Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

website/integrations: add espoCRM #11622

Open
wants to merge 10 commits into
base: main
Choose a base branch
from
69 changes: 69 additions & 0 deletions website/integrations/services/espoCRM/index.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
---
title: Integrate with espoCRM
Masked-Kunsiquat marked this conversation as resolved.
Show resolved Hide resolved
sidebar_label: espoCRM
Masked-Kunsiquat marked this conversation as resolved.
Show resolved Hide resolved
---

# espoCRM
Masked-Kunsiquat marked this conversation as resolved.
Show resolved Hide resolved

<span class="badge badge--secondary">Support level: Community</span>

## What is espoCRM?
Masked-Kunsiquat marked this conversation as resolved.
Show resolved Hide resolved

> EspoCRM is a web application that allows users to see, enter and evaluate all your company relationships regardless of the type. People, companies, projects or opportunities — all in an easy and intuitive interface.
Masked-Kunsiquat marked this conversation as resolved.
Show resolved Hide resolved
>
> -- https://www.espocrm.com/

:::warning
This guide does _not_ cover Team Mapping. Please refer to espoCRM's [documentation](https://docs.espocrm.com/administration/oidc/#team-mapping).
:::

## Preparation

The following placeholders will be used:

- `crm.company` is the FQDN of the espoCRM install.
- `authentik.company` is the FQDN of the authentik install.
- `_SLUG_` is the slug you choose upon application create in authentik.

Masked-Kunsiquat marked this conversation as resolved.
Show resolved Hide resolved
Create an application in authentik and note the slug you choose, as this will be used later (`_SLUG_`).
In the Admin Interface, go to **Applications** -> **Providers**. Create a **OAuth2/OpenID** provider with the following parameters:

Masked-Kunsiquat marked this conversation as resolved.
Show resolved Hide resolved
- **Authorization Flow**: `default-provider-authorization-explicit-consent (Authorize Application)`
- **Client Type**: `Confidential`
- **Redirect URIs/Origins**: `https://_crm.company_/oauth-callback.php`
- **Scopes**: OpenID, Email, Profile, Proxy outpost
- **Subject Mode**: `Based on the User's username` (**OR** your preferred method; I personally use the same username in authentik and espoCRM)
Masked-Kunsiquat marked this conversation as resolved.
Show resolved Hide resolved
- **Signing Key**: Select any available key

Note the `Client ID` and `Client Secret` values.

## espoCRM configuration
Masked-Kunsiquat marked this conversation as resolved.
Show resolved Hide resolved
### Access the OIDC auth
1. Login to your admin user at `crm.company`.

2. In EspoCRM at Administration > Authentication, select the OIDC method. Below, on the same form, a OIDC panel will appear.

### Configure the OIDC auth
1. Configure the following variables:
- **Client ID**: enter the `Client ID` from authentik
- **Client Secret**: enter the `Client Secret` from authentik
- **Authorization Redirect URI**: `https://_crm.company_/oauth-callback.php`
- **Fallback Login**: _Select this option if you want espoCRM's login as fallback._
Masked-Kunsiquat marked this conversation as resolved.
Show resolved Hide resolved
- **Allow OIDC login for admin users**: _Select this option if you want espoCRM's admin users to be able to log in via OIDC._
Masked-Kunsiquat marked this conversation as resolved.
Show resolved Hide resolved

_The following values I listed as slugs for clarity. I included an example for the first variable.
Masked-Kunsiquat marked this conversation as resolved.
Show resolved Hide resolved
The full URLs can also be found on the provider's page in authentik's UI._
Masked-Kunsiquat marked this conversation as resolved.
Show resolved Hide resolved

- **Authorization Endpoint**: `/application/o/authorize/`
- (e.g. `https://_crm.company_/application/o/authorize/`)
- **Token Endpoint**: `/application/o/token/`
- **JSON Web Key Set Endpoint**: `/application/o/_SLUG_/jwks/`
- **Logout URL**: `application/o/_SLUG_/end-session/`

### Confirm the configuration
Masked-Kunsiquat marked this conversation as resolved.
Show resolved Hide resolved
1. Select the `Save` option.

2. Access `crm.company` in a private browser, and select `Sign In.`
Masked-Kunsiquat marked this conversation as resolved.
Show resolved Hide resolved
- You will be presented with your authentik log-in screen.

- Enter your credentials to proceed to espoCRM!
1 change: 1 addition & 0 deletions website/sidebarsIntegrations.js
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ module.exports = {
items: [
"services/bookstack/index",
"services/dokuwiki/index",
"services/espocrm/index",
Masked-Kunsiquat marked this conversation as resolved.
Show resolved Hide resolved
"services/hedgedoc/index",
"services/kimai/index",
"services/mastodon/index",
Expand Down