Applies to versions: 1.11, 2.0, 2.1, 2.2, 2.3, 2.4, 2.5, 3.0, 3.1
Remote Clock IP Whitelist
Remote Clocking Whitelists
Using the left pane Main Menu, click on: Clocking ->Remote Clocking -> IP Address Whitelist
Permissions required: edit remote clock setup
Remote Clocking Whitelists allow you to restrict access to the remote clocking page through various factors. Primarily whitelists are used to restrict access to only clock attempts coming from particular IP addresses but they can also be further configured on several additional factors including employee information and time of day.
Note: An employee attempting to use remote clocking only needs to satisfy one whitelist to be allowed access.
Note: If there are no whitelists within a division then the system will make no restrictions on remote clocking. This is effectively the same as whitelisting everything.
For this article we will discuss three different whitelists: internal connections, external connections, and administration employees.
First we will review the settings for whitelist 1 and provide a description of the available options along with an explanation of how this list is configured. When you expand the row for whitelist 1 you will be presented with three tabs: Settings, IPs, and Employees.
The first whitelist is intended to allow any employee to use remote clocking provided they are using a computer on the internal network.
- Name: A field used to identify this whitelist compared to other whitelists. This must be unique within a division.
- Comment: An optional field that can be used to provide an explanation of how the whitelist is configured or what it is supposed to do.
- Expression: An advanced optional field that lets you apply custom logic to the evaluation of this whitelist. This will be explained more in depth at the end of this article.
- Active: An option to toggle this whitelist as being active or inactive. Only active lists have any affect on remote clocking.
- Only one IP address is listed for this whitelist. It uses the wildcard * to match any address from that point forward. Alternatively we could explicitly whitelist internal addresses such as 192.168.1.101, 192.168.1.102, 192.168.1.103 etc. Using a wildcard opens this whitelist effectively to any address that starts with "192.168.1."
- This is the employee membership list for this whitelist. There are no employees currently listed as members but that doesn't matter because for the second option we are saying that this whitelist is not restricted to certain employees.
The second whitelist allows remote clocking to be used from outside the local network but only if the employee is coming from a particular IP address or if they are on a restricted list of employees.
- The settings on this tab for this whitelist are not significantly different from the first whitelist. We have a different name and comment to identify and explain this whitelist.
- Unlike the first whitelist which used a wildcard to match all internal addresses, this whitelist only allows access coming from three specific addresses.
- Here we have defined a group of five employees and specified that only these employees will be whitelisted.
The last whitelist is configured to allow access to any employee from the Administration Organizational Unit regardless of the IP they are using. By tying the rule to the employee's organizational unit we do not have to maintain a list of employees within the whitelist itself.
- For this example on the employee tab we are allowing access to all employees and on the IPs tab we are allowing all IPs by adding a single IP to the list which is just the wildcard character *.
- This whitelist utilizes the power of expressions. When an employee's remote clock attempt is evaluated we will evaluate the expression to either a true (1) or false (0) value. If the expression returns true then the employee is whitelisted. In this example we compare the name of the employee's organizational unit to the static string "Administration". If they match we return true, otherwise we return false.
- A more detailed explanation of expressions in remote clocking can be found at this article