The Manage External Authentications interface in WHM allows you to manage the OpenID Connect-compliant identity providers that your server’s users can use to log in to cPanel, WHM, or Webmail.
Today let see the common external authentication techniques available with cPanel and how to enable/disable these features :
1] External Authentication Via cPanelID
-> Steps for enabling and disabling WHM authentication via cPanelID as follows.
Configuring The External Authentication Via cPanelID
-> Log into WHM as root
-> Navigate to Security Center >> Manage External Authentications
-> Select the Configure tab
-> Then click on the configure option. Use the default entries and save.
-> Log out from the current session and re-login via cPanelID
-> Create a new account. For that require a valid email address
-> After providing the valid email address and click on the send password then an activation link will send to the user’s email which is mentioned.
-> Login to the mail and access the activation link to generate the password.
-> Once the password is obtained, use that password to login to both cPanel customer portal and cPanelID account.
-> From the cPanelID account, a unique cPanelID will display and asks for Approve or Deny. Choose the Approve option.
Now the browser will take you back to WHM, here it shows the mentioned email id is not associated with the existing WHM account. To achieve this login to the WHM.
Here onwards the WHM, cPanel and Webmail are accessed by the cPanelID.
To Disable This Feature.
-> This feature can be disabled by moving the slider from right to left.
2] External Authentication Via WHMCS As OpenID Connect Authentication Provider
Before doing this ensure you are running cPanel/WHM Version 54 or later
OpenID Connect requires a certificate authority verified SSL certificate installed on the cPanel/WHM service ports and for the WHMCS installation.
Configuration steps as follows:
- Log into WHM as root
- Navigate to Security Center >> Manage External Authentications
- Select the Configure tab
- Under the Authentication Providers heading, locate Log in via WHMCS
- Click the Configure button
- Copy the Redirect URI that contains the cPanel, and WHM port number (2083, 2087)
- Now login to your WHMCS Admin Area
- Navigate to Setup >> OpenID Connect
- Click the Generate New Client API Credentials button
- Enter a name for this OpenID Credential Set as follows
Application Name: cPanel
Description: hostname.example.com
Logo URI: /modules/servers/cpanel/logo.png
Redirect URI: (the URI which is used in the step6)
- Once all fields have been filled out, click the Generate Credentials button
- The page will re-load and display the generated Client API Credentials to you
- Copy the generated Client ID and Client Secret from here and paste them into the appropriate fields within the WHM WHMCS External Authentication Provider Configuration interface
- In the Well Known Config URI field, enter https://www.example.com/whmcs/oauth/openid-configuration.php, replacing https://www.example.com/whmcs with your WHMCS System SSL URL
- Finally, tick the box to confirm you have used the Redirect URIs as provided, and then click Save to complete the process.
- Slide the toggle switch for the Status (cpaneld) to Enabled. This will show the “Login via WHMCS” button on the cPanel login page.
Initial Login Setup
- Click the Log in via WHMCS button on the cPanel login page.
- You should be redirected to your WHMCS installation’s Authentication and Authorization page.
- Login with a valid client area email address and password.
- You should then see a screen like an image below requesting permission to provide the cPanel server the minimum amount of information required to associate the cPanel account and the WHMCS Billing Account
- This authorization page is only displayed the first time a user requests to login using their
- WHMCS Billing Account Credentials.
- Upon clicking Authorize the user is returned to cPanel.
The first time a user does this they will not be logged in to cPanel immediately. cPanel will prompt the user for the cPanel username and password they wish to pair up with the WHMCS Billing & Support Client Account, which was just authenticated and authorized.
Disable WHMCS Authentication
This feature can be disabled by moving the slider from right to left from WHM > Manage External Authentications > Configure
If you require help, contact SupportPRO Server Admin