Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

website/integrations: add engomo #10538

Merged
merged 40 commits into from
Jul 28, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
40 commits
Select commit Hold shift + click to select a range
5498ea1
First try on documentation for engomo :)
nicedevil007 Jul 17, 2024
a3d5164
index.md aktualisieren
nicedevil007 Jul 18, 2024
96e13d3
index.md aktualisieren
nicedevil007 Jul 18, 2024
e432e8a
index.md aktualisieren
nicedevil007 Jul 18, 2024
0000434
index.md aktualisieren
nicedevil007 Jul 18, 2024
a33f721
index.md aktualisieren
nicedevil007 Jul 18, 2024
9597792
index.md aktualisieren
nicedevil007 Jul 18, 2024
07e0705
index.md aktualisieren
nicedevil007 Jul 18, 2024
cb11886
index.md aktualisieren
nicedevil007 Jul 18, 2024
cc14b39
index.md aktualisieren
nicedevil007 Jul 18, 2024
978089b
index.md aktualisieren
nicedevil007 Jul 18, 2024
c768a6b
index.md aktualisieren
nicedevil007 Jul 18, 2024
0dcc6d4
index.md aktualisieren
nicedevil007 Jul 18, 2024
99761b8
index.md aktualisieren
nicedevil007 Jul 18, 2024
39e7d28
index.md aktualisieren
nicedevil007 Jul 18, 2024
ac5bbc9
index.md aktualisieren
nicedevil007 Jul 18, 2024
565569c
index.md aktualisieren
nicedevil007 Jul 18, 2024
eba5920
Merge branch 'goauthentik:main' into nicedevil007-patch-1
nicedevil007 Jul 18, 2024
6acf11a
Update index.md
nicedevil007 Jul 18, 2024
2da3ea0
condensed scopes and redirect URIs
nicedevil007 Jul 18, 2024
5d14fb8
testing added
nicedevil007 Jul 18, 2024
53d6f93
added engomo
nicedevil007 Jul 18, 2024
44c2eb3
test with prettier?
nicedevil007 Jul 18, 2024
95b6ab9
Revert "test with prettier?"
nicedevil007 Jul 18, 2024
be74949
index.md aktualisieren
nicedevil007 Jul 19, 2024
546a3a0
index.md aktualisieren
nicedevil007 Jul 19, 2024
215d577
Update website/integrations/services/engomo/index.md
nicedevil007 Jul 21, 2024
bd514aa
Update website/integrations/services/engomo/index.md
nicedevil007 Jul 21, 2024
f73e638
Update website/integrations/services/engomo/index.md
nicedevil007 Jul 21, 2024
be672cd
Update website/integrations/services/engomo/index.md
nicedevil007 Jul 21, 2024
b15f154
Update website/integrations/services/engomo/index.md
nicedevil007 Jul 21, 2024
6dce4ed
Update website/integrations/services/engomo/index.md
nicedevil007 Jul 21, 2024
7c09cd3
Update website/integrations/services/engomo/index.md
nicedevil007 Jul 21, 2024
7d7e6b8
Update website/integrations/services/engomo/index.md
nicedevil007 Jul 21, 2024
225df39
tanberry's descriptions added :)
nicedevil007 Jul 21, 2024
29e5366
engomo is always lower case
nicedevil007 Jul 21, 2024
50a026c
suggestions from @4d62
nicedevil007 Jul 22, 2024
02a4726
bold headings
nicedevil007 Jul 22, 2024
365c900
Update website/integrations/services/engomo/index.md
nicedevil007 Jul 22, 2024
f6e5f6b
p
Jul 27, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
88 changes: 88 additions & 0 deletions website/integrations/services/engomo/index.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
---
title: engomo
---

<span class="badge badge--secondary">Support level: Community</span>

## What is engomo

> engomo is an low-code app development platform to create enterprise apps for smartphones and tablets based on Android, iOS, or iPadOS.
> -- https://engomo.com/
>
> This guide explains how to set up engomo to use authentik as the OAuth provider for the application login on the smartphone/tablet and login to the admin WebGUI (composer).

## Preparation

The following placeholders will be used:

- `engomo.company` is the FQDN of the engomo install.
- `authentik.company` is the FQDN of the authentik install.
- `engomo.mapping` is the name of the Scope Mapping.
- `ak.cert` is the self-signed certificate that will be used for the service provider.

