Restrict Clock Entries by IP Address

Dayforce Implementation Guide
Version
R2025.2.1
Restrict Clock Entries by IP Address

You can restrict clock entries by IP address, which allows you to ensure that employees can’t perform clock entries from outside of a physical work location. This functionality doesn’t restrict access to Dayforce from these locations. It only restricts whether the user can clock in or out for work.

Role feature access: System Admin > IP Network Restrictions

When an employee clocks in or out, Dayforce checks their IP address against the list of allowed addresses. If the IP address is allowed, Dayforce accepts the clock entry. If the IP address doesn’t fall within one of the allowable ranges, Dayforce denies the IP address and rejects the clock entry.

Even though clocks outside of the specified allowable ranges are rejected, you can also specify IP addresses to deny in cases where an IP address or a range of IP addresses is problematic (for example, an attacker).

To set which IP addresses are allowed or denied:

  1. Go to System Admin > IP Network Restrictions.
  2. In the list in the top half of the screen, select the Clock Entry option. Dayforce shows any existing rules for clock entries in the bottom half of the screen.
  3. Note: The Clock Entry option is a system option that is automatically available in System Admin > IP Network Restrictions.
  4. In the bottom half of the screen, click Add.
  5. Enter the lowest IP address in the range in the Lower IP Address Range field.
  6. Enter the highest IP address in the range in the Upper IP Address Range field.
  7. Note: To allow or deny a specific address, rather than a range of addresses, enter the same number in both the Lower IP Address Range and Upper IP Address Range fields.
  8. Select Allow or Deny in the Access drop-down list, depending on whether you want the specified address or range of addresses to be allowed or denied.
  9. Verify that the Rule Enabled checkbox is selected.
  10. Click Save.

Note: You must also select the Network Location Validation checkbox in the applicable time entry policies. For more information about configuring time entry policies, see Time Entry Policies. As well, you must ensure that Network Location Validation is enabled in System AdminClocking Sequence Validation. For more information about clock entry validations, see Configure Clock Entry Validations.