IP Restriction

The IP Restriction feature allows businesses to limit access to MyTime’s web and mobile apps based on a user’s network. By whitelisting specific IP addresses or domain names, businesses can control who can access or edit information in MyTime. This is especially useful for ensuring that access is restricted to in-store or authorized networks.

Things to know:

• IP restrictions are controlled by a hidden setting. To enable it, please contact MyTime Support at support@mytime.com.
• This setting is applied at the account level, affecting all locations within that account. For franchise businesses:
  • If enabled at the parent level, it applies only to parent-level staff; child-level staff are not affected.
  • If enabled at a specific child account (e.g., Child A), it applies only to locations associated with that child account and does not affect other child accounts (e.g., Child B).
    
• Static vs. Dynamic IPs:
  • Static IPs remain the same each time you connect to the internet
  • Dynamic IPs may change frequently, which means you might need to regularly update your IP list 
• Automatic IP Sync: When your dynamic IP changes, MyTime will automatically whitelist the new IP within 5 minutes.
• We recommend that you use a static public IP address for best results. Contact your Internet Service Provider (ISP) to request one:
  • Google Fiber: https://support.google.com/fiber/answer/6032604?hl=en
  • Comcast: https://business.comcast.com/support/article/internet/using-a-static-ip 
• You can visit https://whatismyipaddress.com to view your current public IP
• FQDN Support: MyTime supports whitelisting by Fully Qualified Domain Name (FQDN) in addition to IP address. This is especially useful if you're using a Dynamic DNS service.
• FQDN IP Caching: The IP tied to a domain name is cached for 5 minutes. Updates may take up to 5 minutes to take effect.

Contents

• Setting Up Allowed IPs
• Viewing Information Outside of Authorized IPs
• Enforce IP Restrictions

Setting Up Allowed IPs

Once the hidden setting is enabled: 

1. Navigate to Business Setup > Settings
2. Locate the IP restriction settings:
   • Authorized IPs: Enter static IP addresses separated by commas
   • Authorized FQDNs: Enter domain names separated by commas (useful for dynamic IP setups). This allows you to restrict access to MyTime even if you don't have a static IP address. To create a dynamic DNS, visit: https://my.noip.com/dynamic-dns.
3. Save

Viewing Information Outside of Authorized IPs 

You can allow users to view but not edit information if they’re accessing MyTime from an unauthorized network. This restriction applies to all actions, including clocking in and out, editing client information, and other functions within MyTime.

To enable this:

1. Go to Business Setup > Settings
2. Enable “Allow viewing but not editing information when outside of authorized IPs”
3. Save 

Example: A staff member can view the appointment schedule from home but cannot make any edits. If they try to edit, they’ll see the error: "There was an error: You are not authorized to perform this action from this location." 

Enforce IP Restrictions

Once IP addresses are configured, MyTime enforces IP restrictions for all staff members by default. However, you can exempt specific staff from these restrictions.

Things to know:

• IP restrictions are enforced for all staff by default
• Only users with the Assign Roles access control permission can disable IP restrictions for other staff members

To disable IP restrictions for a specific staff member:

1. Navigate to Business Setup > Staff & Availability
2. Open the desired staff member's profile
3. Uncheck the "Enforce IP Restriction" checkbox
4. Save your changes

If you have any questions, please contact our support team at support@mytime.com.

Related Articles

IP Verification for Staff Logins

IP Verification vs. Multi-Factor Authentication (MFA)