Team Manager Design


Last modified: June 17, 2022

Overview

Warning:
This feature is currently under development and is not in the cPanel & WHM.

The Team Manager feature will allow cPanel accounts to create new team user accounts. These users will then be able to assist with managing domains, email, databases, and more.

Feedback

cPanel, L.L.C. values our customers’ feedback. Click the link below to go to our customer survey.

Survey

Feature Overview

After almost a decade of requests, cPanel will soon be offering Team Manager. The new Team Manager allows creating a sub-cPanel account to allow multiple users to access, administer, and work on a single cPanel account without risking account security. These sub-cPanel account users are called team users.

With Team Manager, business owners can allow developers and administrators to manage their websites. Each team user will have a separate login and share the same cPanel account resources. This allows for the division of responsibility and provides audit tracking for all accounts.

One goal of the Team Manager feature is to allow multiple tools that will provide access to specific features that the user will need. For example, if a business owner hired an email administrator, their team user would have the Email tool. This tool would give access to the email feature group in cPanel, giving access to all the tools they need to complete their job. Other people a business owner might hire might include a web designer, a web programmer, or a database administrator. All of these roles can have access to tools that will assist them to complete their work securely.

Terminology

  • Team Owner -The cPanel account can be thought of as the parent account.
  • Team User - A virtual account that exists under the Team Owner’s account.
  • Team -The Team Owner with all its Team Users.
  • Team Member - A member of the team. A team member is either a Team User or a Team Owner.
  • Tools - A set of privileges, features, and files set by the Team Owner that a Team User has permission to do, access, or modify.

Enabling Team Manager for cPanel Accounts

In WHM’s Feature Manager interface (WHM>> Home >> Packages >> Feature Manager), you will see the Manage Team checkbox to enable the Manage Team interface for a cPanel account.

Manage Team in cPanel

The Manage Team feature uses existing cPanel tools for account management. The Manage Team feature allows management via the following:

  • Creation - Creating the account so a team user can log in.
  • Authentication - Logging in.
  • Modification - Changing a team users tools, contact email, password reset, etc.
  • Suspension - Disable logging in for a team user.
  • Deletion - Removing an account entirely.

The Manage Team interface shows a list of all existing users, both active and suspended, on the team. A team will be limited to seven team user accounts. Suspended accounts count toward the maximum.

When creating a new account, team owners will be able to set a new username, add a contact email, enable Two-Factor Authentication, and select tool(s) assignments.

To set a new password, you have two options. Team owners can either set the new team user’s password or send a login link for the team user to set their own password.

Only the team owner can modify team user accounts, except that team users can change their password, contact email, and two-factor authentication secret. You can configure the following items during team user creation:

  • Username - Set the user’s login username.
  • Notes - This setting is optional. You can choose to add notes regarding the user.
  • Password options - You can choose to send an email to let the user choose their own password (default), or you can set the password for the user. The team user can change their password after creation.
  • Contact email address - The contact email address for the person using this team user. The team user can change their contact email after creation.
  • Require Two-Factor Authentication - Enable two-factor authentication for this user. Two-Factor authentication is an option to add extra security to a team user’s account. The team user cannot disable this setting; only the team owner can do this. The team user can change their 2FA secret after creation.
  • Tools - Configure the tools and permissions that this specific user will have, allowing access to specific features and functions within the cPanel interface.

Creating or assigning FTP, Webdisk, or email services through team user creation is also included.

Tools

Tools are a set of privileges, features, files, or tasks that a team user can use. All tools are predefined as the Tools page feature groups (Email, Domains, Databases, etc.) as defined in the /usr/local/cpanel/base/frontend/jupiter/dynamicui.conf file.

There are no custom tools. New features are assigned to a feature group and then to a tool. A team user may have one or more of these tools.

Account Management

The team owner or WHM root user can do the following for team users:

  • Change Password.
  • Change Contact email.
  • Require Two-Factor Authentication.
  • Suspend.
  • Unsuspend.
  • Delete.

Password and security

After account creation, the new team user will need to log in. Depending on the option selected, the team user may need to click on the link in the introduction email to set a password or to use the password provided by the team owner. You cannot changed a password a suspended team user.

Suspending a user

Only the team owner and root user can suspend a team user. A suspension blocks the login for that team user. If the suspended user is already logged in to cPanel, the system logs the user off. A suspended team user counts towards the maximum of seven total team users per cPanel account.

What happens when a team user is suspended?

The Suspend interface includes a checkbox to notify the team user by email when suspension happens. You must select the checkbox to enable this feature.

Invalidating any tokens or cookies will forcibly log off a suspended user. When the user attempts to click on something, the interface will redirect to the login screen.

Note:
You cannot change a password for a suspended team user.

What happens when a team owner is suspended?

If a cPanel account is suspended, the suspension applies to all team users under the cPanel account. When unsuspended, the team users will regain access to their account if they before were active.

Deleting a user

To delete a team user account, suspend the account first and then remove all that team user’s information. A deleted team user account no longer counts toward the maximum of seven total team users per cPanel account.

The interface to delete an account includes a checkbox to notify the team user by email when deletion happens. You must select the checkbox to enable this feature.

Warning:
Deleting a cPanel account will also delete all its team user accounts.

Audit logging

Since there will be many users sharing access to various features, files, and directories, a critical element is being able to track who did what. One critical way we do that is by logging actions taken through the Audit Log interface. The following image shows API function calls made by different team users:

For more information about our Audit Log, read our The cPanel & WHM Log Files documentation.

Note:
The Audit Log will be available in cPanel & WHM version 106, earlier than the Team Manager feature. The Audit Log interface will only be available when Team Manager releases.

Feedback

cPanel, L.L.C. values our customers’ feedback. Click the link below to go to our customer survey.

Survey

Additional Documentation