Skip to main content

Integrate with engomo

Support level: Community

What is engomo

engomo is an low-code app development platform to create enterprise apps for smartphones and tablets based on Android, iOS, or iPadOS.

-- https://engomo.com/

This guide explains how to set up engomo to use authentik as the OAuth provider for the application login on the smartphone/tablet and login to the admin WebGUI (composer).

Preparation

The following placeholders are used in this guide:

  • engomo.company is the FQDN of the engomo installation.
  • authentik.company is the FQDN of the authentik installation.
note

This documentation lists only the settings that you need to change from their default values. Be aware that any changes other than those explicitly mentioned in this guide could cause issues accessing your application.

authentik configuration

To support the integration of Engomo with authentik, you need to create an application/provider pair in authentik.

Create property mappings

  1. Log in to authentik as an admin, and open the authentik Admin interface.
  2. Navigate to Customization > Property Mappings and click Create. Create a Scope Mapping with the following settings:
    • Name: Set an appropriate name.
    • Scope Name: profile
    • Description: Set an appropriate description, if desired.
    • Expression: return {"preferred_username": request.user.email}

Create an application and provider in authentik

  1. Log in to authentik as an admin, and open the authentik Admin interface.
  2. Navigate to Applications > Applications and click Create with Provider to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
  • Application: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
  • Choose a Provider type: select OAuth2/OpenID Connect as the provider type.
  • Configure the Provider: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
    • Note the Client ID and slug values because they will be required later.
    • Set the Client type to Public.
    • Add two Strict redirect URIs and set them to https://engomo.company/auth and com.engomo.engomo://callback/.
    • Select any available signing key.
    • Under Advanced Protocol Settings, add the scope you just created to the list of available scopes.
  • Configure Bindings (optional): you can create a binding (policy, group, or user) to manage the listing and access to applications on a user's My applications page.
  1. Click Submit to save the new application and provider.

engomo configuration

Navigate to https://engomo.company/composer and log in with your admin credentials.

  1. Select Server.
  2. Select Authentication.
  3. Add a new authentication method by clicking on the plus icon on the right.
  4. Name: authentik
  5. Type: OpenID Connect
  6. Click Create.
  7. Configure the following values using information from the authentik provider:
    • Set Issuer to https://authentik.company/application/o/engomo.
    • Set Client ID to the Client ID copied from authentik.
    • Set Client secret to the Client Secret copied from authentik.

engomo user creation

engomo doesn't create users automatically when signing in. So you have to do it manually right now. Navigate to https://engomo.company/composer and log in with your admin credentials.

  • Select Users & Devices.
  • Click the plus button in the Users section.
  • Choose authentik from the Authenticator dropdown.
  • Create your user by entering the email address as the username. This email must match the one used for the user in authentik.

Test the login

  • Open a browser of your choice and open the URL https://engomo.company.
  • Enter the created user's email address and click the small arrow icon to log in.
  • You should be redirected to authentik (with the login flows you created) and then authentik should redirect you back to https://engomo.company/composer URL.
  • If you are redirected back to the https://engomo.company/composer URL you did everything correct.
note

The created user will only have access to the app or composer page if they have been granted the necessary permissions.