Google Authenticator with WHMCS

I’ve recently added in Two-Factor Authentication for administrators of WHMCS at KA-Distribution.co.uk. For those who are unaware, WHMCS is “an all-in-one client management, billing & support solution for online businesses.” It’s very useful to me as it automates common tasks with my hosting company, it integrates with Paypal for payments and gives a really pleasant interface for managing my customer’s accounts.

One thing I’m also finding with WHMCS lately in my opinion is that they rush out updates, updates they don’t document very well. So you have these tremendous new features but no instructions on how to actually set them up. Even 4-6 weeks later no documentation has been written. I logged a high priority support ticket for help last night and didn’t get a response in 24 hours so decided to sit down and try and figure it out.

Here’s a couple of tips from my poking around.

Setting up Google Authenticator with WHMCS

  • Go into Setup > Staff Management > Two-Factor Authentication.
  • Activate the subscription you require. I opted for Time – Based One Time Passwords. It’s $1.50 a month.
  • Tick “Enable for Staff” and also tick “Force Administrator Users to enable Two Factor Authentication on Next Login”
  • Save the changes.

Once the above is complete, you need to then set up Google Authenticator. What should happen when you click save in my opinion is a setup wizard should pop up. It doesn’t. So to set up the authentication, follow the below steps.

  • Download the Google Authenticator app – I’m using iPhone 5.
  • Click Home > My Account (whilst logged in as an administrator).
  • Under Language, click to Enable Two-Factor Authentication.
  • Scan the QR code on screen with Google Authenticator to import the re-generating tokens.
  • Enter the code on screen to verify the token is setup correctly.
  • Note down the emergency access code incase your device is lost or unavailable.

The above process counts for both initially setting up two-factor, or if you move to a new device. If you move to a new device as I have, I’ve recently changed from iPhone 4s to an iPhone 5 on 4G, you’ll need to login using the tokens from your old device (or the emergency code if your device is unavailable). Disable Two-Factor Authentication, enter your admin password and then go back through the Enable process to set up your new device. You will get a new emergency access code.

Image of Google Authenticator on iOS 6.
Google Authenticator displaying a code on iOS 6.

Please note this guide is functional as of WHMCS version 5.2.3 on 4/4/2013.