Articles in this section

See more
Print Friendly and PDF

Security Settings

FOR ADMINISTRATORS: the Security Settings of the Company --> Preferences page allows you to manage certain aspects regarding how your employees access and use ClickTime. These settings are also covered in part 4 of our Get Started guides, which can be accessed here

security-main.png

You can use the following links to go to the most appropriate section of this article.

Session Timeout Period
General Security Settings
Single Sign-On (SSO) Preferences

Session Timeout Period

For best results, we recommend using ClickTime while you work, and logging out at the end of each work day. You can also determine the automatic timeout period for your staff from this section of the Company --> Preferences page.

security-timeout.png

The session timeout period is the amount of time between the employee's last action (loading a page, saving a time entry, etc) and when they will automatically be logged out of ClickTime. We support the the following timeout periods:

  • 30 minutes
  • 1 hour
  • 2 hours
  • 4 hours
  • 8 hours
  • 12 hours
  • 1 day (24 hours)

If you are not sure what to set this to, we recommend discussing with your local IT team or whoever manages your internet connection. Employees who time out will be notified when this occurs and forced back to the login page.

General Security Settings

ClickTime has several different security options that you can choose to enable or disable:

security-auditetc.png

Allow Managers to unlock/un-approve timesheets (and expense sheets) when they also have permission to lock/approve them: By default, Managers will not have the ability to un-lock or un-approve Timesheets (or Expense Sheets). Check this box if you want to allow your Managers to have this option when (it will only apply to the Timesheets and Expense sheets that they can lock or approve). This is not the same as "rejecting" a timesheet or expense sheet, as they will still be able to reject even if this box is not checked.

Enable Audit Logging: Audit Logging (which is required for DCAA Compliance) allows you to track the time and person who creates or edits any time entries (as well as other Company settings). Demo customers should contact their Account Executive for more details and paying customers can contact support@clicktime.com for pricing.

Allow changes (not logged) to billing rates, costs, etc. that affect historical time and expense entries (either locked or unlocked): Check this box if you want to allow Administrators to retroactively change Billing Rates, Costs, etc. in bulk. Audit Log will track when these rates are changed, but not every affected time entry.

Note: Previously there was a setting to "Require secure (SSL) connections for web entry" - this option was removed in December 2020 as all ClickTime pages will load as https.

Single Sign-On (SSO) Preferences

Single Sign-On (or SSO) is a method to streamline the login process for ClickTime. Instead of remembering an email address/password combination, you can instead log into another, third-party application which has been authorized to access ClickTime and log in with that application.

SSO can be set to "Disable" (forcing staff to log in with an email/password combination), set to "Allow" (giving your staff the option to authenticate with another provider -or- using an email/password combination) or set to "Require" (which will give your account the most security because it requires users to authenticate using an SSO method).

security-allow.png

Basic and Corporate Accounts can use the Google Apps SSO methods (providing the email address they have in ClickTime is managed by Google Applications). 

Please note: Requiring Single Sign-On will prevent your organization from using the ClickTime Connector for QuickBooks (more details here).

Enterprise Accounts have several other options to authenticate with other providers such as Okta, OneLogin, and Azure AD.

security-sso-1.png

More information on ClickTime's SSO options can be found in this guide. Additional information about using other applications for Single Sign-On can also be found here:

If you are an Enterprise customer and interested in using another provider for SSO, please contact our Professional Services team directly and they will be happy to assist. There may be charges associated with additional SSO configuration. 

If you are using a custom SSO method such as Okta, OneLogin or Azure AD and your SSL certificate has just been renewed, you can update it from this page at any time:

security-certificate.png

If pasting the text into the field, please make sure the certificate begins with '-----BEGIN CERTIFICATE-----' and ends with '-----END CERTIFICATE-----'. If you find that SSO is not working after the SSL certificate has been renewed, please contact our Professional Services Team directly as soon as possible.

Please Note: If you "Require" sign-in using Single Sign-On, then your team will not be able to use the "Forgot your password?" option on the login page to change their password (ClickTime will not send any emails to users who request a Reset Password email when SSO is required). Additionally, the option to "Reset Password" will not be available from the 'Actions' menu on the Person Details page.

 

Related articles

Comments

0 comments

Article is closed for comments.