How can we improve WHMCS?

Share, discuss and vote for what you would like to see added to WHMCS

Active Directory Integration for Authentication

  • Michael Kruger shared this idea 12 years ago
  • Admin Area
  • 15 Comments


I would like to see WHMCS integration with Microsoft Active Directory for Authentication into the admin area.

15 Comments

Login to post a comment.

We are not actively pursuing LDAP/AD integration at the moment, however we are looking at making WHMCS OAuth2 compatible which will allow you to create authentication bridges to services like cPanel.

More details will be coming, so stay tuned at blog.whmcs.com.
I've got lots of Linux appliations running on Linux servers that authenticate against Active Directory - including MediaWiki, RackTables, Zabbix, OpenFire. The first three are even using PHP libraries to accomplish this.

This is done via LDAP, (a fully open standard), and it works great. Even without the 'group membership' integration aspect, a BASIC LDAP implementation would be extremely helpful.

I suspect the folks asking "WHY" have never worked in a business that uses Windows Server & Active Directory.

As for businesses being able to "develop their own workings for WHMCS" - as far as I am aware, the API that WHMCS exposes does not allow for this level of integration, and regardless of that, many quite small businesses use Active Directory.
I dare say you are correct wispr although the reason i agree is that i would say there is a distinct possibility that the majority of WHMCS client base are running on Linux systems for one reason or another.

RE: running AD, they may well be, but that wasnt my point, my point was they can afford to develop their own workings of whmcs. (or any system they choose for that matter).

We are not all that lucky of course.
additionally, ADFS 2.0 uses SAML to provide idtentify tokens, which is an open standard and used across many identiy platforms.
whmcs could go the route of other control panel/billing vendors, like http://www.extendasp.com/, and actual create users in AD. I would love for it to do that, but it is probably a pipe dream. ADFS in Server 2012 should change a bunch of that, but most folks that use whmcs I wouldn't believe are on the cutting edge of Microsoft like others.
CDJ, just to clarify a few things...

Most AD integration work similar to oauth/openid in that it takes the "authentication" aspect of AAA and leaves authorization and accounting to the application. That would mean the roles, logging, etc is contained within whmcs, and authenticate the user against ad/ldap/radius. The module would not set the required credentials as you suggest, it would instead query ad each time for the password, just like radius auth.

Large comapnies have deeper pockets, yes, and nearly all of them use AD.
It really depends upon where you would want to manage the systems, Consider what whmcs, its supposed to be a central point for managing all systems, not really meant to be accessed outside the system but it can be done.

So if you want to do this:

either put together something for your current system to create the admin account, give a role etc on the whmcs installation via its API (see the documentation).

Or you create a module in whmcs that sets the required credentials when an admin is created in whmcs (see the hooks documentation), Either way is workable and i see no reason why this would be a whmcs issue or why it should become a feature. I would imagine the highest percentage of whmcs users are resellers that have absolutely no need for this.

Large companies/corporations have far deeper pockets to foot the cost of developing their own systems.
We would glad pay for this module, ala Freeradius.

Two things we need it for:

security groups for whmcs management, ie groups in AD that would match to the security groups (admins, sales, support, custom). Make all members of the sales team in AD automatically have access to the sales role in whmcs.

we use ad/nps/radius with our clients as well, so intregation there would be great. Reading users out of AD would be ok, but creating users in AD would be the best.
At least add a hook that allow programming of 3rd party authentication methods. This is a must have feature.
ActiveDirectory / LDAP should be included in WHMCS (at least for the admin logins)!

I am willing to pay a small fee to see this in the 5.2 release!
Peter Kelly wrote:Why would this be needed?? I cant think of any reason atm.
Well, when you have MODX sites, Wordpress sites, WHMCS, Exchange mail,Windows servers, it will be easyer with one username and one place to administer if a login get stolen, creation of new admins, etc.

As of today, we have logins for this system (AD ok or not):
WHMCS (AD No)
MODx (AD Yes)
MediaWiki (AD Yes)
Exchange mail (AD Yes)
Wordpress (AD Yes)
LiveZilla (AD No)
KeePass (AD Yes)

7 systems, 7 usernames, 7 password.
And here we only need 3 accounts, one of them only for out main system; WHCMS.
Hi Peter, I will try to elaborate on what Tim and Jan said. The reason for wanting Microsoft Active Directory for Authentication into the admin area is to allow users in corporate environments to use the same credentials as they would use for the domain, which use platforms such as MS Exchange.

This would also allow the admin to centrally manage the users permissions. For example, in the event someone is terminated, the admin can easily terminate access to all systems for that user.

Another reason is to provide rights based on domain profiles, much like you do in WHMCS with Administrator Roles. The difference being that this would all be centrally managed and deployed from the domain.

Also, many corporate policies and network security policies force IT administrators to use Microsoft Active Directory for Authentication and would not allow an independently managed system for credentials, like WHMCS.
We are planning to integrate WHMCS on a server at a university and we really need to be able to authenticate users against our existing active directory system. A google search shows this is a very popular request but I haven't found any extension that makes it work yet.
yes to the admin section this is really desired. i would like to add a more fine rigths selections for roles too..
Why would this be needed?? I cant think of any reason atm.