SSO authentication on SugarCRM with SAML

Okta Login Screen
Okta login screen

Today I am going to guide you through the steps to get Sugar up and running in the easiest way possible with Okta, the SAML identity provider of choice for this article.

The business goals are:

  1. Centralise authentication. Less headaches when changing password and even when decommissioning users and no need to maintain local usernames and passwords
  2. Better user experience for application access, with Single Sign On between applications within the organisation

Read more

Powerful customisations with Sugar’s ACL

Today I want to explore a customisation possibility that is so powerful and still often neglected: customising Sugar’s ACL framework.

The Actions and field visibility part of the ACL in Sugar is normally applied through the use of Roles within the application’s UI, while the visibility of a record is applied through the visibility framework that either allows a user to see a module’s entry or not.

There are two important nuances about Roles in Sugar that I should mention:

  1. Most restrictive prevails, if a user happens to be assigned to more than one Role
  2. Roles do not apply to Sugar Admin type users

The power of the ACL framework is due to the fact that it applies both to the back-end of the system (eg: the API will not allow writes) and to the UI as well by driving buttons and visual screen elements that would allow the user to perform or not the actions.

Read more

SugarCRM – Team security query caching

Following up on my previous article about Sugar’s Team Security implementation, I thought it would be interesting and useful to discuss and mention a new setting to improve it.

Prerequisites

For this article I’ve used:

  • Sugar Enterprise v7.6.0.0
  • The infrastructure setup described on my previous article Setup a Debian Based Sugar development environment (or similar)
  • In-memory caching is enabled using memcache/memcached (my current preference) depending on the linux flavour used

Introduction

Some time ago, I was analysing the performance of the Team Security query. The slowest part of the query seems to be caused by the subquery with joins between the tables team_sets_teams and team_memberships within listview queries.

Then I thought: Sugar caches most of the semi-static data (vardefs, language files, etc) into whatever caching mechanism is used by the system, why don’t we run an IN() condition using the cached list of ids per user, instead of a subquery on every listview load?

Read more

Sugar 7 – Setup a Development Environment

Build a Sugar development VM using Debian 7.8

This post is supposed to guide through the setup of a VirtualBox virtual machine for local development of Sugar 7.5.x. The OS of choice is Debian 7.8 as it is my personal preference for server setups and it currently fits all the software requirements of Sugar without much additional manual work.

Read more