Have you found a fix to this? Struggling with the same issue mapping authentik user to Espo user.
I feel it has something to do with "Username claim" but can't find much info on what can be entered into this field other than the default "sub"
-
Hi lazovic the https URL fix from above works in authentik too. I'm still having the same issue with matching users from authentik to espocrm. Just like, authO, authentik creates a new user in espo instead of matching to existing user. In authO, have you found a workable way to export user details from Espo and import them into authO? Thanks again for your help! I feel so much better now making forward progress.Leave a comment:
-
Hi lazovic, I finally changed the site URL in Espo settings to https://... This changed the redirect URI in the authentication settings to https and now everything is working.
When I log in under a new user I created in authO (that matches a user already in Espo), it ends up creating a new user in Espo with a user name that looks like this: auth0_650d9b575f279857b1080ff3
I'm having trouble understanding how to map scopes (like e-mail, username, etc.) from Espo to authO. What's the easiest way to upload current users in Espo to authO? Thanks again for all your help. I've wasted so much time trying to figure out SSO this week. You finally got me over the hump!Leave a comment:
-
harrytruman,
The Authorization Redirect URl value must be exactly the same as specified in the Administration > Authentication > OIDC of your instance:
Leave a comment:
-
Hi lazovic, thank for taking the time to help me here. Just knowing that AuthO can work with Espo is pointing me in a better direction.
I've followed your instructions above, but when I try to login in under a created user, I get a URI error (see attached screenshot).
I've tried changing the redirect URI from espo to HTTPS but still no luck. Any ideas? Thanks again for your help!Leave a comment:
-
Hi harrytruman,
I have not tried to configure OIDC on Authentik to work with EspoCRM, but I have successfully done this several times with the Auth0 service using the following instructions (this, of course, is not open source identity provider, but it can also work):- Create Application with Native type on Auth0.
- In your instance (Administration > Authentication > OIDC) fill up Client ID and Client Secret fields with these values:
Also:
Authorization Endpoint: https://dev-27knukaj2kt8jmc8.us.auth0.com/authorize
Token Endpoint: https://dev-27knukaj2kt8jmc8.us.auth0.com/oauth/token
JSON Web Key Set Endpoint: https://dev-27knukaj2kt8jmc8.us.auth...nown/jwks.json
Where dev-27knukaj2kt8jmc8.us.auth0.com is Domain from screenshot. - Create Users:
Last edited by lazovic; 09-22-2023, 07:03 AM.Leave a comment:
-
Hi Vadym,
Thanks for responding. I have configured Authentik as OIDC in Espo. Also tried clearing history and private browser tap to login. No luck. Is there an open source identity provider you have used? I'll try anything else if it's been demonstrated to work with Espo. Actually, I'll even pay for Microsoft or AWS if any will work. Thanks!Leave a comment:
-
Hi harrytruman,
Do you configured Authentik as OIDC in EspoCRM?
If yes, open EspoCRM in Private mode and try to log in.
https://devcrm.it/how-to-connect-espocrm-to-authentik-oidc/Leave a comment:
-
Configure Authentik for EspoCRM
Hi Everyone,
I'm having some difficultly using Authentik. I followed the instructions per this article: Configure Authentik for EspoCRM from dev4CRM
When I try to login with a user created in Authentik (and matching the credentials of a current EspoCRM user) I get a "not found error" (see attached screenshot).
Anyone have experience with Authentik? Would really appreciate some recommendations. Thanks!!
Leave a comment: