-
-
Notifications
You must be signed in to change notification settings - Fork 946
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
website/integrations: add engomo #10538
Changes from all commits
5498ea1
a3d5164
96e13d3
e432e8a
0000434
a33f721
9597792
07e0705
cb11886
cc14b39
978089b
c768a6b
0dcc6d4
99761b8
39e7d28
ac5bbc9
565569c
eba5920
6acf11a
2da3ea0
5d14fb8
53d6f93
44c2eb3
95b6ab9
be74949
546a3a0
215d577
bd514aa
f73e638
be672cd
b15f154
6dce4ed
7c09cd3
7d7e6b8
225df39
29e5366
50a026c
02a4726
365c900
f6e5f6b
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,88 @@ | ||
--- | ||
title: engomo | ||
--- | ||
|
||
<span class="badge badge--secondary">Support level: Community</span> | ||
|
||
## What is engomo | ||
|
||
> engomo is an low-code app development platform to create enterprise apps for smartphones and tablets based on Android, iOS, or iPadOS. | ||
> -- https://engomo.com/ | ||
> | ||
> This guide explains how to set up engomo to use authentik as the OAuth provider for the application login on the smartphone/tablet and login to the admin WebGUI (composer). | ||
|
||
## Preparation | ||
|
||
The following placeholders will be used: | ||
|
||
- `engomo.company` is the FQDN of the engomo install. | ||
- `authentik.company` is the FQDN of the authentik install. | ||
- `engomo.mapping` is the name of the Scope Mapping. | ||
- `ak.cert` is the self-signed certificate that will be used for the service provider. | ||
|
||
## authentik configuration | ||
|
||
In authentik, create a new scope mapping. To do so, log in and navigate to the Admin interface, then go to **Customization --> Property Mapping** and click **Create**. | ||
|
||
- `engomo.mapping` is the value of the Mapping's name. | ||
- `profile` is the value for the Scope name. | ||
- `return {"preferred_username": request.user.email}` is the value for the Expression. | ||
|
||
Create an application and an OAuth2/OpenID provider in authentik. Use the following parameters for the OAuth2/OpenID provider: | ||
|
||
**Provider:** | ||
|
||
- Name: `SP-engomo` | ||
- Client type: `Public` | ||
- Redirect URIs/Origins (RegEx): `https://engomo.company/auth` and `com.engomo.engomo://callback/` | ||
- Signing Key: `ak.cert` | ||
- Scopes: `authentik default OAuth Mapping: OpenID 'email', 'offline_access', OpenID 'openid'` and `engomo.mapping` | ||
|
||
> [!IMPORTANT] | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. not sure this is needed There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. What do you mean? The Scopes? We struggled in my company with a huge firewalling company that provides IDP as well (that we have at work). There we figured out that their IDP isn't using any standard scopes. You always have to add them one by one and only all 4 of them did work. The I also got in contact with the dev/support guys of engomo. They told me exactly what their application needs. EDIT: cert is needed. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. When looking at review comments look at the line before the comment starts. in this case it would be the IMPORTANT and that block. I was saying that i'm not sure the block is needed as it can be guessed and the notice is not present in other integration pages. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. And since this block is mentioned, could you comma separate each of the scopes as "authentik default oauth mapping" is quite repetitive There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
so I comma seperated now and remove the "note line" ok? |
||
> Redirect URIs => write the values line by line. | ||
|
||
Leave the rest as default values. The durations can be changed as needed. | ||
|
||
**Application:** | ||
|
||
- Name: `engomo` | ||
- Slug: `engomo` | ||
- Launch URL: `https://engomo.company/` | ||
|
||
## engomo configuration | ||
|
||
Navigate to `https://engomo.company/composer` and log in with your admin credentials. | ||
|
||
- Select `Server`. | ||
- Select `Authentication`. | ||
- Add a new authentication method by clicking on the plus icon on the right. | ||
- Name: `authentik` | ||
- Type: `OpenID Connect` | ||
- Click **Create**. | ||
- Set the `Issuer` to the authentik FQDN `https://authentik.company/application/o/engomo`. | ||
- Set the `Client ID` to the Client ID from the SP-engomo provider that you created in authentik. | ||
- Set the `Client Secret` to the Client Secret from the SP-engomo provider that you created in authentik. | ||
|
||
Leave the rest as default. | ||
|
||
## engomo user creation | ||
|
||
engomo doesn't create users automatically when signing in. So you have to do it manually right now. | ||
Navigate to `https://engomo.company/composer` and log in with your admin credentials. | ||
|
||
- Select `Users & Devices`. | ||
- Click the plus button next in the Users section. | ||
- Select `authentik` as the Authenticator in the dropdown. | ||
- Create your user by typing in the email as the Username used in authentik. | ||
|
||
At this point you are done. | ||
|
||
## Test the login | ||
|
||
- Open a browser of your choice and open the URL `https://engomo.company`. | ||
- Enter the created user's email address and click the small arrow icon to log in. | ||
- You should be redirected to authentik (with the login flows you created) and then authentik should redirect you back to `https://engomo.company/composer` URL. | ||
- If you are redirected back to the `https://engomo.company/composer` URL you did everything correct. | ||
|
||
> [!IMPORTANT] | ||
> The created user will only have access to the app or composer page if you granted the permission to the user of course. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Don't know how/what to do with this. Do you mean the name? I can use anything more "standardized" if you want. All my SP's got the
SP-
in front of the apps name.