I don't want to lock the HRM system into my intranet; it should be remotely accessible. But one feature in particular has prevented me from implementing the punch in / out functionality: What is to stop an employee who is running late from punching-in from his smart phone in the car on his way?
Would it be possible to somehow limit access to certain functions to specified IP addresses, a fixed IP range, and/or the local network?
Ideally it could be a combination of the above depending on job role and assigned privileges. Telecommuters, for example, could have flexible privileges.
Look forward to hearing people's thoughts.