Overview
- This feature introduces secure, encrypted access to Time Approval pages when approvers receive approval links via email or text.
- It enhances security by preventing exposure of sensitive parameters while allowing approvers to review and act on timesheets without logging into Zenople.
- Clients benefit from improved data protection, controlled link validity, and a streamlined approval experience aligned with organizational security requirements.
Functionality
- Secure Time Approval Links:
- All Time Approval links sent via email or text are generated as encrypted URLs.
- The encrypted link hides internal identifiers, dates, and other sensitive parameters.
- When accessed, the standalone Time Approval webpage decrypts the URL and validates its authenticity before loading the timecard.
- Approvers can view, approve, or reject the timecard directly from this page without requiring a Zenople login.
- If the encrypted token is invalid, expired, reused, or tampered with, the system displays a 404 page.
- Configurable Link Expiry Setting:
- A new option property is introduced under:
- ATM → Option
- Entity: Office
- Option: Timesheet
- Option Property: TimeApprovalThroughEmailLinkExpiry
- ATM → Option
- This setting allows administrators to define the number of days (numeric value) that a Time Approval email link remains valid.
- Default value is 7 days.
- When a Time Approval email is sent, the embedded link expires after the configured number of days.
- Changing this configuration affects only future emails; links already sent retain their original expiry behavior.
- A new option property is introduced under:
- Legacy Link Support:
- Existing (old) Time Approval URLs remain accessible for now and will be replaced in the future.