Depending on your business needs, it may be desirable to limit access to MyTime to just users currently on your network. We let you whitelist network IP addresses to prevent access to MyTime’s web and mobile apps outside of the store. You can also allow staff members to view, but not edit the information in MyTime when logging in from an unauthorized IP address. In this article, we'll explore how the IP Restriction feature works.
Things to know:
- IP Restriction feature is controlled by a hidden setting that can only be enabled by the MyTime Team. To enable the hidden setting, please contact our Support Team at email@example.com.
- IP addresses are classified as static or dynamic. A static IP address is the same every time you go online. Dynamic IP addresses may change each time you connect to your network. If you have IP restrictions on your MyTime site and a staff member has a dynamic IP address, you may need to add or update the IP address on a regular basis.
- Every time the IP is changed by your ISP (Internet Service Provider) the new IP is going to be whitelisted automatically on MyTime within 5 minutes.
- We suggest setting up a static public IP to use this feature. You will need to contact your ISP and request a Static Public IP:
- You may find out what your public IP address is by going to https://whatismyipaddress.com
Setting Up Allowed IPs
Once the hidden setting is enabled:
- Navigate to Business Setup > Settings
- The setting offers two IP limitation options: Authorized IPs and Authorized FQDNs
- Enter the authorized IP addresses below the "Authorized IPs (comma separated)" field
- Enter the authorized domain below the "Authorized Fully Qualified Domain Names or FQDNs (comma separated)" field. This allows you to restrict access to MyTime even if you don't have a static IP address. For the allowed FQDN field, go to https://my.noip.com/dynamic-dns to create a dynamic DNS that points to your dynamic IP and that dynamic DNS on MyTime
Viewing Information Outside of Authorized IPs
Once you enter an IP address or a domain in any of the fields above, the setting "Allow viewing but not editing information when outside of authorized IPs" will appear. By enabling the setting, you can specify whether staff members should be able to view but not edit information when viewing from an unauthorized IP address. For instance, a staff member will be able to view appointments on the schedule but not edit an appointment.
To enable this setting:
- Go to Business Setup > Settings
- Enable “Allow viewing but not editing information when outside of authorized IPs”
If a staff member does attempt to edit any information while they are outside of the whitelisted IP addresses, they will receive an error message “There was an error: You are not authorized to perform this action from this location.”
Enforce IP Restrictions
You can choose not to enforce IP restrictions for specific staff members once the allowed IP addresses have been configured.
Things to know:
- By default, all employees will have the Enforce IP Restriction ON
- Not enforcing IP restrictions for staff members is tied to the Assign Roles access control setting. This means that if a staff member has access to assigning roles, then they can also turn off IP restrictions for staff members.
To remove the IP restriction for a specific staff member:
- Navigate to Business Setup > Staff & Availability
- Open the desired staff profile
- Uncheck the "Enforce IP Restriction" checkbox
- Save your changes
If you have any questions, please contact our Support Team at firstname.lastname@example.org.