The Security Settings of the Company --> Preferences page allows you to manage certain aspects regarding how your employees access and use ClickTime. These settings are also covered in part 4 of our Get Started guides, which can be accessed here.
You can use the following links to go to the most appropriate section of this article.
ClickTime has several different security options that you can choose to enable or disable:
Allow Managers to unlock/un-approve timesheets (and expense sheets) when they also have permission to lock/approve them: By default, Managers will not have the ability to un-lock or un-approve Timesheets (or Expense Sheets). Check this box if you want to allow your Managers to have this option when (it will only apply to the Timesheets and Expense sheets that they can lock or approve).
Enable Audit Logging: Audit Logging (which is required for DCAA Compliance) allows you to track the time and person who creates or edits any time entries (as well as other Company settings). Demo customers should contact their Account Executive for more details and paying customers can contact firstname.lastname@example.org for pricing.
Allow changes (not logged) to billing rates, costs, etc. that affect historical time and expense entries (either locked or unlocked): Check this box if you want to allow Administrators to retroactively change Billing Rates, Costs, etc. in bulk. Audit Log will track when these rates are changed, but not every affected time entry.
Note: Previously there was a setting to "Require secure (SSL) connections for web entry" - this option was removed in December 2020 as all ClickTime pages will load as https.
Single Sign-On (or SSO) is a method to streamline the login process for ClickTime. Instead of remembering an email address/password combination, you can instead log into another, third-party application which has been authorized to access ClickTime and log in with that application.
SSO can either be disabled (forcing staff to log in with an email/password combination), allowed (giving your staff the option to authenticate with another provider) or required (which will give you the most security).
Basic and Corporate Accounts can use the Google Apps SSO methods (providing the email address they have in ClickTime is managed by Google Applications).
Please note: Requiring Single Sign-On will prevent your organization from using the ClickTime Connector for QuickBooks (more details here).
Enterprise Accounts have several other options to authenticate with other providers such as Okta, OneLogin, and Azure AD.
More information on ClickTime's SSO options can be found in this guide. Additional information about using other applications for Single Sign-On can also be found here:
If you are an Enterprise customer and interested in using another provider for SSO, please contact our Professional Services team directly and they will be happy to assist. There may be charges associated with additional SSO configuration.
If your SSL certificate has just been renewed, you can update it from this page at any time:
If pasting the text into the field, please make sure the certificate begins with '-----BEGIN CERTIFICATE-----' and ends with '-----END CERTIFICATE-----'. If you find that SSO is not working after the SSL certificate has been renewed, please contact our Professional Services Team directly as soon as possible.
Please Note: If you "Require" sign-in using Single Sign-On, then your team will not be able to use the "Forgot your password?" option on the login page to change their password (ClickTime will not send any emails to users who request a Reset Password email when SSO is required). Additionally, the option to "Reset Password" will not be available on the Person Details page.
For best results, we recommend using ClickTime while you work, and logging out at the end of each work day. You can also determine the automatic timeout period for your staff from this section of the Company --> Preferences page.
The session timeout period is the amount of time between the employee's last action (loading a page, saving a time entry, etc) and when they will automatically be logged out of ClickTime. We support the the following timeout periods:
- 30 minutes
- 1 hour
- 2 hours
- 4 hours
- 8 hours
- 12 hours
- 1 day (24 hours)
If you are not sure what to set this to, we recommend discussing with your local IT team or whoever manages your internet connection. Employees who time out will be notified when this occurs and forced back to the login page.