We take the security of your login seriously. To help protect your account, we provide the following features:

• Single sign-on via corporate email
• Two-step verification
• Email alerts for unusual login activity
• Advanced management and personalization controls

Single Sign-in via Corporate Email

In addition to creating a dedicated Fareclock password for login, you can also sign in using Apple, Google, or Microsoft accounts. Fareclock supports both Microsoft Azure Active Directory and Google Workspace.

You can enforce specific login methods and/or email domains for all administrators in your organization.

Step 1: Go to the Fareclock Admin Console and go to Settings. Under ‘Settings’ find and click ‘Users’.

Step 2: Click the ‘Defaults’ tab above.

Step 3: Under ‘Administrator Role Settings’, review the Authentication Providers and Authentication Domain settings. Once configured, administrators will only be able to access your organization if they meet these policy requirements.

Authentication providers - Specifies the login method for account administrators. This policy is enforced each time an administrator signs in to Fareclock, and may lock out existing administrators if their method does not match the configured setting.

The "Sign in with Apple" option requires Time Clock mobile app version 2.11 or later. It is also available on this website and in the Android app.

Leave this field blank to allow all login methods without enforcement.

Authentication domain - Restricts account administrator email addresses to a specific domain (e.g., mycompany.com). This policy is enforced when adding a new administrator or editing an existing administrator’s information. It does not retroactively affect administrators who already exist when the setting is applied.

Leave this field blank to disable enforcement.

Two-Step Verification

You can also enable two-step verification using a time-based one-time password (TOTP) generated by an authenticator app on your mobile device (commonly referred to as “MFA” or “2FA”).

Setup

Step 1: Click your avatar in the upper-right corner of the Console.

Step 2: Select ‘Profile’, or go directly to https://login.fareclock.com/manage.

Step 3: Click the Off button next to ‘Two-step verification’.

Step 4: Click the Off/On toggle to enable it.

To enable two-step verification, you will need to install an Authenticator app on your mobile device, such as Google Authenticator or any other app that supports TOTP codes.

Download Google Authenticator:

• Apple: https://apps.apple.com/us/app/google-authenticator/id388497605
• Android: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2

In the Authenticator app, scan the QR code displayed on the Fareclock login screen to pair it with your account. A 6-digit code will appear and refresh every 30 seconds. Enter this code on the Fareclock login page and click Activate to complete the setup.

Once activated, you can view and print one-time backup codes. Store these codes securely, as they can be used if you lose access to your phone.

Starting in version 3.1 of the Fareclock mobile app, you will be prompted for the two-step verification code when required. In older versions, append the 6-digit code to the end of your regular password.

You can also configure which login methods require two-step verification. For example, if you sign in with both a Fareclock password and Microsoft single sign-on, you may already have MFA enabled with Microsoft and choose to require Fareclock’s two-step verification only for password-based logins.

You can also set policy requirements for two-step verification for all administrators in your organization.

Step 1: Go to the Fareclock Admin Console and go to Settings. Under ‘Settings’ find and click ‘Users’.

Step 2: Click the ‘Defaults’ tab above.

Step 3: Under ‘Administrator Role Settings’, locate the "Two-step verification providers" field and select the sign-in methods that should require two-step verification.

Email Alerts on Unusual Login Activity

You will receive email alerts for the following unusual login activities:

• Sign-in on a new device
• Password change
• Two-step verification enabled/disabled
• New backup codes generated
• Backup code used to sign in
• New sign-in method added
• Repeated failed login attempts using your email address

Each alert includes the IP address of the request, its estimated location, and the type of device used.

If you no longer wish to receive these alerts, click the Unsubscribe link at the bottom of the email.

The most common alert is for a new device sign-in. To disable only this type of alert:

Step 1: Click your avatar in the upper-right corner of the Console.

Step 2: Select ‘Profile’, or go directly to https://login.fareclock.com/manage.

Step 3: Click ‘Sign-In Devices’.

 Step 4: Toggle off ‘Receive new sign-in alert emails’.

Enhanced Management and Personalization Controls

There are some additional options for managing your login settings:

You can view your active sign-in methods and disconnect any that you no longer wish to use. From the Login Manage page, click ‘Sign-in Methods’:

You can also view all devices you’ve signed into within the past 90 days. From the Login Manage page, click Sign-in Devices. To forcibly sign out of all other devices, click the red Sign out & forget all other devices button.