Announcement

Collapse
No announcement yet.

Configure Authentik for EspoCRM

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Configure Authentik for EspoCRM

    Hi Everyone,

    I'm having some difficultly using Authentik. I followed the instructions per this article: Configure Authentik for EspoCRM from dev4CRM

    ​When I try to login with a user created in Authentik (and matching the credentials of a current EspoCRM user) I get a "not found error" (see attached screenshot).

    Anyone have experience with Authentik? Would really appreciate some recommendations. Thanks!!
    1 Photo
    Tags: None
  • #2
    Hi harrytruman,

    Do you configured Authentik as OIDC in EspoCRM?
    If yes, open EspoCRM in Private mode and try to log in.

    https://devcrm.it/how-to-connect-espocrm-to-authentik-oidc/​

    Comment

    • #3
      Hi Vadym,

      Thanks for responding. I have configured Authentik as OIDC in Espo. Also tried clearing history and private browser tap to login. No luck. Is there an open source identity provider you have used? I'll try anything else if it's been demonstrated to work with Espo. Actually, I'll even pay for Microsoft or AWS if any will work. Thanks!

      Comment

      • #4
        Hi harrytruman,

        I have not tried to configure OIDC on Authentik to work with EspoCRM, but I have successfully done this several times with the Auth0 service using the following instructions (this, of course, is not open source identity provider, but it can also work):
        1. Create Application with Native type on Auth0.
        2. In your instance (Administration > Authentication > OIDC) fill up Client ID and Client Secret fields with these values:

          Click image for larger version Name: image.png Views: 0 Size: 47.1 KB ID: 97752

          Also:

          Authorization Endpoint: https://dev-27knukaj2kt8jmc8.us.auth0.com/authorize
          Token Endpoint: https://dev-27knukaj2kt8jmc8.us.auth0.com/oauth/token
          JSON Web Key Set Endpoint: https://dev-27knukaj2kt8jmc8.us.auth...nown/jwks.json

          Where dev-27knukaj2kt8jmc8.us.auth0.com is Domain from screenshot.​​
        3. ​Create Users:

          Click image for larger version Name: download.png Views: 0 Size: 95.2 KB ID: 97753
        Last edited by lazovic; 09-22-2023, 07:03 AM.

        Comment

        • #5
          Hi lazovic, thank for taking the time to help me here. Just knowing that AuthO can work with Espo is pointing me in a better direction.

          I've followed your instructions above, but when I try to login in under a created user, I get a URI error (see attached screenshot).


          I've tried changing the redirect URI from espo to HTTPS but still no luck. Any ideas? Thanks again for your help!
          1 Photo

          Comment

          • #6
            harrytruman,

            The Authorization Redirect URl value must be exactly the same as specified in the Administration > Authentication > OIDC of your instance:

            Click image for larger version Name: image.png Views: 311 Size: 6.7 KB ID: 97789

            Comment

            • #7
              Hi lazovic, I finally changed the site URL in Espo settings to https://... This changed the redirect URI in the authentication settings to https and now everything is working.


              When I log in under a new user I created in authO (that matches a user already in Espo), it ends up creating a new user in Espo with a user name that looks like this: auth0_650d9b575f279857b1080ff3


              I'm having trouble understanding how to map scopes (like e-mail, username, etc.) from Espo to authO. What's the easiest way to upload current users in Espo to authO? Thanks again for all your help. I've wasted so much time trying to figure out SSO this week. You finally got me over the hump!
              • Likes 1

              Comment

              • #8
                Hi lazovic the https URL fix from above works in authentik too. I'm still having the same issue with matching users from authentik to espocrm. Just like, authO, authentik creates a new user in espo instead of matching to existing user. In authO, have you found a workable way to export user details from Espo and import them into authO? Thanks again for your help! I feel so much better now making forward progress.

                Comment

                • #9
                  Originally posted by harrytruman View Post
                  Hi lazovic the https URL fix from above works in authentik too. I'm still having the same issue with matching users from authentik to espocrm. Just like, authO, authentik creates a new user in espo instead of matching to existing user. In authO, have you found a workable way to export user details from Espo and import them into authO? Thanks again for your help! I feel so much better now making forward progress.
                  Have you found a fix to this? Struggling with the same issue mapping authentik user to Espo user.
                  I feel it has something to do with "Username claim" but can't find much info on what can be entered into this field other than the default "sub"
                  Last edited by MRobi1; 07-01-2024, 01:59 PM.

                  Comment

                  Previous template Next
                  Working...
                  X