---
title: Configuring a recent authentication from office access rule (web policy)
description: Use this rule to waive PingID authentication if the last successful authentication request occurred in the office and within a given time period, such as within the last 30 minutes.
component: pingid
page_id: pingid:pingid_service_management:pid_configuring_recent_authentication_from_office_access_rule_web_policy
canonical_url: http://docs.pingidentity.com/pingid/pingid_service_management/pid_configuring_recent_authentication_from_office_access_rule_web_policy.html
revdate: January 28, 2024
section_ids:
  about-this-task: About this task
  steps: Steps
  choose-from: Choose from:
  result: Result:
  next-steps: Next steps
---

# Configuring a recent authentication from office access rule (web policy)

Use this rule to waive PingID authentication if the last successful authentication request occurred in the office and within a given time period, such as within the last 30 minutes.

## About this task

This rule defines which authentication action to prompt the user with if the previous authentication request:

* Occurred within the defined period of time.

* Originates from the same accessing device that was used for the previous authentication request.

* Used an authentication method that is one of the allowed authentication methods included in this policy.

* The authenticating device's mobile location is the office.

If the previous request was made at an office location, you might want to define less strict authentication requirements. For example, a user signed on from a specific office within the last 30 minutes using their mobile device.

|   |                                                                                                                                                                                                                                                                                                                       |
| - | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | * If you are using PingOne DaVinci to orchestrate your PingID flows, this rule is not evaluated.

* Location services must be enabled on a user's devices for a location based policy to be applied to that device. For users with Android Q and later, the **Allow All The Time** option check box must be selected. |

|   |                                                                                                                                                                                                                                                                                                                                                                          |
| - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
|   | To use this rule at least one of the mobile app authentication method must be selected in the **Allowed Authentication Method** section, such as **Swipe**, **Mobile App Biometrics**, or **One-time passcode**. If this rule does not appear in the **[icon: plus, set=fa]Add Rule** list, ensure at least one of these authentication methods check boxes is selected. |

## Steps

1. From within the relevant policy, click**[icon: plus, set=fa] Add Rule** and select **Recent authentication from office**.

   ![A screen capture of the + Add Rule list.](_images/qxy1564020515392.png)

2. From the **Action** list, select which action to use if the previous authentication request was at an office location and within the time specified.

   ### Choose from:

   * **Deny** (default): Deny access for authentication requests originating from the selected countries.

   * **Approve**: Approve access without requiring PingID authentication.

   * **Authenticate**: Allow the user to authenticate using any of the authentication methods allowed at the policy level.

   * **Allowed Methods**: Click **Allowed Methods** to reveal a list of authentication methods allowed by this policy, and then select the check box of each authentication method that you want to allow for this rule. See [Rule authentication actions](pid_rule_auth_actions.html) for description per authentication type.

3. To define the time period that applies to the **Action** setting, from the **Authentication With Device Within** list, select the unit of time in **Minutes**, **Hours**, **Days**, or **Weeks**, and then enter the numerical value in the text box.

   ![A screen capture of the time unit list in the Authentication With Device Within section.](_images/fwo1564020516514.png)

4. To define additional office locations:

   The **Office Locations** wizard displays a list of the office locations currently defined. If the authenticating device is located within one of the defined areas, it is considered to be inside a company office.

   1. Click **[icon: plus, set=fa]Add office** or enter an address in the search box. ![A screen capture of the Office Locations wizard with the + Add Office option and map and search feature.](_images/inb1564020517083.png)

      ### Result:

      A blue circle appears on the map, defining the office area.

      ![A screen capture of a blue circle on a map defining a added office location.](_images/akm1564020517790.png)

   2. Use the white dots on the circle to fine-tune the geofence:

   ![A screen capture of a blue circle with white dots in the center and on the rim enabling editing of its position on the map.](_images/ooc1564020518625.png)

   * To reposition the circle, click and drag the white dot at the circle's center to the desired location.

   * To resize the circle, click and drag any white dot on the circle's rim.

     1. To add another office location, click a location outside the blue circle. A new circle is added.

     2. To edit an office location, click the **Pencil** icon (![fnb1564020519171](_images/fnb1564020519171.png)) and edit the name.

        By default, the location is named after its street address.![A screen capture of an added Office location defined by its street address.](_images/bsi1564020519674.png)

     3. To delete an office address, click the **Minus** icon (![pmh1564020520189](_images/pmh1564020520189.png)).

        |   |                                                                                                                                 |
        | - | ------------------------------------------------------------------------------------------------------------------------------- |
        |   | If you edit or delete offices in the **Office Locations** list, changes are applied to all rules that specify office locations. |

5. Click **Save**.

6. In the **Policy** list, click and drag the new policy and place it in the order in which you want it to be considered. Click **Save Order**.

## Next steps

To ensure the policy is applied to your organization, go to **PingID → Configuration** and ensure **Enforce Policy** is set to **Enabled**.