/
Admin OIDC Authentication

Admin OIDC Authentication

Overview

Admin OAuth Authentication plugin for HostBill enables administrators to log in to the HostBill admin portal using custom OAuth/OIDC providers, providing a seamless and secure authentication experience.

Activating the module

  1. If the plugin is included in your HostBill edition you can download it from your client portal.

  2. If the plugin is not included in your HostBill edition you can purchase it from our marketplace and then download it from the client area.

  3. Once you download the plugin extract it in the main HostBill directory.

  4. Go to Settings → Modules, find and activate Admin_Auth_OAuth plugin.

  5. Once the plugin is activated you will be directed to Settings→ Modules→ Plugins to configure authentication.

Module confiuration

For the Admin_Auth_OAuth module the following configuration options are available:

  • Login button label - the text displayed on the login button on the login page. Default is “Login with Oauth”.

  • Client ID - the OAuth Client ID provided by your OAuth provider.

  • Client Secret - the OAuth Client Secret provided by your OAuth provider.

  • Authorization URL - the URL used to initiate the OAuth authorization process.

  • Token URL - the URL used to request access tokens from the OAuth provider.

  • Resource (user info) URL - the URL to retrieve user information (user profile) from the OAuth provider.

  • Logout URL - the URL to redirect users to after they log out. Staff members will be redirected to this URL upon logout from HostBill.

  • Provision staff members - when this option is enabled, staff members will be automatically created upon their first login, based on the provision template.

  • Provision template - select an existing staff member as a template for creating new staff accounts during provisioning.

  • Synchronize groups - when this option is enabled, the module will request the "groups" scope. If groups are present in the OAuth resource and found in HostBill, they will be used to assign groups to staff members before login.

  • Allow login for provisioned members only via OAuth - when this option is enabled, only staff members provisioned by this plugin will be able to log in via OAuth (local login will be disabled for these users).

  • Disable HostBill MFA for OAuth logins - when this option is enabled, users logging in via OAuth will bypass MFA enforcement configured in HostBill.

  • Disable HostBill login method - when this option is enabled, the standard HostBill login method will be blocked, allowing only OAuth logins. Use with caution - if no admin is configured for OAuth or if the connection fails or secrets change, you risk being locked out of the admin portal. Recovery would then require disabling this module directly in the database.

Note

After saving changes you can use Test Connection option to check if HostBill can successfully connect and log in using the provided OAuth settings.

image-20260309-085403.png

 

Recovering default login method on lockout

Once module is enabled and no fallback login method is enabled, you may not be able to login in case ldap connection fails for some reason.

To revert to default  authentication method you need to disable module in database directly. In order to do so perform following sql query against your HostBill database:

UPDATE hb_modules_configuration SET active = 0 WHERE filename = 'class.admin_auth_oauth.php';