Time Tracking¶
For tracking billable hours per client/project, we use Kimai - a self-hosted time tracking application.
Why Kimai¶
| Criteria | Kimai | Solidtime |
|---|---|---|
| SAML/SSO | Yes (Authentik) | No (OIDC only, no groups) |
| Self-hosted | Yes | Yes |
| Project/Client tracking | Yes | Yes |
| Invoicing support | Yes | Yes |
| Active development | Yes | Yes |
Kimai was chosen primarily for its SAML support, which allows full integration with Authentik including group-based role mapping.
Access¶
- URL: https://kimai.minnova.io
- Authentication: SAML via Authentik (click "Login with Authentik")
- Local admin: Available for emergency access
Role Mapping¶
Roles are assigned based on Authentik group membership:
| Authentik Group | Kimai Role |
|---|---|
| authentik Admins | ROLE_SUPER_ADMIN |
| Kimai Users | ROLE_USER |
To grant someone access, add them to the Kimai Users group in Authentik. For admin access, they need to be in authentik Admins.
Available Kimai roles:
- ROLE_USER - Can track time on assigned projects
- ROLE_TEAMLEAD - Can manage team members' time entries
- ROLE_ADMIN - Can manage projects, customers, activities
- ROLE_SUPER_ADMIN - Full system access
Infrastructure¶
Kimai runs on K3s with:
- MariaDB via mariadb-operator (managed, with R2 backups)
- Persistent storage for data and plugins
- SAML config mounted from ConfigMap
Key files in infra/:
| Component | Path |
|---|---|
| ArgoCD App | argocd/apps/kimai.yaml |
| Deployment | kubernetes/kimai/deployment.yaml |
| MariaDB Cluster | kubernetes/kimai/mariadb-cluster.yaml |
| SAML Config | kubernetes/kimai/saml-config.yaml |
| Scheduled Backups | kubernetes/kimai/scheduled-backup.yaml |
| Authentik Provider | live/authentik/saml_providers.tf |
| Cloudflare Tunnel | live/cloudflare/tunnel.tf |
Usage¶
Tracking Time¶
- Log in via Authentik
- Start a new timesheet entry
- Select Customer → Project → Activity
- Use the timer or enter time manually
Projects & Customers¶
Admins can create:
- Customers - The client being billed
- Projects - Specific engagements per customer
- Activities - Types of work (development, meetings, etc.)
Reporting¶
Export timesheets for invoicing:
- Go to Reporting → Weekly/Monthly view
- Filter by customer/project
- Export as PDF or Excel