Difference between revisions of "WHMCS Single Sign-On"
| Line 1: | Line 1: | ||
| + | __NOTOC__ | ||
WHMCS Single Sign-on allows trusted applications and third parties to authenticate users into a WHMCS installation automatically, without the user having to re-authenticate. | WHMCS Single Sign-on allows trusted applications and third parties to authenticate users into a WHMCS installation automatically, without the user having to re-authenticate. | ||
| − | + | ||
| − | ==Supported Applications== | + | Users are redirected to a specific WHMCS client area destination based on a single-use access token acquired by your trusted system. |
| − | + | ==Supported Integrations== | |
| + | You can leverage WHMCS SSO through the follow integrations | ||
| + | ===API=== | ||
| + | The [https://developers.whmcs.com/api-reference/createssotoken/ CreateSsoToken API] allows you to script your own token generation, on demand, and is a powerful way to provide redirection from one secure system you operate into WHMCS. | ||
| + | |||
| + | ===Supported Applications=== | ||
| + | Applications rely on under-the-hood mechanisms using an existing trust between your WHMCS and a remote client resource to provide seamless login from the resource into WHMCS. | ||
| + | |||
The following applications are known to support and integrate WHMCS Single Sign-On: | The following applications are known to support and integrate WHMCS Single Sign-On: | ||
| − | + | ||
* [[CPanel_Single_Sign-On|cPanel & WHM 54 and later]] | * [[CPanel_Single_Sign-On|cPanel & WHM 54 and later]] | ||
| − | + | ||
==FAQ== | ==FAQ== | ||
| − | + | ||
'''Q. What if my customer doesn't want Single Sign-On?'''<br /> | '''Q. What if my customer doesn't want Single Sign-On?'''<br /> | ||
| − | A client area security setting means end users are in complete control of whether or not Single Sign-On is allowed for their client account. They can enable/disable it at any time simply via the ''Account > Security Settings'' section of the client area. | + | A. A client area security setting means end users are in complete control of whether or not Single Sign-On is allowed for their client account. They can enable/disable it at any time simply via the ''Account > Security Settings'' section of the client area. |
| − | + | ||
'''Q. How secure is it?'''<br /> | '''Q. How secure is it?'''<br /> | ||
A. Our Single Sign-On implementation is based on the popular and widely used OAuth 2.0 authorization framework which outlines a secure workflow for accessing user data while protecting their account credentials. | A. Our Single Sign-On implementation is based on the popular and widely used OAuth 2.0 authorization framework which outlines a secure workflow for accessing user data while protecting their account credentials. | ||
| − | + | ||
'''Q. I'm a developer, how can I use it?'''<br /> | '''Q. I'm a developer, how can I use it?'''<br /> | ||
A. Developers should refer to our [[WHMCS Single Sign-On Developer Guide]] for technical information. | A. Developers should refer to our [[WHMCS Single Sign-On Developer Guide]] for technical information. | ||
Revision as of 14:32, 24 March 2020
WHMCS Single Sign-on allows trusted applications and third parties to authenticate users into a WHMCS installation automatically, without the user having to re-authenticate.
Users are redirected to a specific WHMCS client area destination based on a single-use access token acquired by your trusted system.
Supported Integrations
You can leverage WHMCS SSO through the follow integrations
API
The CreateSsoToken API allows you to script your own token generation, on demand, and is a powerful way to provide redirection from one secure system you operate into WHMCS.
Supported Applications
Applications rely on under-the-hood mechanisms using an existing trust between your WHMCS and a remote client resource to provide seamless login from the resource into WHMCS.
The following applications are known to support and integrate WHMCS Single Sign-On:
FAQ
Q. What if my customer doesn't want Single Sign-On?
A. A client area security setting means end users are in complete control of whether or not Single Sign-On is allowed for their client account. They can enable/disable it at any time simply via the Account > Security Settings section of the client area.
Q. How secure is it?
A. Our Single Sign-On implementation is based on the popular and widely used OAuth 2.0 authorization framework which outlines a secure workflow for accessing user data while protecting their account credentials.
Q. I'm a developer, how can I use it?
A. Developers should refer to our WHMCS Single Sign-On Developer Guide for technical information.