## authentik configuration

In authentik, create a new scope mapping. To do so, log in and navigate to the Admin interface, then go to **Customization --> Property Mapping** and click **Create**.

- `engomo.mapping` is the value of the Mapping's name.
- `profile` is the value for the Scope name.
- `return {"preferred_username": request.user.email}` is the value for the Expression.

Create an application and an OAuth2/OpenID provider in authentik. Use the following parameters for the OAuth2/OpenID provider:

**Provider:**

- Name: `SP-engomo`
- Client type: `Public`
- Redirect URIs/Origins (RegEx): `https://engomo.company/auth` and `com.engomo.engomo://callback/`
- Signing Key: `ak.cert`
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't know how/what to do with this. Do you mean the name? I can use anything more "standardized" if you want. All my SP's got the SP- in front of the apps name.

- Scopes: `authentik default OAuth Mapping: OpenID 'email', 'offline_access', OpenID 'openid'` and `engomo.mapping`

> [!IMPORTANT]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not sure this is needed

Copy link
Contributor Author

@nicedevil007 nicedevil007 Jul 21, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What do you mean? The Scopes?

We struggled in my company with a huge firewalling company that provides IDP as well (that we have at work). There we figured out that their IDP isn't using any standard scopes. You always have to add them one by one and only all 4 of them did work.

The offline_access is only needed if you need access to the app (doesn't make sense without).

I also got in contact with the dev/support guys of engomo. They told me exactly what their application needs.
What I think about right now is that we don't need the certificate... at least I guess so. Will check and report back.

EDIT: cert is needed.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When looking at review comments look at the line before the comment starts. in this case it would be the IMPORTANT and that block.

I was saying that i'm not sure the block is needed as it can be guessed and the notice is not present in other integration pages.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And since this block is mentioned, could you comma separate each of the scopes as "authentik default oauth mapping" is quite repetitive

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When looking at review comments look at the line before the comment starts. in this case it would be the IMPORTANT and that block.

I was saying that i'm not sure the block is needed as it can be guessed and the notice is not present in other integration pages.

so I comma seperated now and remove the "note line" ok?

> Redirect URIs => write the values line by line.

Leave the rest as default values. The durations can be changed as needed.

**Application:**

- Name: `engomo`
- Slug: `engomo`
- Launch URL: `https://engomo.company/`

## engomo configuration

Navigate to `https://engomo.company/composer` and log in with your admin credentials.

- Select `Server`.
- Select `Authentication`.
- Add a new authentication method by clicking on the plus icon on the right.
- Name: `authentik`
- Type: `OpenID Connect`
- Click **Create**.
- Set the `Issuer` to the authentik FQDN `https://authentik.company/application/o/engomo`.
- Set the `Client ID` to the Client ID from the SP-engomo provider that you created in authentik.
- Set the `Client Secret` to the Client Secret from the SP-engomo provider that you created in authentik.

Leave the rest as default.

## engomo user creation

engomo doesn't create users automatically when signing in. So you have to do it manually right now.
Navigate to `https://engomo.company/composer` and log in with your admin credentials.

- Select `Users & Devices`.
- Click the plus button next in the Users section.
- Select `authentik` as the Authenticator in the dropdown.
- Create your user by typing in the email as the Username used in authentik.

At this point you are done.

## Test the login

- Open a browser of your choice and open the URL `https://engomo.company`.
- Enter the created user's email address and click the small arrow icon to log in.
- You should be redirected to authentik (with the login flows you created) and then authentik should redirect you back to `https://engomo.company/composer` URL.
- If you are redirected back to the `https://engomo.company/composer` URL you did everything correct.

> [!IMPORTANT]
> The created user will only have access to the app or composer page if you granted the permission to the user of course.
1 change: 1 addition & 0 deletions website/sidebarsIntegrations.js
Original file line number Diff line number Diff line change
Expand Up @@ -118,6 +118,7 @@ module.exports = {
type: "category",
label: "Miscellaneous",
items: [
"services/engomo/index",
"services/freshrss/index",
"services/gravitee/index",
"services/home-assistant/index",
Expand Down
Loading