OAuth login extension for Plesk

The challenge

Plesk is a widely used hosting control panel where multiple administrators often work side by side. For those additional administrator accounts, Plesk by default only supports password login. That brings risks: weak passwords, reuse across systems and no central grip on who can access what. We wanted to give Plesk administrators a safer and more pleasant way to log in, without touching Plesk's core.

Our solution

We developed a Plesk extension that adds OAuth authentication for additional administrator accounts. Administrators connect Plesk to their own identity provider, such as authentik, Keycloak or Microsoft Entra ID, and from that moment on log in through one central place. Existing accounts are recognized automatically based on email address, without creating new accounts.

Deliberately limited, and therefore safer

The extension explicitly does not work for the main administrator account or for customer accounts. That choice keeps the attack surface small and ensures the critical system account is always reachable through the standard route. In addition, user registration is fully disabled and redirect URIs are strictly validated to prevent OAuth abuse.

The impact

Plesk administrators can now centralize their authentication with their own identity provider. No more separate passwords for every additional account, easier onboarding and offboarding of access, and a better audit trail. The extension is available in the Plesk Marketplace and is used by server administrators around the world.

Why this project stands out

The strength is in the combination of:

• An open OAuth integration that works with any standard provider

• Deliberate scope: only additional administrator accounts, for maximum safety

• Strict validation of tokens and redirect URIs

• A real Plesk extension, installable through the official Marketplace