---
title: Configuring a global authentication policy (default policy)
description: The default policy is a global policy that is applied to any application in your organization where no application-specific policy is defined. The default policy rules are applied when a user attempts to access the protected application through web access or sign on.
component: pingid
page_id: pingid:pingid_service_management:pid_configuring_global_authentication_policy_default
canonical_url: http://docs.pingidentity.com/pingid/pingid_service_management/pid_configuring_global_authentication_policy_default.html
revdate: January 25, 2024
section_ids:
  about-this-task: About this task
  steps: Steps
  result: Result:
  result-2: Result:
  choose-from: Choose from:
  result-3: Result
---

# Configuring a global authentication policy (default policy)

The default policy is a global policy that is applied to any application in your organization where no application-specific policy is defined. The default policy rules are applied when a user attempts to access the protected application through web access or sign on.

## About this task

By default, the default policy includes a single default action **Authenticate** that is applied to a user access request. You can edit the default policy to modify the default action or to include additional rules.

|   |                                                                                                                                                                                                                                                                            |
| - | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | An application- or group-specific policy always overrides the default policy configuration. To configure an application- or group-specific policy, see [Configuring an app or group-specific authentication policy](pid_configuring_app_group_authentication_policy.html). |

## Steps

1. In the admin portal, go to **Setup → PingID → Settings → Policy → Web**.

   ### Result:

   The **Default Policy** is displayed.

   ![A screen capture of the Default Policy list displaying the Allowed Authentication Methods with the Desktop, Email, One-time passcode check boxes selected.](_images/ncx1564020570044.png)

2. Click the **Expand** icon (![bkk1564020571484](_images/bkk1564020571484.png)), and then click the **Pencil** icon (![fnb1564020519171](_images/fnb1564020519171.png)).

   ### Result:

   The **Default Policy** section displays showing the **Default Action** rule.

   ![A screen capture of the Default Policy section displaying the Default Action rule.](_images/kna1564020572032.png)

3. To edit the **Default Action** rule, click the **Arrow** icon to expand the rule.

   |   |                                                                                                                                 |
   | - | ------------------------------------------------------------------------------------------------------------------------------- |
   |   | The **Default Action** rule determines which authentication action will be performed when no other default policy rule applies. |

4. Select the action you want to apply:

   ### Choose from:

   * **Approve**: Approve access without requiring PingID authentication.

   * **Authenticate**: Allow the user to authenticate using any of the authentication methods available to the user, and allowed at the policy level.

   * **Allowed Methods**: Click **Allowed Methods** to reveal a list of authentication methods allowed by this policy, and then select the check box of each authentication method that you want to allow for this rule. See [Rule authentication actions](pid_rule_auth_actions.html) for description per authentication type.

   * **Deny**: Deny access.

5. From the **Allowed Authentication Methods** list, select a specific authentication method check box.

   The options listed are defined by those configured at policy level. For descriptions by authentication type, see [Rule authentication actions](pid_rule_auth_actions.html).

6. To add and configure one or more rules to replace the **Default Action**:

   1. Click **[icon: plus, set=fa]Add Rule**.

   2. Configure one or more of the following rules:

      * [Configure a company network access rule](pid_configuring_accessing_company_network_rule_web_policy.html)

      * [Configure a rule for access from specific countries](pid_configuring_access_from_specific_countries_rule_web_policy.html)

      * [Configure access rule from a new device](pid_configuring_authenticating_from_new_device_rule_web_policy.html)

      * [Configure recent authentication from office access rule](pid_configuring_recent_authentication_from_office_access_rule_web_policy.html)

      * [Configure recent authentication access rule](pid_configuring_recent_authentication_access_rule_web_policy.html)

      * [Configure mobile OS version access rule](pid_configuring_mobile_os_version_rule.html)

      * [Configuring a recent authentication from company network rule](pid_configuring_recent_auth_from_company_network.html)

      * [Configuring an IP reputation rule (web policy)](pid_configuring_ip_reputation_rule_web.html)

      * [Configuring a geovelocity anomaly rule (web policy)](pid_configuring_geovelocity_anomaly_rule.html)

      * [Configuring a limit push notifications rule](configuring_limit_push_rule.html)

7. Click **Save**.

## Result

The **Default Policy** is saved and applied to all applications where an application-specific policy is not defined.