If your ClockOn administrator has enabled Two-Factor Authentication (2FA) for your Employee profile, then you will need to enter an additional access code when logging into the system.
Accessing ClockOn with Two-Factor authentication
- Login to ClockOn using your normal username and password.
- Open the Google Authentication app either on your mobile device or Chrome where you originally configured it.
- Enter the code currently displayed into the ClockOn verification screen. Note that the code does change every 30 seconds, so if you take too long to enter you may need to enter the new code generated on the app.
- Once verified you are now able to use ClockOn as normal.
NOTE: This step will not be required in every single login on the machine but will be required on a daily basis.
ClockOn Two-Factor authentication enforcement
If the ClockOn administrator has set the system to force the use of the two-factor authentication. Then any user that has employee administrative access will be forced to setup 2FA if they have not already done so. Once you agree to the confirmation message you will then need to configure the Google Authentication app.
NOTE: Employee administrative access is an employee who has Admin ticks for a department on the departments tab. Typically they are Managers, Payroll officers and Roster Officers
How to configure Two-Factor Authentication
After pressing yes a Two Factor Verification window will open up
- Copy the Secret Password generated in ClockOn and launch the Google Authenticator application you are using.
The authenticator can be run as a mobile app on Android and Apple devices, or it can be installed using the Chrome browser as an add in.
- Run the Google authenticator and create a new account. (Instructions may differ depending on the Google Authenticator application you are using)
- Select Manual Entry,
- Enter a name to identify what the code is used for such as ClockOn Payroll
- ensure that the Time-Based option is selected.
- Enter the Secret Password supplied from ClockOn and Save.
- The Google Authenticator will now show a 'code' that can be entered into ClockOn. This code will change every 30 seconds and is unique to your account.
- Enter the code into ClockOn and press the verify button.
- The code should be accepted and you will be able to log in.
In the event that the code was not accepted, it may be that the time on your system. To check this follow the instructions in the Time sync for Two Factor Authentication Knowledgebase article.
Entering a Two-Factor code successfully into the system will authorize the employee for a period of 24 hours, after this time the employee will need to re-enter a new code into the system in order to re-login to the system.
ClockOn recommends that employees follow the tutorial for how to backing up your authentication code for in the event that the code needs to be moved to another device
In the event that the code is lost it cannot be retrieved, however, your ClockOn administrator will be able to reset the process for your profile using the steps in the 2FA - Regenerating a Forgotten or Lost Google Authentication Code help guide.