How can we improve WHMCS?

Share, discuss and vote for what you would like to see added to WHMCS

  1. Home
  2. Ideas
  3. Admin Area
  4. Active Directory Integration for Authentication

Active Directory Integration for Authentication

  • Michael Kruger shared this idea 11 years ago
  • Admin Area
  • 15 Comments


21 Votes
Login to Vote
I would like to see WHMCS integration with Microsoft Active Directory for Authentication into the admin area.

Featured Comment

WHMCS commented 5th November 15
We are not actively pursuing LDAP/AD integration at the moment, however we are looking at making WHMCS OAuth2 compatible which will allow you to create authentication bridges to services like cPanel.

More details will be coming, so stay tuned at blog.whmcs.com.

15 Comments

Login to post a comment.

Official Response
WHMCS commented 5th November 15
We are not actively pursuing LDAP/AD integration at the moment, however we are looking at making WHMCS OAuth2 compatible which will allow you to create authentication bridges to services like cPanel.

More details will be coming, so stay tuned at blog.whmcs.com.
Geoff Maciolek commented 9th October 13
I've got lots of Linux appliations running on Linux servers that authenticate against Active Directory - including MediaWiki, RackTables, Zabbix, OpenFire. The first three are even using PHP libraries to accomplish this.

This is done via LDAP, (a fully open standard), and it works great. Even without the 'group membership' integration aspect, a BASIC LDAP implementation would be extremely helpful.

I suspect the folks asking "WHY" have never worked in a business that uses Windows Server & Active Directory.

As for businesses being able to "develop their own workings for WHMCS" - as far as I am aware, the API that WHMCS exposes does not allow for this level of integration, and regardless of that, many quite small businesses use Active Directory.
CDJ HOSTING commented 22nd May 13
I dare say you are correct wispr although the reason i agree is that i would say there is a distinct possibility that the majority of WHMCS client base are running on Linux systems for one reason or another.

RE: running AD, they may well be, but that wasnt my point, my point was they can afford to develop their own workings of whmcs. (or any system they choose for that matter).

We are not all that lucky of course.
wispr commented 22nd May 13
additionally, ADFS 2.0 uses SAML to provide idtentify tokens, which is an open standard and used across many identiy platforms.
wispr commented 22nd May 13
whmcs could go the route of other control panel/billing vendors, like http://www.extendasp.com/, and actual create users in AD. I would love for it to do that, but it is probably a pipe dream. ADFS in Server 2012 should change a bunch of that, but most folks that use whmcs I wouldn't believe are on the cutting edge of Microsoft like others.
wispr commented 22nd May 13
CDJ, just to clarify a few things...

Most AD integration work similar to oauth/openid in that it takes the "authentication" aspect of AAA and leaves authorization and accounting to the application. That would mean the roles, logging, etc is contained within whmcs, and authenticate the user against ad/ldap/radius. The module would not set the required credentials as you suggest, it would instead query ad each time for the password, just like radius auth.

Large comapnies have deeper pockets, yes, and nearly all of them use AD.
CDJ HOSTING commented 22nd May 13
It really depends upon where you would want to manage the systems, Consider what whmcs, its supposed to be a central point for managing all systems, not really meant to be accessed outside the system but it can be done.

So if you want to do this:

either put together something for your current system to create the admin account, give a role etc on the whmcs installation via its API (see the documentation).

Or you create a module in whmcs that sets the required credentials when an admin is created in whmcs (see the hooks documentation), Either way is workable and i see no reason why this would be a whmcs issue or why it should become a feature. I would imagine the highest percentage of whmcs users are resellers that have absolutely no need for this.

Large companies/corporations have far deeper pockets to foot the cost of developing their own systems.
wispr commented 22nd May 13
We would glad pay for this module, ala Freeradius.

Two things we need it for:

security groups for whmcs management, ie groups in AD that would match to the security groups (admins, sales, support, custom). Make all members of the sales team in AD automatically have access to the sales role in whmcs.

we use ad/nps/radius with our clients as well, so intregation there would be great. Reading users out of AD would be ok, but creating users in AD would be the best.
peterz commented 30th January 13
At least add a hook that allow programming of 3rd party authentication methods. This is a must have feature.
Bora commented 25th December 12
ActiveDirectory / LDAP should be included in WHMCS (at least for the admin logins)!

I am willing to pay a small fee to see this in the 5.2 release!
Ruben V commented 25th December 12
Peter Kelly wrote:Why would this be needed?? I cant think of any reason atm.
Well, when you have MODX sites, Wordpress sites, WHMCS, Exchange mail,Windows servers, it will be easyer with one username and one place to administer if a login get stolen, creation of new admins, etc.

As of today, we have logins for this system (AD ok or not):
WHMCS (AD No)
MODx (AD Yes)
MediaWiki (AD Yes)
Exchange mail (AD Yes)
Wordpress (AD Yes)
LiveZilla (AD No)
KeePass (AD Yes)

7 systems, 7 usernames, 7 password.
And here we only need 3 accounts, one of them only for out main system; WHCMS.
Michael Kruger commented 24th December 12
Hi Peter, I will try to elaborate on what Tim and Jan said. The reason for wanting Microsoft Active Directory for Authentication into the admin area is to allow users in corporate environments to use the same credentials as they would use for the domain, which use platforms such as MS Exchange.

This would also allow the admin to centrally manage the users permissions. For example, in the event someone is terminated, the admin can easily terminate access to all systems for that user.

Another reason is to provide rights based on domain profiles, much like you do in WHMCS with Administrator Roles. The difference being that this would all be centrally managed and deployed from the domain.

Also, many corporate policies and network security policies force IT administrators to use Microsoft Active Directory for Authentication and would not allow an independently managed system for credentials, like WHMCS.
Tim Owens commented 24th December 12
We are planning to integrate WHMCS on a server at a university and we really need to be able to authenticate users against our existing active directory system. A google search shows this is a very popular request but I haven't found any extension that makes it work yet.
jan dijk commented 24th December 12
yes to the admin section this is really desired. i would like to add a more fine rigths selections for roles too..
Peter Kelly commented 24th December 12
Why would this be needed?? I cant think of any reason atm.