Documentation

CRM Integration

Learn how AscenAI integrates its tenant-isolated CRM with AI agents and auth-engine identity.

Platform CRM Overview

AscenAI uses its hardened CRM for customer interactions, agent notes, and sales workflows.

How it works under the hood

  • Isolated Workspaces: Each CRM workspace is a dedicated, tenant-isolated environment provisioned by the external CRM control plane.
  • Tenant Isolation: Every workspace is bound to one AscenAI tenant, but users enter through the shared `crm.lvh.me` host locally.
  • Seamless SSO: Human users authenticate through auth-engine sessions and CRM SSO handoff.

Managing Workspaces

Every tenant is automatically provisioned a CRM workspace when their account is created. Platform Administrators can monitor all global workspaces via the CRM Management Dashboard (`/admin/crm`).

Monitoring Health

The CRM Management Dashboard monitors the CRM control plane and each tenant workspace's health endpoint.

Seat Limits & Billing

CRM access is billed on a per-seat basis depending on the user's subscription plan.

Seat Enforcement

  • Quota Tracking: The AscenAI `Tenant.crm_seats` value dictates how many team members can access the CRM.
  • Overage Alerts: The `/admin/crm` dashboard compares active CRM memberships with purchased workspace seats.

Repairing Mappings

A mapping can become unhealthy if a tenant site is unavailable or its deployment was interrupted.

Using the Repair Tool

If a user reports an "Invalid CRM Workspace" error, platform admins can click the Repair Mapping button in the CRM Dashboard. This checks the workspace's health endpoint and updates the control-plane status without exposing provider credentials.

Auth Engine SSO

We utilize a zero-trust pattern for authenticating into the CRM without requiring the user to manage two separate passwords.

The Handshake Process

  1. User requests CRM access via AscenAI API.
  2. AscenAI validates the JWT token and verifies the user has a CRM seat.
  3. AscenAI resolves the user's tenant CRM site.
  4. The CRM validates the short-lived CRM SSO handoff issued by AscenAI.
  5. Auth-engine-backed membership is verified before the CRM establishes a workspace session.
  6. The CRM establishes its own secure workspace session.