---
title: Configuring an accessing from company network rule (RADIUS PCV and SSH)
description: Determine which authentication action to prompt the user with when accessing the RADIUS PCV or SSH, if the users device is within the company network.
component: pingid
page_id: pingid:pingid_service_management:pid_configuring_accessing_from_company_network_rule_pcv_ssh
canonical_url: http://docs.pingidentity.com/pingid/pingid_service_management/pid_configuring_accessing_from_company_network_rule_pcv_ssh.html
revdate: September 14, 2023
section_ids:
  about-this-task: About this task
  steps: Steps
  choose-from: Choose from:
  result: Result:
  result-2: Result:
  next-steps: Next steps
---

# Configuring an accessing from company network rule (RADIUS PCV and SSH)

Determine which authentication action to prompt the user with when accessing the RADIUS PCV or SSH, if the users device is within the company network.

## About this task

You can require a user's authenticating device to be in the company offices when signing on from within the company network. In addition, you can choose to silently authenticate the user without requiring active user intervention in the authentication process for in-network access.

|   |                                                                                                                                                                                                                                                                |
| - | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | To apply the PingID policy features that require IP address information, the client's IP address must be provided first. Find more information in [Prerequisites: PingFederate RADIUS server](../pingid_integrations/pid_prerequisites_pf_radius_server.html). |

|   |                                                                                                                                                                                                                        |
| - | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | To ensure location-based policies are applied, you must also ensure location collection is enabled at the organization level (see [Enabling or disabling location collection](pid_enabling_location_collection.html)). |

## Steps

1. From within the relevant policy, click **[icon: plus, set=fa]Add Rule** and from the **Conditions** list, select **Accessing from company network**. ![A screen capture of the + Add Rule list displaying the Accessing from company network option.](_images/ugi1564020596901.png)

2. From the **Action** list:

   ### Choose from:

   * **Approve**: Approves access without requiring PingID authentication.

   * **Authenticate**: Allows a user to authenticate using any of the authentication methods allowed at the policy level.

     |   |                                                                                                                                                             |
     | - | ----------------------------------------------------------------------------------------------------------------------------------------------------------- |
     |   | If more than one authentication method is available, the method initiated by default is the method most recently paired by the user that is authenticating. |

   * Select a specific authentication method. The options listed are defined by those configured at policy level. For a description of each authentication type, see [Rule authentication actions](pid_rule_auth_actions.html).

3. In the **IP Addresses** field, enter a list of external IP addresses or ranges that belong to the company network.

   |   |                                                                                       |
   | - | ------------------------------------------------------------------------------------- |
   |   | Enter the IP addresses or ranges using CIDR notation with each entry on its own line. |

4. To require a user's authenticating device to be in the company offices when signing on from within the company network, in the **Authenticating Device In Company Offices** field, click **Enable** and then define one or more company office locations.

   |   |                                                                                                                                                                                                                                                                 |
   | - | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
   |   | If you are defining a company office in addition to an IP address, in the **Allowed Authentication Method** section, select the **Swipe**, **Mobile App Biometrics**, or **One-time passcode** check box to define an authentication method to apply this rule. |

   ### Result:

   The **Office Locations** wizard opens, enabling you to define one or more office locations. If the authenticating device is located within one of the defined areas, it is considered to be inside a company office.

   ![A screen capture of the Authenticating Device In Company Offices section configuration.](_images/mge1564020573334.png)

5. To define additional office locations:

   1. Click **[icon: plus, set=fa]Add office** or enter an address in the search box.

      ### Result:

      A blue circle appears on the map, defining the office area.

      ![A screen capture of the Authenticating Device In Company Offices policy configuration displaying the Office Locations section with a defined office location.](_images/ynq1564020574046.png)

   2. Click center of the circle to edit the coordinates.

   ![A screen capture of the blue circle on a map defining the office area.](_images/ooc1564020518625.png)

   * To reposition the circle, click and drag the white dot at the circle's center to the desired location.

   * To resize the circle, click and drag any white dot on the circle's rim.

   * To add another office location, click a location outside the circle. A new circle is added.

     1. To edit an office location, click the **Pencil** icon (![fnb1564020519171](_images/fnb1564020519171.png) ) and edit the name.

        By default, the location is named after its street address. ![A screen capture of the Office Locations section listing the defined office location by its street name.](_images/bsi1564020519674.png)

     2. To delete an office address, click the **Minus** icon (![pmh1564020520189](_images/pmh1564020520189.png)).

        |   |                                                                                                                                 |
        | - | ------------------------------------------------------------------------------------------------------------------------------- |
        |   | If you edit or delete offices in the **Office Locations** list, changes are applied to all rules that specify office locations. |

6. In the **Policy** list, click and drag the new rule and place it in the order in which you want it to be considered. Click **Save Order**.

7. Click **Save**.

## Next steps

To ensure the policy is applied to your organization, go to **PingID → Configuration** and ensure **Enforce Policy** is set to **Enabled**.