Start a new topic

How to Set Punch Restrictions for Employees (Location, IP, Device/Browser)

People love being able clock in and out in the convenient ways that OnTheClock offers. Our system is designed to be tailored to your business's needs. One of the ways you can do this is to set exactly how your employees are allowed to punch. Click on Employees > View Full Employee List. Select an employee from the Employees page, then switch over to their "Security" tab to get to this page. The main purpose of these features is to prevent employees from punching in somewhere other than the workplace. This post breaks down each of these settings, and how to apply them. =)

Punching Security Features

Mobile Punching & Rules

Checking the box labeled “Enable Mobile Punch” will allow for punching using the mobile app. When enabled, you can customize your employee’s GPS settings in the following ways:


  1. Does not record any GPS information. Employee can punch anywhere.
  2. Records coordinates of employee at time of punch, if employee allows. Can punch anywhere.
  3. Requires that the employee allow coordinates to be recorded in order to punch. Can punch anywhere.
  4. Warns employee (and sends the admin/mgr an email) when punches are attempted outside of designated radius.* Can punch anywhere.
  5. Disables all punching outside of designated radius.*

*System does not distinguish one location from another. If multiple locations are set, system will check if employee is inside or outside of a radius. Which radius does not matter.

Setting Designated Punch Locations

  1. Settings > Locations > Click “New.”
  2. Enter a name for the location and check the box “Create Mobile GPS Punch Location.”
  3. Default (and smallest) proximity radius is 100 meters from set location. Can set up to 10,000 meters.
  4. In the white “Search Box” at the top of the map, enter address of designated location. Drag pin around if necessary to fine-tune location.
  5. Hit "Save Settings."

Device & Browser Authorization

Checking the “Enable Device & Browser Authorization” box locks an employee down to only punching on specific, “authorized” devices and browsers. The list of devices/browsers shows the most recent browser/device used by an employee to log in, with the most recent on top. An employee may punch on any device/browser checked on this list.


*The device will become unauthorized if an employee:

-Deletes and re-installs the app

-Deletes the browser cookies/clears the cache


IP Authorization

Checking “Enable IP Authorization” allows an employee to punch in on any device, but requires them to be on the designated IP address (which functionally translates to being on a designated internet connection). Enable this feature by checking the box and entering your IP address (usually listed right beneath the four white boxes) and hitting "Save Settings."

Adding Multiple IP addresses:

1. Select “Multi IP Range” for the Enforcement Type. Add your first IP address to the top and bottom set of white boxes (yes, you are entering the same address twice).

2. Click “Add.”

3. Repeat steps one and two for as many IPs as you need to enter.

4. Hit "Save Settings."

Login or Signup to post a comment