Time clock systems by TimeIPS
Call Now! 316-264-1600
Information
Sales
Support
Knowledge Base Search:  
Main Menu
· Home

· Table of Contents
· Article Index

· Downloads
· New Features
· FAQ
· News
· Web Links

   
TimeIPS Knowledge Base

Table of Contents: Article IndexPrintable Version

Applies to versions: 3.2



Remote Clock IP Whitelist



Remote Clocking Whitelists allow you to restrict access to the remote clocking page through various factors. Primarily whitelists are used to restrict access to only clock attempts coming from particular IP addresses but they can also be further configured on several additional factors including employee information and time of day.

Note: An employee attempting to use remote clocking only needs to satisfy one whitelist to be allowed access.

Note: If there are no whitelists within a division then the system will make no restrictions on remote clocking. This is effectively the same as whitelisting everything.

For this article we will discuss three different whitelists: internal connections, external connections, and administration employees. 

 

 

 

Using the left pane Main Menu » Administration, click on: Clocking » Remote/Web Clocking Administration

 

Click on the Remote/Web IP Address Whitelist icon at the top of the page.





 

 

 

 

 

Add a New IP Whitelist


  1. Click the + (plus) sign to the left of the Add a New IP Whitelist bar.

  2. New Whitelist Name: provide the name for a new tracking field.

  3. Click the Add New IP Whitelist button to save.
The New IP Whitelist will appear in the table below.

 

 

 

 

Setup and Edit


  • Click the + (plus) sign to the left of the IP Whitelist Name.

When the row is expanded, three tabs will display: Settings, IPs, and Employees.

 

First we will review the settings for whitelist example #1 and provide a description of the available options along with an explanation of how this list is configured.

1. All Internal: The first whitelist is intended to allow any employee to use remote clocking provided they are using a computer on the internal network.

 

Settings tab

  • Name: A field used to identify this whitelist compared to other whitelists. This must be unique within a division.
  • Comment: An optional field that can be used to provide an explanation of how the whitelist is configured or what it is supposed to do.
  • Expression: An advanced optional field that lets you apply custom logic to the evaluation of this whitelist. This will be explained more in depth at the end of this article.
  • Active: An option to toggle this whitelist as being active or inactive. Only active lists have any affect on remote clocking.

 

IPs Tab

  • Only one IP address is listed for this whitelist. It uses the wildcard * to match any address from that point forward. Alternatively we could explicitly whitelist internal addresses such as 192.168.1.101, 192.168.1.102, 192.168.1.103 etc. Using a wildcard opens this whitelist effectively to any address that starts with "192.168.1."

 

Employees Tab

  • This is the employee membership list for this whitelist. There are no employees listed as Current Members but that doesn't matter because for the second option (This Whitelist Allows Access to) is set to "Any Employee" which does not restrict this whitelist is to certain employees.

 

 

 

2. External Exceptions: This whitelist allows remote clocking to be used from outside the local network but only if the employee is coming from a particular IP address or if they are on a restricted list of employees.

 

Settings tab

  • The settings on this tab for this whitelist are not significantly different from the first whitelist. We have a different name and comment to identify and explain this whitelist.

 

IPs tab

  • Unlike the first whitelist which used a wildcard to match all internal addresses, this whitelist only allows access coming from three specific addresses.

 

Employees Tab

  • Here we have defined a group of three employees and specified that only these employees will be whitelisted.

 

 

 

3. Administration: The last whitelist is configured to allow access to any employee from the Administration Organizational Unit regardless of the IP they are using. By tying the rule to the employee's organizational unit we do not have to maintain a list of employees within the whitelist itself.

 

Settings Tab

  • For this example on the employee tab we are allowing access to all employees and on the IPs tab we are allowing all IPs by adding a single IP to the list which is just the wildcard character *.
  • This whitelist utilizes the power of expressions. When an employee's remote clock attempt is evaluated we will evaluate the expression to either a true (1) or false (0) value. If the expression returns true then the employee is whitelisted. In this example we compare the name of the employee's organizational unit to the static string "Administration". If they match we return true, otherwise we return false.
    • A more detailed explanation of expressions in remote clocking can be found at this article


©2004-2023 TimeIPS, Inc. All Rights Reserved - TimeIPS and the TimeIPS logo are registered trademarks of TimeIPS, Inc.
"Intelligent Personnel System" "Run your Business. We'll watch the clock." are trademarks of TimeIPS, Inc.
TimeIPS is protected by one or more patents. Patent No. US 7,114.684 B2.