diff --git a/enterprise/signals.py b/enterprise/signals.py
index cb6e277fb..8813b95a4 100644
--- a/enterprise/signals.py
+++ b/enterprise/signals.py
@@ -455,17 +455,6 @@ def generate_default_orchestration_record_display_name(sender, instance, **kwarg
             instance.display_name = f'SSO-config-{instance.identity_provider}-{num_records_for_customer + 1}'
 
 
-@receiver(pre_save, sender=CanvasEnterpriseCustomerConfiguration)
-def mirror_id_and_secret_to_decrypted_fields(sender, instance, **kwargs):   # pylint: disable=unused-argument
-    """
-    Mirror the client_id and client_secret to the decrypted fields.
-    """
-    if instance.client_id != instance.decrypted_client_id:
-        instance.decrypted_client_id = instance.client_id
-    if instance.client_secret != instance.decrypted_client_secret:
-        instance.decrypted_client_secret = instance.client_secret
-
-
 # Don't connect this receiver if we dont have access to CourseEnrollment model
 if CourseEnrollment is not None:
     post_save.connect(create_enterprise_enrollment_receiver, sender=CourseEnrollment)
diff --git a/integrated_channels/canvas/migrations/0037_canvasenterprisecustomerconfiguration_copy_id_and_secret_and_more.py b/integrated_channels/canvas/migrations/0037_canvasenterprisecustomerconfiguration_copy_id_and_secret_and_more.py
index 581206e59..9d0c11eca 100644
--- a/integrated_channels/canvas/migrations/0037_canvasenterprisecustomerconfiguration_copy_id_and_secret_and_more.py
+++ b/integrated_channels/canvas/migrations/0037_canvasenterprisecustomerconfiguration_copy_id_and_secret_and_more.py
@@ -5,7 +5,7 @@
 
 def populate_decrypted_client_id_and_secret(apps, schema_editor):  # pragma: no cover
     """
-    Populate the decrypted_client_id and decrypted_client_secret fields for all 
+    Populate the decrypted_client_id and decrypted_client_secret fields for all
     existing CanvasEnterpriseCustomerConfiguration
     """
     CanvasEnterpriseCustomerConfiguration = apps.get_model('canvas', 'CanvasEnterpriseCustomerConfiguration')
diff --git a/integrated_channels/canvas/models.py b/integrated_channels/canvas/models.py
index f8a1a06ff..b7bf02017 100644
--- a/integrated_channels/canvas/models.py
+++ b/integrated_channels/canvas/models.py
@@ -177,11 +177,11 @@ def oauth_authorization_url(self):
             obj: The instance of CanvasEnterpriseCustomerConfiguration
                 being rendered with this admin form.
         """
-        if self.canvas_base_url and self.client_id:
+        if self.canvas_base_url and self.decrypted_client_id:
             return (f'{self.canvas_base_url}/login/oauth2/auth'
                     f'?redirect_uri={LMS_OAUTH_REDIRECT_URL}&'
                     f'response_type=code&'
-                    f'client_id={self.client_id}&state={self.uuid}')
+                    f'client_id={self.decrypted_client_id}&state={self.uuid}')
         else:
             return None
 
@@ -196,9 +196,9 @@ def is_valid(self):
         """
         missing_items = {'missing': []}
         incorrect_items = {'incorrect': []}
-        if not self.client_id:
+        if not self.decrypted_client_id:
             missing_items.get('missing').append('client_id')
-        if not self.client_secret:
+        if not self.decrypted_client_secret:
             missing_items.get('missing').append('client_secret')
         if not self.canvas_base_url:
             missing_items.get('missing').append('canvas_base_url')
diff --git a/integrated_channels/canvas/views.py b/integrated_channels/canvas/views.py
index b265209f5..a9ad68cdd 100644
--- a/integrated_channels/canvas/views.py
+++ b/integrated_channels/canvas/views.py
@@ -113,8 +113,8 @@ def get(self, request, *args, **kwargs):
 
         access_token_request_params = {
             'grant_type': 'authorization_code',
-            'client_id': enterprise_config.client_id,
-            'client_secret': enterprise_config.client_secret,
+            'client_id': enterprise_config.decrypted_client_id,
+            'client_secret': enterprise_config.decrypted_client_secret,
             'redirect_uri': settings.LMS_INTERNAL_ROOT_URL + "/canvas/oauth-complete",
             'code': client_code,
         }
diff --git a/tests/test_integrated_channels/test_canvas/test_views.py b/tests/test_integrated_channels/test_canvas/test_views.py
index 8d8e9518c..447f4a64e 100644
--- a/tests/test_integrated_channels/test_canvas/test_views.py
+++ b/tests/test_integrated_channels/test_canvas/test_views.py
@@ -56,27 +56,47 @@ def setUp(self):
         self.refresh_token = 'test-refresh-token'
         self.urlbase = reverse('canvas-oauth-complete')
 
