Announcement

Collapse
No announcement yet.

Single sign-on (SSO) integration

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Single sign-on (SSO) integration

    It would be nice to have Single sign-on (SSO) integration of Google and Microsoft accounts to regular and portal users.

  • #2
    Offtopic, I wonder if you can adopt this extension to your needs? https://devcrm.it/send

    It can do expire date but I don't think it can do single sign-on yet, perhaps emillod can add to do list.

    However it isn't a portal system though... it more of filesharing/message sharing.

    Comment


    • #3
      esforim thanks for mentioning me. There is an app keycloak which is open source and allow to manage identities. I thought about integrating this app with EspoCRM, but for now i can only add this to a queue of pending projects. Send ext is more like sharing solution which allow to share text and files. If we'll decide to create integration with sign-on, then for sure it'll NOT be part of this ext

      Also i think that this feature should be added to EspoCRM, not through extension but by EspoCRM devs. It's great functionality.

      Comment


      • #4
        yuri how do you think is is possible to expect Single sign-on (SSO) integration of Google and Microsoft in nearest future?
        Google and Microsoft is because it's most common used in business environment.

        Comment


        • #5
          Hi there, in case you want Google login or Microsoft login, I would recommend you integrate Auth0 (Auth0-PHP) within your EspoCRM instance - it's really helpful solution for achieving this type of authentication.

          Comment


          • #6
            Hi there,

            1. Is it possible in Espo to have separate LDAP servers for each Espo portal? Does anyone has any experience?

            2. Is it possible to configure Espo + Espo Portal to handle SSO in scenario with nginx preauth proxy + authentik/keycloak. E.g. User enters credentials on preauth proxy. Proxy checks in LDAP if credentials are valid then forwards request to Espo and user is logged in.

            Currently we have to log in in preauth proxy and then user must enter credentials again. We’d like to avoid this effort for user. Can anyone help us with any piece of advice or clue where to start?
            ​

            Comment


            • yuri
              yuri commented
              Editing a comment
              Please create a separate topic for questions like this. not in the feature request topic.

          • #7
            Coming in v7.3 https://github.com/espocrm/espocrm/issues/2455

            Comment


            • partomas
              partomas commented
              Editing a comment
              This feature very actual for portal users as well. Did I got correctly, that portal users will not be supported for now?

            • esforim
              esforim commented
              Editing a comment
              I guess Portal User is not supported temporary (or permanent if there too much work).

              Nothing stopping an coder to do a Pull Request though... but it might have been intentional to not support Portal so might have to be an extension instead.

          • #8
            Anyway it would be big benefit if Portal users would support Single sign-on (SSO) in core, not as someone's extension. In this case external CRM users could use portal very easy on daily bases or easy get access if use time to time without "recover password" each time when try to connect.

            Comment


            • #9
              It's not supported as it indeed would have required more work to design it properly. There's too much to think out before implementing the solution that we are to support forever then. Currently there's the ability to provide a custom user-provider class so anybody can make portal users to work.

              Comment


              • #10
                This is the default one: https://github.com/espocrm/espocrm/b...erProvider.php. Bind a custom one with similar code but w/o the portal user restriction.

                Comment


              • #11
                Thank you yuri so much. What will need to be done when v7.4 version will come, just to avoid conflicts?

                Comment


                • yuri
                  yuri commented
                  Editing a comment
                  No, unless you did customizations with authentication.
              Working...
              X