Enable two-factor authentication for client sub-accounts.
This is needed!!! Especially if an account holder allows for sub-accounts with full control - the sub account has their own email login and therefore should also have the option to use two step auth with time based tokens (and should be mandatory - to use time based tokens on sub-account if the primary account holder activated two-step authentication)
This definitely needs implementing asap - exactly for the reasons previously mentioned.
Yeah, actually two-factor is useless when some one can use the sub-account to login.
This is a serious security risk that needs to be addressed urgently. We must all continuously improve our security protections. This change should be implemented urgently and I would urge you to escalate it to top priority for immediate action.
Yes, this is definitely needed.
If you make 2FA mandatory for customers, sub-accounts can't login at all as they can't set up 2FA but are trapped in redirects to the 2FA page. This should be considered a bug not a feature request. Fix this please, WHMCS.
This is crazy there is a bug that redirects to 2FA page if you are a contact! Must FIX!!
Is there any update on this? It kind of defeats the purpose of 2FA if the sub-accounts can't have it enabled. Kind of like Putting bolts on the door but leaving your windows open.
I don't understand why this was left out in the first place. It makes no sense.
This is a big security issue. Otherwise, why bother offering 2FA at all?
How is this not implemented already?
It's a little crazy this was let out in the first place.
Yes, last I heard this is not possible. I see no reason to use this before all users are included.
Why is this not a thing yet?
Please inplement this already
crazy it's not already done, whmcs is really understand account security ?!!!!
Any update on this?
It's def not in v7.7.1 which is super disappointing.
Please WHMCS, get this added soon, security is such a huge concern and we require 2 factor...
SSIs this not done yet?
TFA for sub-accounts is an absolute necessity, it's absence is a bug, not a missing feature. Sincerely hope this is introduced soon.
We can't use 2FA until this is in place and I'm sure lots of customers feel the same. Typical WHMCS.
This should add this long time ago
How the heck is this not a thing yet? Sub-Users in many cases have access to almost everything a primary admin does.
This "Feature" shouldn't even be for vote personally. We've had some many complaints about the main account / customer/client account been locked with 2FA but then when the "Customer" adds "Sub-account they don't get the option to add 2FA so if the main customer gives full access to the account then this means if the Sub-Account was compromised / hacked then would able to make changes to their services without asking for 2FA. This is serious problem and good way for hackers to able to bypass the security on the main account. Therefore this is security problem that need's to be addressed ASP not waiting for months for WHMCS teams build up votes on.
We need security we need to protected our customers so please take this on broad people please vote for this feature.
Please add this feature
WHMCS: Please add this feature asap.
This feature is a must have for the security of WHMCS. We cannot use sub-accounts until the 2FA not deployed.
As part of our work to deliver https://requests.whmcs.com/topic/multiple-billing-accounts-using-one-login we are investigating the opportunity to introduce Two-Factor Authentication on all user authentication levels.
This group of work represents a significant shift in user authorization and the potential user experience of WHMCS. It will be a significant amount of work to apply in a holistic way, so if that target should change I'll be sure to keep you updated here.
Thanks a lot for the update.
MFA for subaccount and better handle of user account (auth/billing/authorization) is must need in Whmcs.
Huge work i guess but a lot of benefit in future for more flexibility and better user experience.
Thank you for the update. This is a good news.
Isn't WHMCS 8.0 doing away with Sub-accounts? Replacing with "Shared users for client login and management" According to the Blog https://blog.whmcs.com/133630/whats-coming-in-whmcs-80 it is.
I'm pleased to announce that the 8.0 public beta is now live, featuring Two Factor Authentication for Users! Please test it out, and let us know your feedback during the pre-release period.
Beta information: https://beta.whmcs.com
Feature documentation: https://docs.whmcs.com/Users_And_Accounts
Comments have been locked on this page!