Self-Hosting

Clockify Help Center Self-Hosting Admin panel

Admin panel

Admin panel lets you restrict who can access Clockify, manage existing accounts, and monitor activity. Only self-hosted users have access to the panel.

Accessing admin panel #

You can access the admin panel by adding /admin to where you installed Clockify (e.g. yourdomain.com/admin).

Only people who are registered as admin in the application’s database can access the panel (the initial admin account is set during the installation). Workspace role doesn’t matter. If you are an owner or admin on some workspace, it doesn’t mean you can access the Admin Panel.

Admin panel has its own log-in page, which requires its own username and password. Access to the admin panel can’t be set to work with SSO for practical reasons (e.g. if you set SSO incorrectly, you can get locked out of the account).

Removing Users #

Removing users from a workspace doesn’t mean that they are removed from your server (as they might be part of another workspace). To free up their seat, you need to remove them from Admin panel specifically.

If you want to remove some of the users who you no longer need from your self-hosted instance, make sure to:

  • Log in to your admin panel (yourdomain.com/admin)
  • And click on ‘Delete Account’ next to the user who you would like to remove

Tip: If a user is removed from their only workspace, a new workspace will be created for them. You can disable this in System Settings tab.

Accounts tab #

Accounts tab lists all the users in your system. There you can:

  • Edit someone’s user name directly
  • See date of registration, last activity, API key, and workspace count
  • Delete account
  • Send reset password
  • Deactivate API key

Note: If a user has “Owner” role on some workspace, you won’t be able to delete their account via the Admin Panel. To delete them, you’ll have to remove their owner role from any workspace they have (you can log in into their account in Admin Panel, and transfer ownership to yourself, and later delete the whole workspace).

System Settings tab #

System Settings lets you configure what users can do in Clockify.

  • Prevent users to create workspaces: If set to True, existing users won’t be able to create their own workspace inside Clockify. Note: if a new user signs up for an account and you haven’t enabled default workspace, the user will get their own workspace (and you’ll have to add them to your workspace by inviting them on the Team page).
  • Default workspace settings: If enabled, all new users who sign up will be automatically be added to the default workspace you’ve chosen . You have to enter the workspace ID in the input field (to find the workspace ID, log in to Clockify, go to workspace settings, and copy the unique 24-char part that’s in the URL).
  • Custom links settings: If you don’t want to show default Clockify Support links in the sidebar, you can set your own (e.g. create an “Instructions” link which will lead to your company’s wiki on how to track time). To remove a custom link, leave the fields empty and save.
  • Automatic login: when a user opens the login page, they’re automatically redirected to your SSO authenticator (as if the users clicked “Log in with SSO” button).
  • SMTP Configuration: if you wish Clockify to send emails (like reminders, forgot password, etc.), you’ll need to enter your server’s SMTP parameters.
  • Custom emails settings: define who gets what system emails.

SSO Configuration #

If you want people to use your single sign-on system for logging in, you’ll have to configure your SSO of choice (OAuth2/LDAP/SAML) in System Settings. You can use multiple SSO systems at once.

SSO configuration is applied across the whole system, meaning once you’ve set up the SSO, it’s applied across all workspaces (unlike in Clockify Cloud, where SSO is set up in Authentication tab and works only for that specific workspace).

  • Force SSO: if enabled, new users won’t be able to create an account or login using their email (existing users who created an account before this options was activated will be able to continue using their email to log in)
  • Upload image: you can upload your company logo so it appears on the login button

OAuth2 configuration example for Google login #

Authorization code path: https://accounts.google.com/o/oauth2/v2/auth
Access token path: https://www.googleapis.com/oauth2/v3/token
User info open id path: https://www.googleapis.com/oauth2/v3/userinfo
Map email: email
Map username: name
Map first name: given_name
Map last name: family_name
Scope: openid email profile
client id: $your_id // you need to get this from you Google API Console account
client secret: $your_secret // you need to get this from you Google API Console account