Documentation
Account & access
Security

Security

mTime protects your account and data through authentication, session management, and access controls.

Authentication methods

mTime supports several ways to sign in:

MethodDescription
Email and passwordCreate an account with your email and a password
GoogleSign in using your Google account
MicrosoftSign in using your Microsoft account
Visma ConnectSign in using your Visma account

You can use whichever method you prefer. If you signed up with email and password, you can also link a Google or Microsoft account later.

Email verification

Every account must have a verified email address. When you sign up with email and password, a verification link is sent to your email. You need to click this link before you can use mTime.

If you sign in with Google, Microsoft, or Visma Connect, your email is verified automatically through the provider.

Session management

When you sign in, mTime creates a session that keeps you signed in.

  • Sessions last 30 days from the last activity
  • If you don’t use mTime for 30 days, you’ll need to sign in again
  • Sessions expire automatically — there’s no need to sign out manually, though you can if you prefer

Password reset

If you forget your password or want to change it:

  1. Go to the mTime sign-in page
  2. Click Forgot password?
  3. Enter your email address
  4. Click the link in the reset email to set a new password

The reset link expires after a limited time. If it expires, request a new one.

API key security

API keys are used by service users to access the mTime API. They require careful handling:

  • Shown once — API keys are displayed only when created. Copy and store them securely right away.
  • Expiration — API keys can be set to expire after a certain period
  • Revocation — Revoke any key that is no longer needed or may have been exposed. Revoked keys stop working immediately.

Best practices

Follow these recommendations to keep your workspace secure:

  • Use strong passwords — Choose a unique, complex password for your mTime account. Consider using a password manager.
  • Revoke unused API keys — Regularly review service users and revoke keys that are no longer in use.
  • Suspend departed users — When someone leaves your organization, suspend their account promptly to revoke access.
  • Limit admin access — Only grant the Admin or Owner role to people who need it. Use the Manager or Employee role for day-to-day users.
  • Review user list periodically — Check AdminUsers regularly to make sure only the right people have access.
Users & permissionsDelete workspace