External Authentication allows your server's users to log in to WHM, cPanel, or Webmail through OpenID Connect-compliant identity providers.
cPanelID and WHMCS External Authentication identity provider modules are available by default in cPanel & WHM version 54 and later. Additional modules for Facebook, Google, and Amazon are available as sample modules to allow service providers to develop their own.
OpenID Connect is a identity standard that overlays the OAuth 2.0 standard that Google, Microsoft, PayPal, and other major online companies and organizations back. cPanelID is based on this standard.
To learn more about OpenID Connect, read OpenID Connect's website.
You can use External Authentication for the following needs:
cPanelID uses the same username and password that the cPanel Tickets System, the Manage2 billing system, and the cPanel Store use. It uses OpenID standards to allow cross-platform authentication and logins.
All owners of cPanel & WHM licenses already have a cPanelID. Resellers, cPanel accounts, and cPanel account users who have not used any of those three systems will need to register to obtain a cPanelID.
Use either of the following methods to obtain a cPanelID:
How do I link my cPanelID to my cPanel, WHM, or Webmail account?
Use either of the following methods to link your cPanelID to your cPanel, WHM, or Webmail account:
Nothing. In fact, in future versions of cPanel & WHM, cPanelID may to reduce your overall costs because customers will be able to use it to buy discounted SSL certificates, and resellers may earn sales commission credit for those certificate purchases. Also, you can reduce support costs because our goal is to integrate the purchase and installation process to reduce opportunity for error.
To use an external authentication method, you must access your WHM, cPanel, and Webmail accounts via an SSL connection. If you do not access your accounts via an SSL connection, the Log in via cPanelID option will not display on your accounts' Login interfaces.
For more information, read our How to Configure Your Firewall for cPanel Services documentation.
We realize that every time you add an authentication method to your server, you enlarge the surface attack for logins and increase security risks. We strongly encourage you to look through all of your server's services and plan out your security needs and authentication scheme, and that you do not enable and allow authentication methods or features that are not absolutely necessary for you or your customers.
You can enable and disable external authentication identity providers with WHM's Manage External Authentications interface (Home >> Security Center >> Manage External Authentications).
We also encourage you to create wheel users for SSH, reseller accounts, and other necessary accounts to reduce the amount of direct intervention necessary by the root
user to perform routine maintenance, administration, and reseller tasks on your server.
A customer's reseller earns the referral fee for certificates that a customer buys through the cPanel Store. If you do not wish to connect your root user to cPanelID, then you must transfer those customers to a reseller (or root-enabled reseller).
Technically, no. In fact, you can disable the cPanelID External Authentication identity provider in WHM's Manage External Authentications interface (Home >> Security Center >> Manage External Authentications).
You can continue to log in to your server, purchase and install SSL certificates, and perform all existing administrative and user tasks through the existing functions. Also, you can purchase SSL certificates through cPanel's SSL TLS Wizard interface (Home >> SSL/TLS >> SSL/TLS Wizard) with the cPanelID's username and password without the need to link it to your server's cPanel account.
We realize that all of our customers do not universally desire this feature. However, it is extremely useful for those customers who have requested it. Server owners who do not need or want this feature can disable it easily, just as you can disable most features in cPanel & WHM that you do not wish to use (for example, you can disable your FTP server and require that your customers use SFTP or the secure Web Disk feature).
We strongly encourage you to consider your security needs before you enable and use any feature in cPanel & WHM.
Navigate to the cPanel Tickets System Registration page and enter your email address. The system will email a password reset link to that address.
Does Two-Factor Authentication (2FA) work with External Authentication?
Yes. If your cPanel, WHM, or Webmail account requires 2FA to log in, your server will ask you for your one-time code after you authenticate your External Authentication account.
If you link to an external account through an identity provider that has 2FA enabled, you must also authenticate through that provider in addition to any 2FA that you configure on your server.
For security reasons, we strongly encourage you to consider the use of 2FA with any and all accounts that offer it.
Yes, cPanel, Inc. follows the security guidelines that the webhosting industry generally accepts.
Like the owner of every responsible third-party identity provider, cPanel, Inc. uses a very strong encryption hash and monitors activity on its externally-facing systems.
In the rare event of a security breach, we have processes to investigate the nature of the breach and help re-establish the security of the affected systems.