--- title: Configuring a limit push notifications rule description: Use this rule to reduce the likelihood of a user acknowledging a malicious push notification as part of an MFA fatigue attack by limiting the number of push notifications the user can deny or ignore within a 24-hour period. component: pingid page_id: pingid:pingid_service_management:configuring_limit_push_rule canonical_url: http://docs.pingidentity.com/pingid/pingid_service_management/configuring_limit_push_rule.html revdate: October 30, 2023 section_ids: about-this-task: About this task steps: Steps result: Result: next-steps: Next steps --- # Configuring a limit push notifications rule Use this rule to reduce the likelihood of a user acknowledging a malicious push notification as part of an MFA fatigue attack by limiting the number of push notifications the user can deny or ignore within a 24-hour period. ## About this task Specify an action from the list of allowed methods that are available, or choose to deny the user access. Then specify the time period for which the rule actions should be applied. You can define an array of up to three push notification limits (subrules), and specify up to three actions that are triggered sequentially as the user reaches each limit. A rule defines the number of push notifications (ignored or denied) that must occur consecutively within a 24-hour period in order to trigger the rule action. Each time the user authenticates successfully, the counter is reset. For example, when applying the rule for 20 minutes: * After 5 push notifications, the user must authenticate with a security key for a period of 20 mins. * After 10 push notifications, the user must authenticate using biometrics, or number matching for a period of 20 mins. * After 15 push notifications, the user is denied access for a period of 20 mins. ![Limit push notifications rule showing two notification limits, defining the number of push notifications and the action that is triggered when the number is reached. It also shows the duration for which the rule action is applied .](_images/tjy1694529397731.png) | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | * By default, only one limit is shown, however up to three limits can be defined. If you select **Deny** for the first or second limit action, no further actions can be specified. * If you are using PingOne DaVinci to orchestrate your PingID flows, this rule is not evaluated. | ## Steps 1. From within the relevant policy, click**[icon: plus, set=fa] Add Rule** and from the list, select **Limit push notifications**. ### Result: The **Limit Push Notifications** rule wizard open 2. To define a push notification limit: 1. In the **After Push** field, select the number of push notifications after which the action is triggered, and then in the **Action** field, select the action that is triggered when the limit is reached. Choose from the following actions: * **Deny**: Deny access after the number of push notifications is reached. * **Allowed Methods**: Click **Allowed Methods** to reveal a list of authentication methods allowed by this policy, and then select the check box of each authentication method that you want to allow for this rule. See [Rule authentication actions](pid_rule_auth_actions.html) for description per authentication type. 2. To add another push notification limit, click **Add** and repeat substep a. 3. In the **Apply Rule Action For** field, set a duration for the rule actions to be applied after they're triggered. 4. Click **Save**. 5. In the **Policy** list, click and drag the new policy and place it in the order in which you want it to be considered. Click **Save Order**. ## Next steps To ensure the policy is applied to your organization, go to **PingID → Configuration** and ensure **Enforce Policy** is set to **Enabled**.