Hostwinds Tutorials

Search results for:


Table of Contents


Administrator Users
Adding an Administrator
Administrator Roles
Adding an Administrator Role
Add New Role Group
Duplicate Role Group
Two Factor Authentication
Manage API Credentials
Create API Role
Add New API Credentials

How To Setup WHMCS and Manage Staff

Tags: WHMCS,  Reseller 

Administrator Users
Adding an Administrator
Administrator Roles
Adding an Administrator Role
Add New Role Group
Duplicate Role Group
Two Factor Authentication
Manage API Credentials
Create API Role
Add New API Credentials

WHMCS provides support for staff accounts, and the Staff Management page is where you can add, remove, and otherwise manage these staff accounts. This article will be going over the options available and the process of managing staff accounts in WHMCS.

The Staff Management page can be found through Setup -> Staff Management, where you can choose which section of staff management you need to manage.

Administrator Users

The Administrator Users section allows you to view, add, remove, and otherwise manage the admin/staff users on your system.

All current accounts will be listed on the main page, split into active and Inactive. The buttons next to each user entry are for editing and removing that user, respectively.

Adding an Administrator

To add an administrator, click the Add New Administrator button, and you will be presented with the following form:

The fields and options on this page are as follows:

  • Administrator Role: Specifies the designated role for this admin account.
  • First Name: First name of the administrator.
  • Last Name: Last name of the administrator.
  • Email Address: Email address of the administrator.
  • Username: Username for the administrator.
  • Password: Password for the administrator. It is recommended to enter a secure, randomly generated password using a tool such as this. It is also recommended to set password reset instructions to the admin after the creation of their account.
  • Confirm Password: Duplicate entry for the Password. I needed to ensure the password is correct.
  • Assigned Departments: Specifies what departments/groups the admin account should belong to.
  • Support Ticket Signature: Specifies the admin user's signature by default at the end of their ticket messages.
  • Private Notes: Place to leave notes on the account. These are visible to other admins as well.
  • Template: The template the admin user will adhere to.
  • Language: The admin user's language.
  • Disable: Enabling this deactivates the account, preventing login.

This is the same form that will be presented to you when editing an existing admin.

Administrator Roles

Administrator roles are groups that you can assign admin users to apply permissions and policies to them in groups instead of all individuals. You can also use this to designate the exact position the user will be.

The first page in this section lists the existing Administrator Roles and lists of which admins are members of each group and buttons to edit or remove the group.

Adding an Administrator Role

WHMCS provides ways to create a new admin role by either creating one from scratch or duplicating an existing group. The buttons to initiate each type of group creation are found at the top of the page.

Add New Role Group

After selecting to add a new role group, you will first be prompted to name the group. Give it a name that is descriptive of its duties and what permissions it will have.

Next, you will be prompted to select what permissions you want users within the group to have. The name of each permission is descriptive of what that permission allows the user to do or access.

You will also restrict their access to reports and specify what types of emails they can manage.

Duplicate Role Group

When selecting to duplicate an existing role group, it will ask you which group you wish to duplicate and what name you would like to give to the new one. Please give it a name that's descriptive of its duties and permissions.

You will then be presented with the same permissions selection page as when creating a new user, except it will be pre-populated with the values from the group you are duplicating. Modify the setting if you so wish, and save the settings.

Two Factor Authentication

WHMCS provides support for two-factor authentication (2FA) to increase security on client and admin accounts.  When a user logs in with 2FA enabled, they will be prompted for another form of identification using a second device beyond just their username and password. Typically this is done by sending a code to a mobile phone via SMS or with a one-time code that expires and regenerates every 30 seconds.

On the Two Factor Authentication setup page, you are given the option to force clients, admins, or both to enable 2FA the next time they log in if they don't have it already.

WHMCS supports 3 types of 2FA:

  • Duo Security: use a smartphone or other device to receive a temporary code for login through methods like push notification, SMS, phone calls, etc.
  • Time-Based One-Time Password: use a second device to generate a random passcode that is only valid for 30 seconds before a new code is generated. This uses 3rd party applications such as Google Authenticator or Authy to generate these codes. Enabling this requires a subscription payment of $1.50/mo.
  • Yubico: a hardware key that plugs into your computer via a USB port to identify you. This is free to enable, but you will need to purchase the hardware keys themselves, which start at $25 each.

Manage API Credentials

WHMCS provides API support for the development of 3rd party applications that rely on its services. The Manage API Credentials page lets you create roles for access to specific components of the API and assign those roles to API credentials.

Create API Role

Before you can create API credentials, you have to make at least one API role in specifying your credentials wpermissionscredentials'

To create an API role, begin by selecting the API Roles tab and clicking the green Create API Role button, and you will be prompted with the following form:

Give the role a name that is descriptive of its duties or permissions, and you may give a description to describe those duties and permissions more in-depth. Then scroll through the different categories in the left-side panel and select what permissions from those categories this role should have. The full reference guide for the API calls can be found here.

Add New API Credentials

After you've created at least one API role, you can create new API credentials for specific admin users by going to the API Credentials tab and clicking the green Generate New API Credential button. This will bring up the following form:

In this form, select which admin user the credentials are for, optionally give the credentials a description for their duties or permissions and then select which API Role(s) they should have (you can select multiple). Then click Generate, and you will be presented with the following information:

These are the identifier and secret keys used to authenticate access to WHMCS' API. You will give these to the admin user the credentials are for.

The identifier and secret key are not stored or viewable anywhere from within WHMCS after this screen. Make sure you copy and store them elsewhere before closing this box.

Written by Hostwinds Team  /  August 31, 2018