3.3 KiB
title | sidebar_label |
---|---|
Integrate with EspoCRM | EspoCRM |
EspoCRM
Support level: Community
What is EspoCRM?
EspoCRM is a CRM (customer relationship management) web application that allows users to store, visualize, and analyze their company's business-related relationships such as opportunities, people, businesses, and projects.
:::warning This guide does not cover Team Mapping. Please refer to EspoCRM's documentation. :::
Preparation
The following placeholders will be used:
crm.<your_company>
is the FQDN of the EspoCRM install.authentik.<your_company>
is the FQDN of the authentik install._SLUG_
is the slug you choose upon application create in authentik.
authentik configuration
- Log into authentik as an admin, and navigate to Applications --> Applications.
- Click Create with Wizard.
:::info Alternatively, use our legacy process and click Create. The legacy process requires that the application and its configuration provider be configured separately. :::
- In the New Application wizard, define the application details, and then define the provider details with the following parameters:
-
Provider Type:
OAuth2/OIDC (Open Authorization/OpenID Connect)
-
Authorization Flow:
default-provider-authorization-explicit-consent (Authorize Application)
-
Client Type:
Confidential
-
Redirect URIs/Origins:
https://crm.<your_company>/oauth-callback.php
-
Scopes: OpenID, Email, Profile, Proxy outpost
-
Subject Mode:
Based on the User's username
(OR your preferred method; you can use the same username in authentik and EspoCRM) -
Signing Key: Select any available key
Note the Client ID
and Client Secret
values.
EspoCRM configuration
Access the OIDC auth
-
Login to your admin user at
crm.<your_company>
. -
In EspoCRM at Administration > Authentication, select the OIDC method. Below, on the same form, a OIDC panel will appear.
Configure the OIDC auth
- Configure the following variables:
-
Client ID: enter the
Client ID
from authentik -
Client Secret: enter the
Client Secret
from authentik -
Authorization Redirect URI:
https://crm.<your_company>/oauth-callback.php
-
Fallback Login: Select this option if you want EspoCRM's login as fallback.
-
Allow OIDC login for admin users: Select this option if you want EspoCRM's admin users to be able to log in via OIDC.
The following values are listed as slugs for clarity. An example for the first variable is included.
You can also view the full URLs on the provider's page in authentik's Admin interface.
-
Authorization Endpoint:
/application/o/authorize/
- (e.g.
https://crm.<your_company>/application/o/authorize/
)
- (e.g.
-
Token Endpoint:
/application/o/token/
-
JSON Web Key Set Endpoint:
/application/o/_SLUG_/jwks/
-
Logout URL:
application/o/_SLUG_/end-session/
Confirm the configuration
-
Select the
Save
option. -
Access your EspoCRM instance (e.g.
crm.<your_company>
) in a private browser, and selectSign In.
-
You will be presented with your authentik log-in screen.
-
Enter your authentik credentials to proceed to EspoCRM!