External Portal Integration

HLF explicitly flagged the risk of their Dynamics portal and Meander overlapping - a scenario creating user confusion, duplicate data entry, and erosion of trust in both systems. Without a formal integration configuration surface, the boundary between systems must be managed informally through documentation and discipline, which is fragile as both platforms evolve independently. A structured integration config reduces operational risk for HLF's rollout and provides a reusable pattern for future tenants with existing systems they cannot immediately deprecate. This directly supports the "inkrementell utrulling" / parallel systems principle shared by all four organizations.

External Portal Integration is modeled as an organization-scoped config block in the organization_settings table or a dedicated external_portal_configs table (preferred for extensibility). The admin UI exposes fields for portal URL, OAuth client credentials, scope mapping, and capability boundary declarations. In Phase 2 scope, Meander receives identity assertions or deep-link parameters from the external portal but does not push data to it - bidirectional sync for accounting is a separate concern under admin-accounting. OAuth credentials must be encrypted at rest and never returned in plaintext to client responses. A test-connection action validates the configured endpoint. Security review required before credentials are stored.