Configure Authentik for EspoCRM

**Vadym** · 09-21-2023, 06:49 AM

Hi harrytruman,

Do you configured Authentik as OIDC in EspoCRM?
If yes, open EspoCRM in Private mode and try to log in.

https://devcrm.it/how-to-connect-espocrm-to-authentik-oidc/

**harrytruman** · 09-21-2023, 11:20 PM

Hi Vadym,

Thanks for responding. I have configured Authentik as OIDC in Espo. Also tried clearing history and private browser tap to login. No luck. Is there an open source identity provider you have used? I'll try anything else if it's been demonstrated to work with Espo. Actually, I'll even pay for Microsoft or AWS if any will work. Thanks!

**lazovic** · 09-22-2023, 06:41 AM

Hi harrytruman,

I have not tried to configure OIDC on Authentik to work with EspoCRM, but I have successfully done this several times with the Auth0 service using the following instructions (this, of course, is not open source identity provider, but it can also work):

Create Application with Native type on Auth0.
In your instance (Administration > Authentication > OIDC) fill up Client ID and Client Secret fields with these values:

Also:

Authorization Endpoint: https://dev-27knukaj2kt8jmc8.us.auth0.com/authorize
Token Endpoint: https://dev-27knukaj2kt8jmc8.us.auth0.com/oauth/token
JSON Web Key Set Endpoint: https://dev-27knukaj2kt8jmc8.us.auth...nown/jwks.json

Where dev-27knukaj2kt8jmc8.us.auth0.com is Domain from screenshot.
Create Users:

**harrytruman** · 09-22-2023, 02:24 PM

Hi lazovic, thank for taking the time to help me here. Just knowing that AuthO can work with Espo is pointing me in a better direction.

I've followed your instructions above, but when I try to login in under a created user, I get a URI error (see attached screenshot).

I've tried changing the redirect URI from espo to HTTPS but still no luck. Any ideas? Thanks again for your help!

**lazovic** · 09-22-2023, 02:41 PM

harrytruman,

The Authorization Redirect URl value must be exactly the same as specified in the Administration > Authentication > OIDC of your instance:

**harrytruman** · 09-22-2023, 03:20 PM

Hi lazovic, I finally changed the site URL in Espo settings to https://... This changed the redirect URI in the authentication settings to https and now everything is working.

When I log in under a new user I created in authO (that matches a user already in Espo), it ends up creating a new user in Espo with a user name that looks like this: auth0_650d9b575f279857b1080ff3

I'm having trouble understanding how to map scopes (like e-mail, username, etc.) from Espo to authO. What's the easiest way to upload current users in Espo to authO? Thanks again for all your help. I've wasted so much time trying to figure out SSO this week. You finally got me over the hump!

**harrytruman** · 09-22-2023, 04:52 PM

Hi lazovic the https URL fix from above works in authentik too. I'm still having the same issue with matching users from authentik to espocrm. Just like, authO, authentik creates a new user in espo instead of matching to existing user. In authO, have you found a workable way to export user details from Espo and import them into authO? Thanks again for your help! I feel so much better now making forward progress.

**MRobi1** · 07-01-2024, 01:53 PM

Originally posted by harrytruman

Hi lazovic the https URL fix from above works in authentik too. I'm still having the same issue with matching users from authentik to espocrm. Just like, authO, authentik creates a new user in espo instead of matching to existing user. In authO, have you found a workable way to export user details from Espo and import them into authO? Thanks again for your help! I feel so much better now making forward progress.

Have you found a fix to this? Struggling with the same issue mapping authentik user to Espo user.
I feel it has something to do with "Username claim" but can't find much info on what can be entered into this field other than the default "sub"

Configure Authentik for EspoCRM

Configure Authentik for EspoCRM

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment