Advanced Security Features

The following article is based on features coming in Release 1.0.31

Overview

Order Time advanced security features are available to give your management team full control over your company file. Access control in this day and age is more important than ever. These three features take access control to the next level.


IP Restrictions

You must be an Admin to edit the Roles for your company. Head to your Admin section, click on Roles. Click on the Edit button on the Role you wish to edit. Click on the IP Restrictions Tab.

IP Restrictions for User Roles

From here you can enter all the whitelisted static IP addresses you wish to allow for this Role. 

  • If no IP addresses are listed then all IP addresses can login as this Role.
  • The restriction occurs when at least one IP address is listed.
  • Make sure the IP addresses on your network block are static. Dynamic addresses could be locked out by accident!

After adding the addresses you want, click on the Save button in the top-right corner. 


Time of Day Restrictions

You must be an Admin to edit the Roles for your company. Head to your Admin section, click on Roles. Click on the Edit button on the Role you wish to edit. Click on the Time of Day Restrictions Tab.

Time of Day Restrictions for User Roles

Weekdays Only - Restricts this Role's access to only Mon-Fri

Enable Times - Restricts this Role's access to only a particular Start Time and End Time. Access outside of the preordained shift is restricted.

Both can be enabled at once for superior control over access for particular roles.

Using both the IP Restriction and Time of Day Restriction gives your company next level access control. Be warned that this can hamper logins from home or from mobile devices if it is not implemented properly. For any questions, reach out to support@ordertime.com


Two-Factor Authentication (2FA)

With the release of 1.0.31, Order Time comes with built-in two-factor authentication by default. 

Two-factor authentication (2FA) is a security system that requires two separate, distinct forms of identification in order to access something. The first factor is a password and the second commonly includes a text with a code sent to your smartphone or email address.

  • Your will log in with your Email and Password
  • Then you will be prompted with a screen asking for you to verify by entering in an access code.
  • You can choose to have the access code sent to your primary email address on your User properties.
  • If your Phone Number and Carrier have been selected under your User Properties, the phone number can be chosen to receive the access code via text message.
  • A new access code needs to be entered every 30 days.

Setting the cellphone number and carrier for 2FA SMS

To edit the User settings you must be logged in as an Admin. Click on the Admin panel, click on Users, Click the Edit button on the User you wish to edit. 

From here you can see the primary email address associated with the User. You can enter their Cell Phone Number, select a Carrier and click on Save in the top-right. Now they will be able to use that number to receive the text message codes.