espocrm icon indicating copy to clipboard operation
espocrm copied to clipboard
verified publisher icon espocrm

Add OIDC client login (and/or relay) to espocrm

Open beppe9000 opened this issue 5 years ago • 6 comments

That would be great for people who primarily manage employee accounts with espocrm

beppe9000 avatar Sep 12 '20 21:09 beppe9000

Implementing an idP is a lot of work, specially if you plan on doing it securely. EspoCRM is not even an HRM. Note that an idP is not only "employee accounts", you need to manage client keys (apps), scopes, roles, mappings, ...

If you are in the need of a centralised authentication / authorization management you ought to check, maybe, Keycloak or other solutions like it. Keycloak is quite feature complete.

A far more reasonable issue would be to ask for OIDC client authentication, so your CRM could authenticate with a proper idP like GSuite, Keycloak, etc.

telenieko avatar Oct 22 '20 13:10 telenieko

do you know any self-hosted app for idP ?

beppe9000 avatar Oct 22 '20 17:10 beppe9000

Keycloak project. Open Source, self hosted and quite powerful

On Thu, Oct 22, 2020, 19:35 beppe9000 [email protected] wrote:

do you know any self-hosted app for this ?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/espocrm/espocrm/issues/1784#issuecomment-714648671, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAACSCLPAULDL4AXM2ERNJ3SMBUNLANCNFSM4RJ67GZA .

telenieko avatar Oct 23 '20 06:10 telenieko

oh perfect i didn't realize, thanks.

beppe9000 avatar Oct 23 '20 12:10 beppe9000

Can we use Keyclock in EspoCRM?

bhavyaWadhwa avatar Sep 24 '21 17:09 bhavyaWadhwa

Interested in it as well

Enviado utilizando um Galaxy S10...

Em sex., 24 de set. de 2021 14:32, bhavyaWadhwa @.***> escreveu:

Can we use Keyclock in EspoCRM?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/espocrm/espocrm/issues/1784#issuecomment-926803464, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABUXTGV4N6MLHFBMMKISARLUDSY2BANCNFSM4RJ67GZA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

rodrigoscoelho avatar Sep 25 '21 00:09 rodrigoscoelho

Bump. OIDC Authentication via Keycloak, Google, etc. would be really good to have. LDAP is legacy IMHO and Espo is one of the few tools in a set that we're considering, which doesn't support OIDC. Is there possibly a way to make a plug-in out of it?

Dan6erbond avatar Aug 15 '22 08:08 Dan6erbond

OIDC authentication is planned.

Espo as ID Provider is not planned, as it would really require a lot of effort to implement the specification. Maybe in the future when we will have more resources.

yurikuzn avatar Sep 27 '22 15:09 yurikuzn