review Board: Bi-weekly. CTO (chair), lead admin, SI architect, integration lead. Reviews schema changes, integration designs, and automation logic.

Change Type	Approval	Lead Time
Schema / data model	Technical Review Board	1 sprint
Integration (new or modified)	Technical Review Board	1 sprint
Marketing journeys	VP Consumer + Marketing Manager	3 business days
Configuration (layouts, reports)	Lead admin	Same sprint
Emergency fix (P1)	CTO	Same day

Standards: Naming convention SVS_[Object]_[Purpose]. Apex test coverage 85% minimum. All automation via Flow or Apex (no Process Builder or Workflow Rules). Rights conflict logic in Apex only (not Flow) for testability and complex query performance.

Artifact 8: Environment Strategy

Environment	Purpose	Refresh
Full Copy Sandbox	UAT + performance testing with 2M subscriber records	Monthly
Partial Copy Sandbox	Integration testing (Rights DB, SAP, Snowflake connections)	Bi-weekly
Developer Sandbox (x2)	Core platform team + SI partner team	Sprint start
Developer Pro Sandbox	Marketing Cloud testing	As needed

CI/CD: Salesforce CLI + GitHub Actions. Branch strategy: main (production), release/* (UAT), feature/* (development). Deployments: Dev Sandbox -> Partial Copy -> Full Copy -> Production. No manual metadata deployments.

Marketing Cloud: Separate deployment process. Business units for B2B and B2C. Journey changes go through staging BU before production BU.

Artifact 9: Phased Delivery Roadmap

gantt
    title ScreenVault Studios — 14-Month Delivery
    dateFormat  YYYY-MM
    axisFormat  %b %Y

    section Phase 1 — Licensing + Core
    Data model + core objects             :p1a, 2026-05, 2M
    Rights DB integration (read)          :p1b, 2026-05, 3M
    Licensing deal lifecycle              :p1c, 2026-07, 2M
    Rights conflict detection             :p1d, 2026-07, 2M
    Partner portal (Experience Cloud)     :p1e, 2026-08, 2M
    Rights DB dual-write + cutover        :p1f, 2026-08, 3M
    Licensing Go-Live                     :milestone, m1, 2026-10, 0d

    section Phase 2 — Subscriber + Marketing
    Marketing Cloud provisioning          :p2a, 2026-08, 2M
    Subscriber data load (2M records)     :p2b, 2026-08, 2M
    B2C journeys (Mailchimp replacement)  :p2c, 2026-09, 1M
    Mailchimp Cutover                     :milestone, m_mc, 2026-10, 0d
    Data Cloud + Snowflake zero-copy      :p2d, 2026-10, 2M
    Churn scoring + engagement segments   :p2e, 2026-11, 2M
    Service Cloud subscriber support      :p2f, 2026-10, 3M
    Subscriber Go-Live                    :milestone, m2, 2027-01, 0d

    section Phase 3 — Production + Analytics
    Production tracking objects           :p3a, 2027-01, 2M
    Mobile app + offline sync             :p3b, 2027-02, 3M
    Content ROI dashboards                :p3c, 2027-02, 2M
    Executive analytics suite             :p3d, 2027-03, 2M
    Full Program Complete                 :milestone, m3, 2027-06, 0d

    section Cross-Cutting
    SAP integration                       :cc1, 2026-06, 4M
    CMS metadata sync                     :cc2, 2026-05, 3M
    GDPR compliance (London office)       :cc3, 2026-05, 6M

Sequencing rationale: Phase 1 addresses the highest business risk (rights management on a fragile system with a single developer). Marketing Cloud accelerated within Phase 2 to meet the 5-month Mailchimp deadline — B2C journeys go live at month 5, before the full subscriber platform. Phase 2 overlaps Phase 1 starting month 4 because Data Cloud and subscriber data loading are independent of licensing work. Phase 3 is lowest risk and can absorb schedule pressure from earlier phases.

Governance & DevOps

Environment Promotion Flow

flowchart LR
    DEV1[Developer Sandbox\nCore Platform Team] --> QA[Partial Copy\nIntegration Testing]
    DEV2[Developer Sandbox\nSI Partner Team] --> QA
    DEVPRO[Developer Pro\nMarketing Cloud] --> MCSTG[MC Staging BU]
    QA --> UAT[Full Copy\nUAT + Performance]
    UAT --> PROD[Production]
    MCSTG --> MCPROD[MC Production BU]

    FB1[Feature: Rights\nConflict Detection] --> DEV1
    FB2[Feature: Subscriber\nData Load] --> DEV1
    FB3[Feature: Partner\nPortal] --> DEV2
    FB4[Feature: B2C\nJourneys] --> DEVPRO

Branching Strategy

SVS operates three concurrent workstreams (licensing, subscriber/marketing, production) with overlapping phases. The branching model balances parallel development with stable releases.

