--- title: Configuring a mobile OS version access rule (web policy) description: Use this rule to define which authentication action to prompt the user with for the defined mobile OS versions. component: pingid page_id: pingid:pingid_service_management:pid_configuring_mobile_os_version_rule canonical_url: http://docs.pingidentity.com/pingid/pingid_service_management/pid_configuring_mobile_os_version_rule.html revdate: October 30, 2023 section_ids: about-this-task: About this task steps: Steps result: Result: choose-from: Choose from: next-steps: Next steps --- # Configuring a mobile OS version access rule (web policy) Use this rule to define which authentication action to prompt the user with for the defined mobile OS versions. ## About this task You might want to define stricter authentication requirements for older, more vulnerable OS versions. | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | | To use this rule, at least one mobile app authentication method must be selected in the **Allowed Authentication Method** section, such as **Swipe**, **Mobile App Biometrics**, or **One-time passcode**. If this rule does not appear in the **[icon: plus, set=fa]Add Rule** list, ensure at least one of these authentication methods is selected. | | | | | - | ---------------------------------------------------------------------------------------------- | | | If you are using PingOne DaVinci to orchestrate your PingID flows, this rule is not evaluated. | ## Steps 1. From within the relevant policy, click**[icon: plus, set=fa] Add Rule** and from the list, select **Mobile OS Version**. ![A screen capture of the + Add Rule list.](_images/qxy1564020515392.png) ### Result: The **Mobile OS Version** rule wizard opens. ![A screen capture of the Mobile OS Version rule wizard.](_images/hip1564020577884.png) 2. From the **Action** list, select which authentication action to use for OS versions meeting the defined criteria. ### Choose from: * **Deny** (default): Deny access for authentication requests originating from the selected countries. * **Approve**: Approve access without requiring PingID authentication. * **Authenticate**: Allow the user to authenticate using any of the authentication methods allowed at the policy level. * **Allowed Methods**: Click **Allowed Methods** to reveal a list of authentication methods allowed by this policy, and then select the check box of each authentication method that you want to allow for this rule. See [Rule authentication actions](pid_rule_auth_actions.html) for description per authentication type. 3. To define the minimum or maximum permitted mobile operating system versions and associated action: 1. Select the check boxes next to the OS that you want to include in the rule: iOS, Android, or both. 2. For each OS that you want to include, select either: * **Above**, and then select the minimum permitted operating system version from the list. * **Below**, and then select the minimum permitted operating system version from the list. 4. Click **Save**. 5. In the **Policy** list, click and drag the new policy and place it in the order in which you want it to be considered, and then click **Save Order**. ## Next steps To ensure the policy is applied to your organization, go to **PingID → Configuration** and ensure **Enforce Policy** is set to **Enabled**.