Rate Limits and Allowed IPs

To ensure that every PingOne customer has the share of resources they need at any given time, PingOne sets rate limits based on your purchased PingOne products, as well as the product APIs licensed in your product license. Rate groups, which are groups of endpoints related to a particular product or service, each have their own rate limit entitlements.

Use the API Usage Dashboard to monitor your peak usage against the established entitlements so that you can plan effectively and request a Maximum Throughput Assurance package if necessary. Learn more in API Usage Dashboard.

In addition to overall API usage limits based on your product license, there are environment-level limits per IP address for traffic that comes from a single IP address or server. An IP address is limited to 35% of the overall license rate by default. This limit prevents a single user, client, or device from consuming the full rate entitlement. If a significant portion of the API usage for your environment comes from a specific set of internal servers or a limited range of IP addresses, you can enter them on the Rate Limits and Allowed IPs page to allow traffic from those servers and addresses to exceed the Per IP Per Environment limits for the environment.

For Trial licenses, an IP address can use 100% of the overall license rate, and the Server-Sourced Traffic list doesn’t apply, but the overall rate cap is lower.

A screen capture of the Rate Limits and Allowed IPs page in PingOne showing a sample IP address in the Allowed IP addresses or CIDR ranges field.

You must have the Environment Admin role or a custom role with equivalent permissions to configure these settings. Administrators who have the Configuration Admin role can view this page but cannot edit the settings.

Configuring rate limits and allowed IPs

Use the Rate Limits and Allowed IPs page in PingOne to allow traffic from specific IP addresses to exceed the Per IP Per Environment limits for the environment.

Use this setting to allow traffic concentrated through your company systems before it comes into PingOne to bypass the per IP rate limits. It isn’t intended to allow excess traffic from individual user IP addresses.

This setting does not allow you to exceed the per license entitlement limits.

Before you begin

You must have the Environment Admin role or a custom role with equivalent permissions to configure Rate Limits and Allowed IPs.

Steps

In the PingOne admin console, go to Settings > Rate Limits.

The Maximum HTTP Requests from License <licenseID> table displays the per license and per IP per environment entitlement limits for each applicable rate group.

You can click View API Usage Dashboard to open the dashboard in a separate window.
In the Server-Sourced Traffic section, enter the IP addresses or address ranges to exclude from the per IP per environment limits.

IPv4 addresses, IPv6 addresses, and CIDR ranges are accepted. Enter one IP address or CIDR address range per line.
(Optional) Click + Add to add rows and enter more addresses as needed.
Click Save.

Result

The traffic from the IP addresses or ranges you entered is no longer limited at the per IP per environment level.

To view the auditing information for when IP rate limits were exceeded, click View rate limit alert history. The IP rate limiting event types are selected by default. Learn more about configuring and running auditing reports in Running an audit report.