Branch	Purpose	Merge Target
main	Production — deployed code only	N/A
release/phase-1, release/phase-2, release/phase-3	Release stabilization per program phase	main
develop	Integration branch — all feature work merges here first	release/*
feature/SVS-[ticket]-[description]	Individual feature work	develop
hotfix/SVS-[ticket]-[description]	Production emergency fixes	main + develop

Merge cadence: Feature branches merge to develop via PR with required code review (minimum 1 reviewer from the platform team). develop merges to release/* at sprint boundaries (2-week sprints). Release branches deploy to UAT for stabilization before production promotion.

Sandbox Strategy

Sandbox	Type	Purpose	Refresh Cadence	Data Seeding
SVS-DEV-CORE	Developer	Core platform team — data model, rights logic, Apex triggers	Sprint start	Minimal: 50 accounts, 200 content titles, 500 rights records
SVS-DEV-SI	Developer	SI partner — Experience Cloud partner portal, subscriber flows	Sprint start	Minimal: same as core + 100 portal users
SVS-INT	Partial Copy	Integration testing — Rights DB, SAP, CMS, Snowflake connections	Bi-weekly	Partial: 500 accounts, 1,800 titles, 5,000 rights, sampled subscriber data
SVS-UAT	Full Copy	UAT + performance testing with realistic data volume	Monthly	Full copy: 2M subscriber records, 12K contracts, all content titles
SVS-MC-STAGING	Developer Pro	Marketing Cloud journey testing (B2B + B2C)	As needed	Synthetic subscribers with engagement scores for journey testing

Data seeding notes: Rights DB integration testing requires realistic overlapping rights scenarios to validate conflict detection. The integration sandbox includes 200 intentionally conflicting rights records for regression testing. Subscriber data in UAT must include synthetic churn scores and engagement segments from Data Cloud to validate marketing journey triggers.

Testing Strategy

Test Type	Coverage Target	Scope	Automation
Unit tests (Apex)	85% minimum (SVS standard)	Rights conflict detection, subscription lifecycle, engagement scoring triggers	Apex @isTest classes; run on every PR
Integration tests	All 8 external systems	Rights DB bidirectional sync, CMS metadata pull, SAP revenue posting, Snowflake zero-copy, streaming platform webhooks, payment webhooks, Marketing Cloud Connect, ad metrics batch	MuleSoft MUnit tests; run before release branch merge
Performance tests	Sub-3s page load for partner portal; rights conflict check under 2s for 12K active contracts	Rights conflict query with full dataset, partner portal concurrent access (500 partners), Data Cloud segment refresh	k6 load tests against Full Copy sandbox
UAT	All business-critical journeys	Licensing deal lifecycle end-to-end, subscriber churn detection to winback journey, production crew mobile offline sync	Manual test scripts with business stakeholders
Regression	Rights conflict detection suite	Every schema change to Content Right, Content Title, or Account triggers full regression	Automated Apex test suite (dedicated regression tag)

Center of Excellence & Ongoing Governance

SVS Platform CoE (established Phase 1, month 3):

• CoE lead: Internal Salesforce admin (1 of 3 existing) — becomes full-time platform owner post-go-live
• Members: 1 admin, 1 developer (internal), SI partner architect (advisory through month 14), integration lead
• Responsibilities: Approve all schema changes, review integration modifications, manage technical debt backlog, train new team members
• Release cadence: Production deployments every 2 weeks (sprint boundaries) for standard changes. Emergency fixes: same-day deployment with CTO approval.
• Change management: All non-emergency changes require PR approval from CoE lead. Schema changes and integration modifications require Technical Review Board approval (bi-weekly meetings documented in Artifact 7).
• Post-program maintenance: SI partner transitions to 20-hour/month managed services retainer for 6 months post-program completion. Knowledge transfer to internal team during months 12-14.
• Marketing Cloud governance: B2B and B2C business units managed separately. Journey changes require VP Consumer approval (B2C) or VP Licensing approval (B2B). No cross-BU journey deployment without Marketing Manager review.
• Rights DB decommission governance: Dual-write validation dashboard monitored daily during months 3-6. Zero-discrepancy exit criterion enforced before switching Salesforce to source of truth. Rights DB developer completes knowledge transfer documentation by month 6.

