authentik/website/integrations/services/engomo/index.md

3.5 KiB

title sidebar_label
Integrate with engomo engomo

engomo

Support level: Community

What is engomo

engomo is an low-code app development platform to create enterprise apps for smartphones and tablets based on Android, iOS, or iPadOS. -- https://engomo.com/

This guide explains how to set up engomo to use authentik as the OAuth provider for the application login on the smartphone/tablet and login to the admin WebGUI (composer).

Preparation

The following placeholders will be used:

  • engomo.company is the FQDN of the engomo install.
  • authentik.company is the FQDN of the authentik install.
  • engomo.mapping is the name of the Scope Mapping.
  • ak.cert is the self-signed certificate that will be used for the service provider.

authentik configuration

In authentik, create a new scope mapping. To do so, log in and navigate to the Admin interface, then go to Customization --> Property Mapping and click Create.

  • engomo.mapping is the value of the Mapping's name.
  • profile is the value for the Scope name.
  • return {"preferred_username": request.user.email} is the value for the Expression.

Create an application and an OAuth2/OpenID provider in authentik. Use the following parameters for the OAuth2/OpenID provider:

Provider:

  • Name: SP-engomo
  • Client type: Public
  • Redirect URIs/Origins (RegEx): https://engomo.company/auth and com.engomo.engomo://callback/
  • Signing Key: ak.cert
  • Scopes: authentik default OAuth Mapping: OpenID 'email', 'offline_access', OpenID 'openid' and engomo.mapping

[!IMPORTANT] Redirect URIs => write the values line by line.

Leave the rest as default values. The durations can be changed as needed.

Application:

  • Name: engomo
  • Slug: engomo
  • Launch URL: https://engomo.company/

engomo configuration

Navigate to https://engomo.company/composer and log in with your admin credentials.

  • Select Server.
  • Select Authentication.
  • Add a new authentication method by clicking on the plus icon on the right.
  • Name: authentik
  • Type: OpenID Connect
  • Click Create.
  • Set the Issuer to the authentik FQDN https://authentik.company/application/o/engomo.
  • Set the Client ID to the Client ID from the SP-engomo provider that you created in authentik.
  • Set the Client Secret to the Client Secret from the SP-engomo provider that you created in authentik.

Leave the rest as default.

engomo user creation

engomo doesn't create users automatically when signing in. So you have to do it manually right now. Navigate to https://engomo.company/composer and log in with your admin credentials.

  • Select Users & Devices.
  • Click the plus button next in the Users section.
  • Select authentik as the Authenticator in the dropdown.
  • Create your user by typing in the email as the Username used in authentik.

At this point you are done.

Test the login

  • Open a browser of your choice and open the URL https://engomo.company.
  • Enter the created user's email address and click the small arrow icon to log in.
  • You should be redirected to authentik (with the login flows you created) and then authentik should redirect you back to https://engomo.company/composer URL.
  • If you are redirected back to the https://engomo.company/composer URL you did everything correct.

[!IMPORTANT] The created user will only have access to the app or composer page if you granted the permission to the user of course.