SSO authentication on SugarCRM with SAML

Okta Login Screen
Okta login screen

Today I am going to guide you through the steps to get Sugar up and running in the easiest way possible with Okta, the SAML identity provider of choice for this article.

The business goals are:

  1. Centralise authentication. Less headaches when changing password and even when decommissioning users and no need to maintain local usernames and passwords
  2. Better user experience for application access, with Single Sign On between applications within the organisation

Read more

Powerful customisations with Sugar’s ACL

Today I want to explore a customisation possibility that is so powerful and still often neglected: customising Sugar’s ACL framework.

The Actions and field visibility part of the ACL in Sugar is normally applied through the use of Roles within the application’s UI, while the visibility of a record is applied through the visibility framework that either allows a user to see a module’s entry or not.

There are two important nuances about Roles in Sugar that I should mention:

  1. Most restrictive prevails, if a user happens to be assigned to more than one Role
  2. Roles do not apply to Sugar Admin type users

The power of the ACL framework is due to the fact that it applies both to the back-end of the system (eg: the API will not allow writes) and to the UI as well by driving buttons and visual screen elements that would allow the user to perform or not the actions.

Read more

SugarCRM – Team security query caching

Following up on my previous article about Sugar’s Team Security implementation, I thought it would be interesting and useful to discuss and mention a new setting to improve it.

Prerequisites

For this article I’ve used:

  • Sugar Enterprise v7.6.0.0
  • The infrastructure setup described on my previous article Setup a Debian Based Sugar development environment (or similar)
  • In-memory caching is enabled using memcache/memcached (my current preference) depending on the linux flavour used

Introduction

Some time ago, I was analysing the performance of the Team Security query. The slowest part of the query seems to be caused by the subquery with joins between the tables team_sets_teams and team_memberships within listview queries.

Then I thought: Sugar caches most of the semi-static data (vardefs, language files, etc) into whatever caching mechanism is used by the system, why don’t we run an IN() condition using the cached list of ids per user, instead of a subquery on every listview load?

Read more

Sugar 7 – Setup a Development Environment

Build a Sugar development VM using Debian 7.8

This post is supposed to guide through the setup of a VirtualBox virtual machine for local development of Sugar 7.5.x. The OS of choice is Debian 7.8 as it is my personal preference for server setups and it currently fits all the software requirements of Sugar without much additional manual work.

Read more

How does authentication work in Sugar 7?

Different application’s approach: Sugar 7 framework

For whoever is reading this article and is not familiar with Sugar on the most recent version 7.x of the product, it is important to note that the application’s core is now a RESTful based API.

The presentation layer is based on SugarCRM’s framework “Sidecar”, that uses quite a few Open Source libraries (including Bootstrap, jQuery, Handlebar and Backbone.js).

The framework’s MVC layer is cached/stored within the browser at the first application’s load and interacts with the REST API on every subsequent call, creating a more powerful experience as a Single Page Application.

The great concept around the newer application’s framework is that everything can now be achieved interacting with the application via API calls, if it can be done in the application by using the interface (except BWC functionality).

By doing so, the framework provides extreme flexibility and huge integration capabilities, and therefore it allows customers to build any business process around the application.

Read more

Customise SugarCRM Case assignment from Inbound Emails

Creating Support Tickets from Emails is one of the core functionalities of a ticketing system and it can hugely benefit any organisation if the ticketing system is directly part of the global CRM implementation.

SugarCRM since the early days has included on any version of its CRM product a great functionality that is commonly used between my customers: the Inbound Email to Case creation (as in Email to Support Ticket creation).

To know more about how to set-up the functionality out of the box, for a Sugar v7.2.2.0 (latest Sugar version while writing this article), please refer to this section of the manual.

Read more