authentik/website/integrations/services/engomo/index.mdx

---
title: Integrate with engomo
sidebar_label: engomo
support_level: community
---

## What is engomo

> engomo is an low-code app development platform to create enterprise apps for smartphones and tablets based on Android, iOS, or iPadOS.
>
> -- https://engomo.com/
>
> This guide explains how to set up engomo to use authentik as the OAuth provider for the application login on the smartphone/tablet and login to the admin WebGUI (composer).

## Preparation

The following placeholders are used in this guide:

- `engomo.company` is the FQDN of the engomo installation.
- `authentik.company` is the FQDN of the authentik installation.
- `engomo.mapping` is the name of the Scope Mapping.

:::note
This documentation lists only the settings that you need to change from their default values. Be aware that any changes other than those explicitly mentioned in this guide could cause issues accessing your application.
:::

## authentik configuration

In authentik, create a new scope mapping. To do so, log in and navigate to the Admin interface, then go to **Customization --> Property Mapping** and click **Create**.

- `engomo.mapping` is the value of the Mapping's name.
- `profile` is the value for the Scope name.
- `return {"preferred_username": request.user.email}` is the value for the Expression.

[Create](https://docs.goauthentik.io/docs/add-secure-apps/applications/manage_apps#add-new-applications) an OAuth2/OpenID provider and an application in authentik. Use the following parameters for the OAuth2/OpenID provider:

1. In the authentik Admin interface, navigate to **Applications** -> **Applications**.
2. Use the wizard to create a new application and provider. During this process:
    - Note the **Client ID**, **Client Secret**, and **slug** values for later use.
    - Select implicit or explicit authorization flow as desired.
    - Set Client type to `Public`.
    - Set the redirect URI to <kbd>https://<em>engomo.company</em>/auth</kbd> and <kbd>com.engomo.engomo://callback/</kbd>.
    - Select any available signing key.
    - Add the `engomo.mapping` scope in addition to the default values.

:::note
Redirect URIs => write the values line by line.
:::

## engomo configuration

Navigate to <kbd>https://<em>engomo.company</em>/composer</kbd> and log in with your admin credentials.

1. Select **Server**.
2. Select **Authentication**.
3. Add a new authentication method by clicking on the plus icon on the right.
4. Name: `authentik`
5. Type: **OpenID Connect**
6. Click **Create**.
7. Configure the following values using information from the authentik provider:
    - Set **Issuer** to <kbd>https://<em>authentik.company</em>/application/o/<em>engomo</em></kbd>.
    - Set **Client ID** to the Client ID copied from authentik.
    - Set **Client secret** to the Client Secret copied from authentik.

## engomo user creation

engomo doesn't create users automatically when signing in. So you have to do it manually right now.
Navigate to <kbd>https://<em>engomo.company</em>/composer</kbd> and log in with your admin credentials.

- Select **Users & Devices**.
- Click the plus button in the Users section.
- Choose `authentik` from the Authenticator dropdown.
- Create your user by entering the email address as the username. This email must match the one used for the user in authentik.

## Test the login

- Open a browser of your choice and open the URL <kbd>https://<em>engomo.company</em></kbd>.
- Enter the created user's email address and click the small arrow icon to log in.
- You should be redirected to authentik (with the login flows you created) and then authentik should redirect you back to <kbd>https://<em>engomo.company</em>/composer</kbd> URL.
- If you are redirected back to the <kbd>https://<em>engomo.company</em>/composer</kbd> URL you did everything correct.

:::note
The created user will only have access to the app or composer page if they have been granted the necessary permissions.
:::