Location and Security Restriction Setup

Help
Need more help?
Submit a ticket
Was this article helpful?

Overview

In addition to punch locations, your OnTheClock account offers additional security features for accurate punching. You can view these settings in employee profiles when you click on the “Location and Security” tab.

Methods for Clock-In Restriction

IP Authorization

Toggle this setting on to tether clock-ins to a specific internet network. From there, you can set an enforcement rule:

  • Lock Out Employee: The employee will not be able to clock in unless they are on the designated network.
  • Warn Employee: The employee can clock in from other devices, but will receive a warning message if not using the designated network.
  • Off: The employee will be able to clock in and out regardless of what network they are using.

You can allow clock-ins from multiple IP addresses by changing the Enforcement Type. For example, you can use the Multi IP Range to allow employees to clock in and out from any IP address within a range.

Device Authorizations

Toggle this setting to on to tether clock-ins to a specific device. The employee must log in from the device for it to be displayed as an option.

Fingerprint Sign-On

Toggle this setting on if you’d like employees to be able to clock in and out using their fingerprints. From here, you can set a sign on the restriction level:

  • On: Setting fingerprint sign-on to just “on” will allow more flexibility in methods for clock-in for employees.
  • On, Fingerprint Only: if you choose “on, fingerprint only,” an employee cannot complete clock-in through any other method and can only use fingerprint sign-on. 

You can read more about setting up this feature.

Desktop or Laptop GPS

Toggle this setting to on if you’d like to record an employee’s GPS coordinates when they clock in or out from a computer. They will not be restricted to a specific location.

Mobile Rules and GPS

Toggle this setting to on to allow an employee to clock in via mobile device. From there, you can set a Mobile Rule:

  • Do Not Record GPS Coordinates: No location information will be recorded.
  • Record GPS Coordinates: A location will be recorded upon clocking in or out.
  • Record GPS Coordinates and Require GPS to Punch: A location will be recorded, and the employee must share their location to clock in or out.
  • Record GPS Coordinates and warn if Not at GPS Punch Location(s): Employees will be warned if they try to clock in outside a designated location.
  • Record GPS Coordinates and disable Punch if Not at GPS Location(s): The employee will not be able to clock in unless they are at a designated location.

GPS Tracking

Toggle this setting on to enable GPS tracking for employees while they are clocked in for a shift. 

Setup

IP Authorization

  1. Step 1: Log in as an administrator or manager.
  2. Step 2: Under “Employees,” click the employee you wish to restrict.
  3. Step 3: Under “location & security,” toggle IP Authorization on.
  5. Step 4: Specify your enforcement level.
  6. Step 5: Specify your enforcement type.
  7. Step 6: Enter the public IP into the boxes and click save.

Device Authorization

  1. Step 1: Log in as an administrator or manager.
  2. Step 2: Under “Employees,” click the employee you wish to restrict.
  3. Step 3: Under “location & security,” toggle “Enable device & browser authorization” on.
  4. Step 4: Find the device in the list you want to allow and toggle “Allow Punching” On.
  6. Step 5: Click save.

Fingerprint Sign On

  1. Step 1: Log in as an administrator or manager.
  2. Step 2: Under “Employees,” click the employee you wish to restrict.
  3. Step 3: Under “fingerprint sign on,” choose “On” or “On, fingerprint only.”
  4. Step 4: Check to see if you have fingerprints on file.
  5. Step 5: Save.

Desktop or Laptop GPS

  1. Step 1: Log in as an administrator or manager.
  2. Step 2: Under “Employees,” click the employee you wish to restrict.
  3. Step 3: Under “desktop GPS rules,” toggle the setting to on.
  5. Step 4: Save.

Mobile Rules & GPS

  1. Step 1: After logging in, navigate to “Employees.”
  2. Step 2: Select an employee to open their profile.
  3. Step 3: From the employee profile, navigate to “Location & Security.”
  4. Step 4: Under “Mobile Rules & GPS,” toggle “Enable mobile punch” on.
  6. Step 5: Select your mobile rule
  7. Step 6: Click “Save settings”.

App GPS Tracking

  1. Step 1: After logging in, navigate to “Employees.”
  2. Step 2: Select an employee to open their profile.
  3. Step 3: From the employee profile, navigate to “Location & Security.”
  4. Step 4: Under “Mobile Rules & GPS,” toggle “App GPS Tracking” on.
  5.  
  6. Step 5: Click “Save Settings.”

Mobile Rules & GPS

  1. Step 1: After logging in, navigate to “Employees.”
  2. Step 2: Select an employee to open their profile.
  3. Step 3: From the employee profile, navigate to “Location & Security.”
  4. Step 4: Under “Mobile Rules & GPS,” toggle “Enable mobile punch” on.
  5. Step 5: Select your mobile rule.
  6. Step 6: Click “Save settings”.

App GPS Tracking

  1. Step 1: After logging in, navigate to “Employees.”
  2. Step 2: Select an employee to open their profile.
  3. Step 3: From the employee profile, navigate to “Location & Security.”
  4. Step 4: Under “Mobile Rules & GPS,” toggle “App GPS Tracking” on.
  5. Step 5: Click “Save Settings.”

 

What to Expect

If an employee receives a message that they are at an unauthorized browser they may have cleared cache and cookies and it will need to be reset as an ok device by an administrator. 

If an employee receives an error that they are not at an authorized IP address confirm the correct IP is entered. If you do not have a static IP it is possible that in an event where the network was restarted your public IP was reassigned. We will tell you what your current IP address is under the setup of IP authorization. 

Troubleshooting

A
Yes — clearing a cache, deleting cookies, or deleting the mobile app will deauthorize a device, requiring you to repeat the authorization process.
A
IP enforcement will only work if you have cable, a T1 line, or a Static DSL internet connection. Standard DSL constantly changes IP addresses. Therefore, it will not work for IP enforcement.
A
If your IP address is not static and you lose power or your internet connection, you may lose the IP address. If so, the IP address on file will need to be updated.
A
If your IP address is not static and you lose power or your internet connection, you may lose the IP address. If so, the IP address on file will need to be updated. “IP” is most commonly used and works best if employees work from one main office. “Multi IP Ranges” is the next most popular, allowing you to enter multiple IP addresses to create a list of authorized IPs for multiple locations for clock in/out.
A
Yes — employees need to accept tracking for their devices to be tracked. Due to privacy, they can decline tracking.
A
No —this is set to record every 200 meters and employee moves.
Need more help?
Submit a ticket

What's Next

Overtime Rules and Alerts

Learn how to set up overtime and receive messages when an employee enters into overtime.

SMS Alerts and Employee Messages

Learn how to use different features to message and alert employees.

Setting Up Paid Time Off

Learn how to set up paid time off to work with your organization’s policies.