Admin panel lets you restrict who can access Clockify, manage existing accounts, and monitor activity. Only self-hosted users have access to the panel.

Accessing admin panel #

You can access the admin panel by adding /admin to where you installed Clockify (eg. time.yourdomain.com/admin).

Only people who are registered as admin in the application’s database can access the panel (the initial admin account is set during the installation). Neither workspace owners nor workspace admins can’t access the Admin Panel, unless they have the special log-in and account, and are explicitly granted permission.

Admin panel has its own log-in page, which requires its own username and password. Access to the admin panel can’t be set to work with SSO for practical reasons (if you set SSO incorrectly, you can get locked out of the account).

Account #

Account tab lists all the users in your system. There you can:

  • Edit someone’s user name directly
  • See date of registration, last activity, API key, and workspace count
  • Delete account
  • Send reset password
  • Deactivate API key

accounts panel

System Settings #

System Settings lets you configure your instance of Clockify. There you can define the URL of where you installed Clockify, set up Single Sign-Do, and prevent people from creating workspaces.

  • Special features free for all: recommended setting. If you disable it, you won’t have access to the extra features.
  • Front-end URL: you must enter the URL of where you installed Clockify (eg. time.mydomain.com) or Clockify won’t work.
  • All domains are valid by default: people can use Clockify with any email. If you set it to false,  people can log in only via SSO.
  • Prevent users to create workspaces: if set to True, no one will be able to create a workspace.
  • Default workspace settings: if enabled, all new users will automatically be assigned to one default workspace (you have to enter the workspace ID in the input field).
  • Custom links settings: if you don’t want to show default Clockify Support links in the sidebar, you can set your own (eg. create an “Instructions” link which will lead to your company’s wiki on how to track time)
  • SMTP Configuration: if you wish Clockify to send emails (like reminders, forgot password, etc.), you’ll need to enter your server’s SMTP parameters.
  • Custom emails settings: define who gets what system emails.

SSO Configuration #

If you want people to use your single sign-on system for logging in, you’ll have to configure your SSO of choice (OAuth2/LDAP/SAML) in System Settings. You can use multiple SSO systems at once.

SSO configuration is applied across the whole system, meaning once you’ve set up the SSO, it’s applied across all workspaces (unlike in Clockify Cloud, where SSO is set up in Authentication tab and works only for that specific workspace).

Options:

  • Upload Image: you can upload your company logo so it appears on the login button
  • Force LDAP/SSO: if enabled, new users won’t be able to create an account or login using their email (existing users who created an account before this options was activated will be able to continue using their email to log in)

OAuth2 configuration example for Google login #

Authorization code path: https://accounts.google.com/o/oauth2/v2/auth
Access token path: https://www.googleapis.com/oauth2/v3/token
User info open id path: https://www.googleapis.com/oauth2/v3/userinfo
Map email: email
Map username: name
Map first name: given_name
Map last name: family_name
Scope: openid email profile
client id: $your_id // you need to get this from you Google API Console account
client secret: $your_secret // you need to get this from you Google API Console account