---
title: Configuring a recent authentication from company network rule
description: Use this rule to waive PingID authentication if the last successful authentication request occurred within a specific IP range in the company network and within a given time period, such as within the last 30 minutes.
component: pingid
page_id: pingid:pingid_service_management:pid_configuring_recent_auth_from_company_network
canonical_url: http://docs.pingidentity.com/pingid/pingid_service_management/pid_configuring_recent_auth_from_company_network.html
revdate: March 12, 2026
section_ids:
  about-this-task: About this task
  steps: Steps
  result: Result:
  choose-from: Choose from:
  result-2: Result:
  next-steps: Next steps
---

# Configuring a recent authentication from company network rule

Use this rule to waive PingID authentication if the last successful authentication request occurred within a specific IP range in the company network and within a given time period, such as within the last 30 minutes.

## About this task

This rule defines which authentication action to prompt the user with if the previous authentication request:

* Occurs within the defined period of time.

* Originates from the same accessing device that was used for the previous authentication request.

* Uses an authentication method that's one of the allowed authentication methods included in this policy.

* The authenticating device's mobile location is within the specified IP range in the company network.

* Optional: You can require the user's mobile authenticating device to be located within a defined office location during authentication. Learn more about this option in the [Configuring device location rules](#enable-office-locations) step.

  |   |                                                                                                                                                                                                               |
  | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
  |   | If this option is enabled, to sign on:- The user's authenticating device must be in a company office location.

  - The user's accessing device should originate from an IP address within the company network. |

When creating this rule, you must specify the IP addresses that define the company network and optionally define the geographic location of one or more offices around the world.

When a proxy is used, it masks the user's original IP address. As a result, PingID can't accurately verify the user's location, and this rule won't function as expected.

|   |                                                                                                                                                                                                                                                                                                    |
| - | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | * If you're using PingOne DaVinci to orchestrate your PingID flows, location-based policy rules are not evaluated.

* Enable location services on a user's devices to apply a location based policy to that device. Users with Android Q and later must select, the **Allow all the time** option. |

## Steps

1. From within the relevant policy, click **[icon: plus, set=fa]Add Rule**, and from the list, select **Recent authentication from company network**.

   ![A screen capture of the + Add Rule list.](_images/qxy1564020515392.png)

   ### Result:

   The **Recent Authentication From Company Network** rule wizard opens.

   ![A screen capture of the Recent Authentication From Company Network rule wizard with the Action, Authenticating With Device Within, IP Addresses, and Authenticating Device In Company Offices sections.](_images/pgb1564020578808.png)

2. From the **Action** list, select the action that you want to apply when authenticating, if the rule conditions are met.

   ### Choose from:

   * **Deny** (default): Deny access for authentication requests originating from the selected countries.

   * **Approve**: Approve access without requiring PingID authentication.

   * **Authenticate**: Allow the user to authenticate using any of the authentication methods allowed at the policy level.

   * **Allowed Methods**: Click **Allowed Methods** to reveal a list of authentication methods allowed by this policy, and then select the checkbox of each authentication method that you want to allow for this rule. Descriptions for each authentication type are available in [Rule authentication actions](pid_rule_auth_actions.html).

3. To define the time period that applies to the **Action** setting, in the **Authentication With Device Within** list, select the unit of time in **Minutes**, **Hours**, **Days**, or **Weeks**, and then enter the numerical value in the text box.

   ![A screen capture of the Authentication With Device Within section displaying the time unit configuration.](_images/fwo1564020516514.png)

4. In the **IP Addresses** field, enter a list of external IP addresses or the IP range that belongs to the company network.

   |   |                                                                                        |
   | - | -------------------------------------------------------------------------------------- |
   |   | Enter the IP addresses and ranges using CIDR notation with each entry on its own line. |

5. []()To require a user's authenticating device to be in the company offices when signing on from within the company network, in the **Authenticating Device In Company Offices** section, click **Enable**.

   |   |                                                                                                                                                                                                                                                 |
   | - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
   |   | If you're defining a company office, in addition to an IP address, a mobile authentication method of **Swipe**, **Mobile App Biometrics**, or **One-time passcode** must be defined as an **Allowed Authentication Method** to apply this rule. |

   ### Result:

   The **Office Locations** wizard opens, displaying a list of the office locations currently defined. If the authenticating device is located within one of the defined areas, it's considered to be inside a company office. Define one or more company office locations.

   ![A screen capture of the Office Locations wizard displaying a defined office location with the + Add Office option, search and map feature.](_images/mge1564020573334.png)

6. To define one or more office locations:

   1. Click **[icon: plus, set=fa]Add office** or enter an address in the search box.

      A blue circle displays on the map, defining the office area.

      ![A screen capture of the Office Locations wizard with a blue circle on the map defining an entered office area.](_images/ynq1564020574046.png)

   2. Use the white dots on the circle to fine-tune the geofence:

   ![A screen capture of the blue circle surrounding a defined office location on a map with white dots on its rim and in its center enabling editing of the coordinates.](_images/ooc1564020518625.png)

   * To reposition the circle, click and drag the white dot at the blue circle's center to the wanted location.

   * To resize the circle, click and drag any white dot on the circle's rim.

     1. To add another office location, click a location outside the blue circle and a new circle is added.

     2. To edit an office location, click the **Pencil** icon (![fnb1564020519171](_images/fnb1564020519171.png)) and edit the name.

        By default, the location is named after its street address.

        ![A screen capture a defined office location listed and named by its street address.](_images/bsi1564020519674.png)

     3. To delete an office address, click the **Minus** icon (![pmh1564020520189](_images/pmh1564020520189.png)).

        |   |                                                                                                                                 |
        | - | ------------------------------------------------------------------------------------------------------------------------------- |
        |   | If you edit or delete offices in the **Office Locations** list, changes are applied to all rules that specify office locations. |

7. To save the rule and apply it to the relevant policy, click **Save**.

8. In the **Policy** list, click and drag the new policy to the wanted position to set the evaluation order. Click **Save Order**.

## Next steps

To ensure the policy is applied to your organization, go to **PingID > Configuration** and ensure **Enforce Policy** is set to **Enabled**.