User, roles and the authentication, registration and security system in Kimai
There are two types of user avatars:
Auto generated avatar- a circle with colored background and username initials inside
Image URL- a user can configure an avatar URL in their profile (feature needs to be activated in System > Settings)
If you uncheck the
Active checkbox when editing the user profile and save:
- the user will be hidden from the user listing => but you can display them again by using the search and selecting
- the user won’t be displayed in most dropdowns and reports
- the user cannot log in to Kimai
A user can be re-activated at any time. The logged-in user cannot his own profile.
Filter and search
The search supports filtering by the fields:
state(active, deactivated, all)
Besides these filters, you can query for a free search term, which will be searched in the fields:
Additionally, you can filter for custom fields by using a search phrase like
This would find all entries with the custom field
location matching the term
The search terms will be found within the full value, so searching for
office would find:
I love working in my office
This office is beautiful
Our offices are very noisy
Attention: checkboxes have the values
0 (not checked) and
You can mix the search term and use multiple meta-field queries:
location:homeoffice hello- find all entries matching the search term
hellowith the custom field
locationmatching the term
location:homeoffice contract:fulltime- find all entries with the custom field combination:
expired:0finds all items whose
There are also special operators, which can be used in conjunction with custom fields (since Kimai 1.19.1):
location:) will find all entries whose value in the
locationfield is either empty or not existing
~search term (e.g.
location:~) will find all entries that are missing the custom field (created before the field was created)
*search term (e.g.
location:*) will find all entries that have any value in the
locationfield (basically the opposite of
User registration is disabled by default, as most Kimai installations are available through the public internet.
If your Kimai installation is protected otherwise (e.g. internal network or other authentication mechanism) you can activate it through System > Settings. The self-registration is then available via a link in the login screen.
If someone registers a new account with email, username and password an confirmation email will be sent, including a link that needs to be clicked before the account will be activated. As this feature requires an email to work, you have to enable email support to use it.
The reset password function is enabled by default, you can deactivate it through System > Settings.
A user can reach it via a link from the login screen. After entering username or email-address, an email with a confirmation link will be sent. This link needs to be clicked, afterwards the user can enter a new password.
You can configure two settings to influence the security:
- Token lifetime (in seconds: 3600 = 1 hour) - the allowed time before a link expires
- Retry pause (in seconds: 3600 = 1 hour) - the allowed time between multiple retries
As this feature requires an email to work, you have to enable email support to use it.
User can log in with a username or email.
If you activate the
Remember me option, you can use the most common functions within the next time without a new login.
Remember me login
If you have chosen to log in with the
Remember me option, your login will be extended to one week.
After coming back and being remembered you have access to all the following features:
- view your own timesheet
- start and stop new records
- edit existing records
If you are an administrator, you will see all your allowed options in the menu, but will be redirected to the login form when you try to access them. This is a security feature to prevent abuse in case you forgot to logout in public environments.