website/integrations: Zammad instructions (#4644)

* add zammad Signed-off-by: Tealk <tealk@rollenspiel.monster> * some improvements Signed-off-by: Tealk <tealk@rollenspiel.monster> * add navi-item Signed-off-by: Tealk <tealk@rollenspiel.monster> * fix mappings Signed-off-by: Tealk <tealk@rollenspiel.monster> * typo Signed-off-by: Tealk <tealk@rollenspiel.monster> * personalized link removed Signed-off-by: Tealk <tealk@rollenspiel.monster> * replace inventory placeholder & fix SAML Signed-off-by: Tealk <tealk@rollenspiel.monster> * Replace placeholder Signed-off-by: Tealk <tealk@rollenspiel.monster> * text improvement Signed-off-by: Tealk <tealk@rollenspiel.monster> --------- Signed-off-by: Tealk <tealk@rollenspiel.monster>
2023-02-22 17:55:32 +01:00 · 2023-02-22 17:55:32 +01:00 · 7503b32c74
parent 383b6a38ba
commit 7503b32c74
2 changed files with 76 additions and 0 deletions
--- a/website/integrations/services/zammad/index.md
+++ b/website/integrations/services/zammad/index.md
@ -0,0 +1,75 @@
+---
+title: Zammad
+---
+
+<span class="badge badge--secondary">Support level: Community</span>
+
+## What is Zammad
+
+From https://zammad.org/
+:::note
+Zammad is a web-based, open source user support/ticketing solution.
+Download and install it on your own servers. For free.
+:::
+
+## Preparation
+
+The following placeholders will be used:
+
+-   `zammad.company` is the FQDN of the zammad install.
+-   `authentik.company` is the FQDN of the authentik install.
+
+## authentik Configuration
+
+### Step 1 - Property Mappings
+
+Create two Mappings (under _Customisation/Property Mappings_) with these settings:
+
+#### name mapping
+
+-   Name: Zammad SAML Mapping: name
+-   SAML Attribute Name: name
+-   Friendly Name: none
+-   Expression: `return request.user.name`
+
+#### email mapping
+
+-   Name: Zammad SAML Mapping: email
+-   SAML Attribute Name: email
+-   Friendly Name: none
+-   Expression: `return request.user.email`
+
+### Step 2 - SAML Provider
+
+In authentik, create a SAML Provider (under _Applications/Providers_) with these settings :
+
+-   Name : zammad
+-   ACS URL: `https://zammad.company/auth/saml/callback`
+-   Issuer: `https://zammad.company/auth/saml/metadata`
+-   Service Provider Binding: Post
+-   Audience: https://zammad.company/auth/saml/metadata
+-   Property mappings: Zammad SAML Mapping: name & Zammad SAML Mapping: email
+-   NameID Property Mapping: Zammad SAML Mapping: name
+
+### Step 3 - Application
+
+In authentik, create an application (under _Resources/Applications_) with these settings :
+
+-   Name: Zammad
+-   Slug: zammad
+-   Provider: zammad
+
+## zammad Setup
+
+Configure Zammad SAML settings by going to settings (the gear icon), and selecting `Security -> Third-party Applications` and activiate `Authentication via SAML` and change the following fields:
+
+-   Display name: authentik
+-   IDP SSO target URL: https://authentik.company/application/saml/ticketsystem-seatable/sso/binding/init/
+-   IDP certificate: ----BEGIN CERTIFICATE---- …
+-   IDP certificate fingerprint: empty
+-   Name Identifier Format: empty
+
+## Additional Resources
+
+-   https://admin-docs.zammad.org/en/latest/settings/security/third-party/saml.html
+-   https://community.zammad.org/t/saml-authentication-with-authentik-saml-login-url-and-auto-assign-permission/10876/3
--- a/website/sidebarsIntegrations.js
+++ b/website/sidebarsIntegrations.js
@ -74,6 +74,7 @@ module.exports = {
                        "services/sssd/index",
                        "services/truecommand/index",
                        "services/veeam-enterprise-manager/index",
+                        "services/zammad/index",
                    ],
                },
                {