Agile CRM is a new breed CRM software with sales and marketing automation.
JWT implementation code examples
The single sign-on authentication process
Configuring your JWT implementation
Enabling JWT single sign-on in your Agile CRM account
Single sign-on is a mechanism that allows you to authenticate users in your systems and subsequently tell Agile CRM that the user has been authenticated. The user is then allowed to access Agile CRM without being prompted to enter separate login credentials.
At the core of single sign-on is a security mechanism that allows Agile CRM to trust the login requests it gets from your systems. Agile CRM only grants access to the users that have been authenticated by you. Agile CRM SSO relies on a technology called JSON web token (JWT) for securing the exchange of user authentication data.
The files in this repository are examples and not guaranteed to run or be correct. They should explain you how you can make Agile CRM SSO work with JWT from your stack.
Once you enable single sign-on, login requests are routed to a remote login URL (a login page that is external to your Agile CRM).
Here are the steps of the single sign-on authentication process:
-
An unauthenticated user (not already logged in) navigates to your Agile CRM URL (for example, https:// mycompany.agilecrm.com/).
-
The Agile CRM SSO mechanism recognizes that SSO is enabled and that the user is not authenticated.
-
The user is redirected to the remote login URL configured for the SSO settings (for example, https:// mycompany.com/agilecrm/sso).
-
A script on your side authenticates the user using your proprietary login process.
-
Your script builds a JWT request that contains the relevant user data.
-
You redirect the customer to the Agile CRM endpoint at https:// mycompany.agilecrm.com/access/sso with the JWT payload.
-
Agile CRM parses the user detail from the JWT payload and then grants the user a session.
As you can see, this process relies on browser redirects and passing signed messages using JWT. The redirects happen entirely in the browser and there is no direct connection between Agile CRM and your systems, so you can keep your authentication scripts safely behind your corporate firewall.
To perform SSO for a user, you need to send several required user attributes to Agile CRM as a base64-encoded hash (hash table, dictionary). Most importantly, Agile CRM requires an email address to uniquely identify the user. Beyond the required attributes, which are shown in the table below, you may optionally send additional user profile data. This data is synced between your user management system and your Agile CRM.
The JWT payload must be sent to your Agile CRM domain using the https protocol. Example: https://mycompany.agilecrm.com/sso/jwt?jwt={payload}
| Attribute | Mandatory | Description |
|---|---|---|
| yes | Email of the user being signed in, used to uniquely identify the user record in Agile CRM. | |
| name | yes | The name of this user. The user in Agile CRM will be created or updated in accordance with this. Name is case sensitive |
- If Agile CRM encounters an error while processing a JWT login request, it will report a message that explains what the issue is at the page https://mycompany.agilecrm.com/login/normal. Either you can login from here or correct the payload and try again SSO.
- Click on Admin Settings Preferences tabs.
- Click on Single Sign-On tab
- Enter Remote Login URL, the url where Agile CRM SSO will redirect once SSO enable.
- Submit form and hence SSO is enable.
- You can desable SSO by deleting above configuration.
https://mycompany.agilecrm.com/login/normal is the alternative URL to login to Agile CRM in case SSO settings is not working from user end.