Identity & SSO Flow

Internal Employee SSO (SAML 2.0)

sequenceDiagram
    participant User as SVS Employee (1,200)
    participant Browser as Browser
    participant IdP as Corporate IdP<br/>(Google Workspace / Okta)
    participant SF as Salesforce

    User->>Browser: Navigate to Salesforce
    Browser->>SF: Request login page
    SF->>Browser: Redirect to IdP (SP-Initiated SSO)
    Browser->>IdP: SAML AuthnRequest
    IdP->>IdP: Authenticate user (password + MFA)
    IdP->>Browser: SAML Response with Assertion
    Note over IdP,Browser: Assertion contains: email, department,<br/>Federation ID, group memberships
    Browser->>SF: POST SAML Assertion to ACS URL
    SF->>SF: Match Federation ID to User record
    SF->>SF: Assign Permission Set Group<br/>based on department claim
    SF->>Browser: Session established

IdP choice: Google Workspace (existing corporate tool for all 1,200 employees) or Okta if SVS uses it. Google Workspace provides SAML 2.0 and directory sync natively. Department-based groups in Google map to Salesforce Permission Set Groups: Licensing, Consumer, Production, Finance, and Executive.

MFA: Enforced at the IdP level for all internal users. Google Workspace supports TOTP, hardware keys, and push notification. Salesforce-side MFA not required when IdP-enforced MFA is in place (counts as satisfying the Salesforce MFA requirement).

Licensing Partner Portal SSO

sequenceDiagram
    participant Partner as Partner User (2,000)
    participant Browser as Browser
    participant SF as Salesforce<br/>Experience Cloud
    participant PIdP as Partner IdP<br/>(Netflix, BBC, etc.)

    alt Standard Partners — Salesforce Identity
        Partner->>Browser: Navigate to Partner Portal
        Browser->>SF: Login page
        Partner->>SF: Email + Password
        SF->>SF: Verify credentials + MFA (TOTP)
        SF->>Browser: Portal session established
    else Large Federated Partners — Partner IdP
        Partner->>Browser: Navigate to Partner Portal
        Browser->>SF: Login page — select "Sign in with [Partner]"
        SF->>Browser: Redirect to Partner IdP (SP-Initiated)
        Browser->>PIdP: SAML AuthnRequest
        PIdP->>PIdP: Authenticate user (partner MFA)
        PIdP->>Browser: SAML Assertion
        Browser->>SF: POST SAML to Experience Cloud ACS
        SF->>SF: Match Federation ID to portal user
        SF->>Browser: Portal session (scoped to partner Account)
    end

Partner identity approach: Most partners (400+ smaller distributors) use Salesforce Identity with self-registration and email verification. Large partners like Netflix, BBC, and Hotstar that have their own enterprise IdPs federate via SAML — Salesforce acts as SP, partner’s IdP authenticates. This avoids forcing enterprise partners to manage yet another set of credentials.

MFA: Required for all partner portal users. Standard partners use TOTP (authenticator app). Federated partners rely on their own IdP MFA policies.

System-to-System Integration Auth

sequenceDiagram
    participant EXT as External System<br/>(Rights DB / SAP / CMS)
    participant MW as MuleSoft Composer
    participant SF as Salesforce APIs

    EXT->>MW: Data payload (REST / OData / Webhook)
    MW->>SF: OAuth 2.0 Client Credentials Flow
    SF->>SF: Validate Connected App credentials
    SF->>MW: Access token (expires 2h)
    MW->>SF: API call with Bearer token
    SF->>MW: Response
    Note over MW,SF: Token cached and refreshed<br/>automatically by MuleSoft

Auth strategy: All system-to-system integrations authenticate via OAuth 2.0 Client Credentials flow through dedicated Connected Apps. Each integration has its own Connected App with scoped permissions: Rights DB integration app has access to Content Title, Content Right, and Account objects only. SAP integration app accesses Opportunity and revenue-related objects only. This limits blast radius if any single integration credential is compromised.

Webhook inbound (Streaming Platform, Payment Processor): Webhooks validated via HMAC signature verification at the MuleSoft layer before any Salesforce write. Invalid signatures are rejected and logged.

Production Crew Mobile Auth

Production crew members (200) use the same corporate SSO as all employees. On BYOD devices, MDM (Mobile Device Management) enforces: screen lock timeout (5 minutes), minimum OS version, remote wipe capability, and encrypted storage. The Salesforce Mobile App session persists for offline use but requires re-authentication every 24 hours when connectivity returns.

