TivroAdminPasskeys brings modern passwordless authentication to your WHMCS admin panel. Instead of relying solely on passwords, your staff can register passkeys — fingerprints, Face ID, Windows Hello, YubiKeys, or any FIDO2-compatible device — and sign in instantly without typing a password.

Designed specifically for WHMCS hosting businesses, the addon integrates directly into the admin login page with zero manual file uploads required. All configuration, permissions, and monitoring happen from within the addon's own admin panel.

Authentication

• Passkey login on the admin login page — the Sign in with Passkey button is injected automatically with no template edits or manual file changes required
• Broad device support — biometrics (Face ID, Touch ID, Windows Hello), hardware keys (YubiKey, Titan), and device PINs via any FIDO2-compatible authenticator
• Three authentication modes — Password + Passkey for gradual rollout, Passkey Only to block password login entirely, or Password Only to disable passkey functionality
• Super admin password fallback — super admins retain password access even in Passkey Only mode, preventing lockout during staff rollouts
• Grace period — configurable days before Passkey Only enforcement applies to newly created admin accounts

Staff Management

• Centralised enrollment view — see all admin accounts with enrolled vs unenrolled status, passkey count, and last login at a glance
• Passkey registration & revocation — admins register their own passkeys from a self-service page; super admins can revoke any passkey across all accounts
• Device naming — rename passkeys to meaningful labels such as "MacBook Pro" or "YubiKey" for easy identification
• Multiple passkeys per admin — register different devices for redundancy; last-used timestamp tracked per passkey

Security Controls

• Step-up OTP on new IP — when an admin logs in from an unrecognised IP, a one-time verification code is sent to their admin email before access is granted
• Failed attempt lockout — configurable threshold locks an admin account for 30 minutes after repeated failures
• Passkey expiry — set a maximum passkey lifetime in days; expired passkeys require re-registration
• Login hour restrictions — limit passkey logins to a defined time window with timezone support
• Trusted IP whitelist — IP addresses and CIDR ranges that bypass passkey enforcement entirely, ideal for office networks
• Session timeout — force passkey re-verification after a configurable number of hours of inactivity

Role-Based Permissions

• Per-role permission matrix — every page and action is independently toggleable per WHMCS admin role: overview, passkeys, enrollment, audit log, policies, permissions, and license
• Super admin bypass — super admins have unconditional full access regardless of permission settings
• Sidebar reflects permissions — non-super-admin staff only see menu items their role has been granted access to

Audit & Compliance

• Full audit trail — every passkey registration, login attempt, revocation, and policy change is recorded with timestamp and IP address
• CSV export — download the full audit log as a CSV at any time
• GDPR per-admin data export — download a JSON package of passkey metadata and audit history per admin for data subject access requests
• Configurable retention — automatically purge audit records older than a defined number of days via the daily cron job

Notifications

• Email alerts — notify admins on passkey registration, revocation, and suspicious login attempts
• Weekly email digest — automated weekly security summary for super admins covering logins, failures, and enrollment stats
• Webhook support — POST event notifications to Discord, Telegram Bot API, or any custom JSON endpoint

Compatibility

• WHMCS 7.x, 8.x, and 9.x
• PHP 8.0+
• HTTPS required — passkeys require a secure context
• Valid license required — available at tivro.net