The Security Settings of the Company --> Preferences page allows you to manage certain aspects regarding how your employees access and use ClickTime. These settings are also covered in part 4 of our Get Started guides, which can be accessed here.
You can use the following links to go to the most appropriate section of this article.
ClickTime has several different security options that you can choose to enable or disable:
Require Secure (SSL) connections for web entry: Requiring secure (SSL) connections will make sure that all pages in ClickTime are secure. All ClickTime pages will load in https.
Permit people to download and enter time with the ClickTime Desktop Application: ClickTime has an optional Desktop Application that is designed for users who are not connected to the internet when they do time entry. Uncheck this box if you do not want users to log time with the Desktop Application. Please note - The Desktop Application is based on the Microsoft Silverlight application which is only nominally supported by Microsoft. As we are no longer able to troubleshoot issues associated with the Desktop Application, the options to download this application have been removed from ClickTime. If you have a staff member who wishes to use the unsupported Desktop Application, please email our Support Team and they can provide you with a link (the link can only be accessed using Internet Explorer 11).
Allow Managers to unlock/un-approve timesheets (and expense sheets) when they also have permission to lock/approve them: By default, Managers will not have the ability to un-lock or un-approve Timesheets (or Expense Sheets). Check this box if you want to allow your Managers to have this option when (it will only apply to the Timesheets and Expense sheets that they can lock or approve).
Enable Audit Logging: Audit Logging (which is required for DCAA Compliance) allows you to track the time and person who creates or edits any time entries (as well as other Company settings). Demo customers should contact their Account Executive for more details and paying customers can contact email@example.com for pricing.
Allow changes (not logged) to billing rates, costs, etc. that affect historical time and expense entries (either locked or unlocked): Check this box if you want to allow Administrators to retroactively change Billing Rates, Costs, etc. in bulk. Audit Log will track when these rates are changed, but not every affected time entry.
Single Sign-On (or SSO) is a method to streamline the login process for ClickTime. Instead of remembering an email address/password combination, you can instead log into another, third-party application which has been authorized to access ClickTime and log in with that application.
SSO can either be disabled (forcing staff to log in with an email/password combination), allowed (giving your staff the option to authenticate with another provider) or required (which will give you the most security).
Basic and Corporate Accounts can use the Google Apps SSO methods (providing the email address they have in ClickTime is managed by Google Applications). Please be aware that requiring Google SSO will prevent access to the current version of the Mobile Application.
Enterprise Accounts have several other options to authenticate with other providers such as Okta, OneLogin, and Azure AD.
More information on ClickTime's SSO options can be found in this document. For assistance with other applications, please see the appropriate help documentation:
If you are an Enterprise customer and interested in using another provider for SSO, please contact our Professional Services team directly and they will be happy to assist. There may be charges associated with additional SSO configuration.
If your SSL certificate has just been renewed, you can update it from this page at any time:
If pasting the text into the field, please make sure the certificate begins with '-----BEGIN CERTIFICATE-----' and ends with '-----END CERTIFICATE-----'. If you find that SSO is not working after the SSL certificate has been renewed, please contact our Professional Services Team directly as soon as possible.
Please Note: If you "Require" sign-in using Single Sign-On, then your team will not be able to use the "Forgot your password?" option on the login page to change their password (ClickTime will not send any emails to users who request a Reset Password email when SSO is required). Additionally, the option to "Reset Password" will not be available on the Person Details page.
For best results, we recommend using ClickTime while you work, and logging out at the end of each work day. You can also determine the automatic timeout period for your staff from this section of the Company --> Preferences page.
The session timeout period is the amount of time between the employee's last action (loading a page, saving a time entry, etc) and when they will automatically be logged out of ClickTime. We support the the following timeout periods:
- 30 minutes
- 1 hour
- 2 hours
- 4 hours
- 8 hours
- 12 hours
- 1 day (24 hours)
If you are not sure what to set this to, we recommend discussing with your local IT team or whoever manages your internet connection. Employees who time out will be notified when this occurs and forced back to the login page.