Help Home | Help Contents

Login Access Control

The Access Control Screenshot
The Access Control Screen - Click to Enlarge

Online Time Clock MTS allows you to restrict what Computer IP Addresses can be used to log into the system, thus keeping check on employee clock in and out locations. This is only available to timeclock logins and not reports logins, location administrators or the account administrator. To control timeclock logins you must specify computer IP address access in the Login Access Control screen.

The Access Control Screen

The Access Control screen is reached by clicking on the Access Control link for a login on the Manage Logins screen. This Access Control Screen comprises a list of the computer IP addresses that are authorized to access the selected login, each item in the list has an accompanying Edit and Delete link. You can click the Edit link to be taken to the Edit IP Access Record window. You can delete an IP Access record by clicking the delete button. Note that once you have deleted all IP Access records for a given login you've removed all restrictions to that login and it can be accessed from any computer.

New IP Access records can be defined by clicking the Add New IP Access Record link at the top of the list, this will take you to the Add IP Access Record window.

The Add/Edit IP Access Screenshot
The Add/Edit IP Access Screen - Click to Enlarge

The Add/Edit IP Access Record Window

This window allows you to add or edit IP access records to a login. Each IP Access record can (and should) have a description. For example, to allow IP addresses by Comcast you might label those as "Comcast".

IP addresses are specified in 4 sets of up 1 to 3 numbers (for example 123.111.22.1). Each set of 1-3 numbers is known as an 'octet'. For a valid IP Access record you must have numbers in at least the left most octet. If you specify numbers in each of the 4 octets then Online Time Clock MTS will do an exact match on that IP address, if you only fill in 1, 2, or 3 of the octets then Online Time Clock MTS will allow any match for the blank octets. Here's how it works:

  • IP Access Record: 192.168.2.1 : will only match an IP address of 192.168.2.1
  • IP Access Record: 192.168.2 : will match an IP address beginning with 192.168.2. and allow any value in the fourth octet (so 192.168.2.100 will match as will 192.168.2.6 and so on).
  • IP Access Record: 192.168 : will match an IP address beginning with 192.168. and allow any value in the third and fourth octets (so 192.168.2.100 will match as will 192.168.111.9 and so on).
  • IP Access Record: 192 : will match an IP address beginning with 192. and allow any value in the second third and fourth octets (so 192.1.2.100 will match as will 192.111.56.99 and so on).

Multiple IP Access Records for a Login

You can specify as many (or as few) IP Access records for a given login. However, you should note that some entries can make other entries redundant. For example, there's no point have one record defined as 192.168.2.1 and another as 192. because the 192. record will simply accept any IP address starting with 192. and make the more specific access record redundant.

What Happens When Someone Logs in from an Un-Authorized Computer?

When an employee tries to log into a timeclock security level login that is not authorized they will simply receive a message that they cannot login from that computer. It's as simple as that.

A Note on IP Addresses

You should be aware that the IP address that Online Time Clock MTS checks is your external IP address rather than your IP address on your private network. This external IP address is usually obtained from a network address translator (found in your DSL modem or ADSL modem, or perhaps a cable modem) through which your private network is connected to the internet. On some networks this IP address may be obtained via a proxy gateway. Whether this external IP address is fixed or changes is dependent entirely on how your private network is connected to the internet and how your internet service provider configures their networks.

Example : Acme LLC has 15 computers on their internal network and the IP addresses of these are set from 192.168.1.2 through to 192.168.1.16. Their server is one of these computers and has the IP address 192.168.1.2 and it is connected to a DSL modem with a private network address of 192.168.1.1. Acme LLC uses Superfast Lightning.NET LLC as their internet service provider and Superfast Lightning.NET does not assign a fixed IP address to Acme's DSL modem. Rather they assign it a different one periodically in the range 112.156.001.001 to 112.156.255.255. So for Acme LLC to restrict access to their time clock login to computers only within their own premises they'd have to apply a IP Access record of 112.156.

There is a problem with this, if one of Acme LLC's employees also uses Superfast Lightning.NET as their internet service provider for their home internet connection then it could very well happen that their home network's IP address falls within the allowable range. The solution is to request a Fixed IP Address from your service provider. This is often available at a small charge from many service providers.


This page last modified : 09:31:36 18 Jun 2015

Fast Links

Categories