Client Area Integration
The module contains two client area templates:
- Advanced - Provides integration of all major functions, such as reinstallation and power management. [Screenshot, Demo video]
- Basic - Offers only a login button to the Tenantos web interface. [Screenshot]
Both templates include an SSO login button to allow customers to log in to the Tenantos interface without entering their credentials. The SSO functionality can be disabled in the module settings.
WHMCS Compatibility
The same system requirements apply as for the module. The templates work from WHMCS 6.0 and are compatible up to the latest WHMCS version. Both six and twenty-one are supported.
WHMCS before 7.6 used Font Awesome 4 - the module detects the used Font Awesome version and automatically uses the appropriate icons.
OS Logos
The same OS logos are displayed as in Tenantos. If you add additional OS logos in Tenantos or overwrite the default logos, they will be automatically applied to WHMCS.
WHMCS acts as a file proxy for the OS logos and does cache the OS logos for up to 24 hours. If you made adjustments to the OS logos in Tenantos, you can flush the image cache by deleting the directory modules/addons/dservermanager/app/Cache/
. The directory will be re-created automatically.
About Security
SSO Login
During the SSO login, the module checks whether the user ID stored in WHMCS actually owns the server. Otherwise, it would be fatal if a WHMCS administrator unintentionally stores a user ID that does not belong to this customer, because the customer would be logged in to a wrong account.
Permissions
Customers can only perform the actions or view the data that they are allowed to according to the role assigned in Tenantos. The client area adjusts based on the assigned permissions.
This means: If the Tenantos user account does not have permission to reinstall the server, this is also not possible via WHMCS. This, of course, also applies to all other actions such as managing RDNS entries, power management, etc.
API Calls & Actions
For additional security, the module executes all actions and API calls through the client's Tenantos account. The module impersonates the user account.
Tenantos logs all actions and API calls made by customers. Because the account is impersonated, the user can track the actions that were performed via WHMCS in his Tenantos account. The logs in Tenantos contain the IP address from whom the request came - to prevent exposing the WHMCS server IP and also to make the logs more traceable for the client, the WHMCS module passes the IP address of the customer to Tenantos and the logs contain the actual IP of the customer and not the one of the WHMCS server.
When a WHMCS administrator opens the client area, "127.0.0.1" is passed as IP to prevent users from seeing the IP address of WHMCS administrators.
The customers do not send the API requests directly to the Tenantos server, but WHMCS acts as a API proxy. In case an error occurs and the error message contains the domain name of Tenantos, the domain is removed from the error message.
Console Proxy
Apart from using the NoVNC console, clients do not need to directly access Tenantos, unless you wish to provide them with access to the external management panel.
If you disable the SSO functionality and prefer to not expose the Tenantos domain to your clients, you can setup a console proxy. For more detailed information, please read this page.