Integration Error Handling

Integration	Pattern	Retry Strategy	Dead Letter Queue	Monitoring & Alerts	Fallback (Extended Outage)
Rights Management DB	Bidirectional sync via CDC	3 retries, exponential backoff (1s, 5s, 30s)	MuleSoft DLQ — failed rights syncs queued for manual review; dual-write discrepancy dashboard	Slack alert to integration lead + platform team channel on 3rd failure; daily discrepancy report to VP Licensing	Salesforce continues as primary; Rights DB updates queued. If Rights DB is down >4h during dual-write phase, pause dual-write and log all pending changes for replay
Content Management System	Scheduled daily pull + on-demand lookup	2 retries with 10s interval for on-demand lookups; daily batch auto-retries next cycle	Failed metadata records logged to custom Error_Log__c object in Salesforce	Email alert to CTO team if daily sync fails; individual lookup failures logged silently (stale metadata acceptable short-term)	Salesforce serves cached content metadata from last successful sync. Manual CMS lookup available as workaround
SAP ERP	Batch nightly + event-driven on deal close	Nightly batch: full retry next cycle. Deal-close event: 3 retries, exponential backoff (5s, 30s, 5min)	Anypoint MQ dead letter queue for failed financial postings; finance team notified immediately	PagerDuty alert to integration lead on deal-close failure; daily batch failure triggers email to CFO team	Revenue schedule creation paused. Licensing team manually flags deals needing SAP posting. Finance team reconciles during next successful batch run
Snowflake (via Data Cloud)	Zero-copy (no data movement)	N/A — Data Cloud handles connection retries internally	N/A — no data transfer to fail	Data Cloud connector health monitored via Setup > Data Cloud; alert to CTO if connection drops >1h	Churn scores and engagement segments show last-known values. Marketing journeys using stale segments continue with degraded targeting accuracy. No data loss risk (Snowflake data unaffected)
Streaming Platform	Inbound webhooks via Platform Events	MuleSoft retries webhook processing 3 times (1s, 10s, 60s); Platform Events have 72h replay window	Failed subscriber events stored in MuleSoft DLQ; replay available via Platform Event replay ID	Alert to consumer ops team if webhook processing failure rate exceeds 5% in any 1-hour window	Subscription records not updated in real-time. Batch reconciliation job runs every 6 hours to catch missed events from streaming platform’s event log
Payment Processor	Inbound webhooks	3 retries with exponential backoff (1s, 5s, 30s) at MuleSoft layer	Failed payment events in MuleSoft DLQ; critical (payment failures) escalated immediately	PagerDuty alert to consumer ops on any payment webhook failure; daily summary to VP Consumer	Subscription status not updated. Dunning flows delayed. Manual reconciliation from payment processor dashboard within 4 hours of outage resolution
Marketing Cloud	Marketing Cloud Connect	MC Connect handles retry internally; sync failures retry next cycle (15-min intervals)	MC Connect error log in Marketing Cloud; failed syncs visible in MC Connect dashboard	Weekly MC Connect health review by marketing ops; immediate alert if sync gap exceeds 4 hours	Journey triggers delayed. Active journeys continue with last-synced data. New subscribers not targeted until sync resumes
Ad Sales Platform	Scheduled daily batch	Full retry next cycle (daily)	Failed ad metric records logged to Error_Log__c	Email alert to Head of Ad Sales if daily pull fails 2 consecutive days	Content performance dashboards show stale ad metrics (clearly timestamped). No revenue impact — ad metrics are reporting-only

Reporting Domain Note

Reporting spans three business lines with distinct analytics needs: content ROI (production cost vs. licensing revenue + streaming performance), partner analytics (licensing revenue by partner with trend and renewal probability), and subscriber health (cohort analysis, engagement scores, churn by segment). Standard Salesforce reports handle licensing and partner analytics. Subscriber health requires CRM Analytics for cross-object joins between Subscription, Engagement Score (Data Cloud calculated insights), and Content Performance. Executive dashboards combine all three views. Data Cloud’s native segmentation feeds both operational automation (churn-triggered cases) and reporting (engagement score distributions) — avoid duplicating segment logic across reporting and automation layers.

Presentation Strategy

Go deep on two decisions: (1) Content rights data model with conflict detection — the defining domain challenge, (2) Snowflake/Data Cloud integration for subscriber intelligence — demonstrates modern platform knowledge. Cover Marketing Cloud timing as a constraint-driven decision. Summarize remaining artifacts.