-        CanvasEnterpriseCustomerConfiguration.objects.get_or_create(
-            uuid=SINGLE_CANVAS_CONFIG['uuid'],
-            decrypted_client_id=SINGLE_CANVAS_CONFIG['client_id'],
-            decrypted_client_secret=SINGLE_CANVAS_CONFIG['client_secret'],
-            canvas_account_id=SINGLE_CANVAS_CONFIG['canvas_account_id'],
-            canvas_base_url=SINGLE_CANVAS_CONFIG['canvas_base_url'],
-            enterprise_customer=self.enterprise_customer,
-            active=True,
-            enterprise_customer_id=ENTERPRISE_ID,
-        )
+        try:
+            CanvasEnterpriseCustomerConfiguration.objects.get(
+                uuid=SINGLE_CANVAS_CONFIG['uuid'],
+                canvas_account_id=SINGLE_CANVAS_CONFIG['canvas_account_id'],
+                canvas_base_url=SINGLE_CANVAS_CONFIG['canvas_base_url'],
+                enterprise_customer=self.enterprise_customer,
+                active=True,
+                enterprise_customer_id=ENTERPRISE_ID,
+            )
+        except CanvasEnterpriseCustomerConfiguration.DoesNotExist:
+            CanvasEnterpriseCustomerConfiguration.objects.create(
+                uuid=SINGLE_CANVAS_CONFIG['uuid'],
+                decrypted_client_id=SINGLE_CANVAS_CONFIG['client_id'],
+                decrypted_client_secret=SINGLE_CANVAS_CONFIG['client_secret'],
+                canvas_account_id=SINGLE_CANVAS_CONFIG['canvas_account_id'],
+                canvas_base_url=SINGLE_CANVAS_CONFIG['canvas_base_url'],
+                enterprise_customer=self.enterprise_customer,
+                active=True,
+                enterprise_customer_id=ENTERPRISE_ID,
+            )
 
-        CanvasEnterpriseCustomerConfiguration.objects.get_or_create(
-            uuid=SECOND_CANVAS_CONFIG['uuid'],
-            decrypted_client_id=SECOND_CANVAS_CONFIG['client_id'],
-            decrypted_client_secret=SECOND_CANVAS_CONFIG['client_secret'],
-            canvas_account_id=SECOND_CANVAS_CONFIG['canvas_account_id'],
-            canvas_base_url=SECOND_CANVAS_CONFIG['canvas_base_url'],
-            enterprise_customer=self.enterprise_customer,
-            active=True,
-            enterprise_customer_id=ENTERPRISE_ID,
-        )
+        try:
+            CanvasEnterpriseCustomerConfiguration.objects.get(
+                uuid=SECOND_CANVAS_CONFIG['uuid'],
+                canvas_account_id=SECOND_CANVAS_CONFIG['canvas_account_id'],
+                canvas_base_url=SECOND_CANVAS_CONFIG['canvas_base_url'],
+                enterprise_customer=self.enterprise_customer,
+                active=True,
+                enterprise_customer_id=ENTERPRISE_ID,
+            )
+        except CanvasEnterpriseCustomerConfiguration.DoesNotExist:
+            CanvasEnterpriseCustomerConfiguration.objects.create(
+                uuid=SECOND_CANVAS_CONFIG['uuid'],
+                decrypted_client_id=SECOND_CANVAS_CONFIG['client_id'],
+                decrypted_client_secret=SECOND_CANVAS_CONFIG['client_secret'],
+                canvas_account_id=SECOND_CANVAS_CONFIG['canvas_account_id'],
+                canvas_base_url=SECOND_CANVAS_CONFIG['canvas_base_url'],
+                enterprise_customer=self.enterprise_customer,
+                active=True,
+                enterprise_customer_id=ENTERPRISE_ID,
+            )
 
     def test_successful_refresh_token_by_uuid_request(self):
         """