---
title: Suppressing the Local Network Access prompt for PingID desktop authentication
description: Security updates in Chromium-based browsers (specifically Google Chrome version 142 and Microsoft Edge version 143) introduced a new permission layer known as Local Network Access (LNA).
component: pingone
page_id: pingone:strong_authentication_mfa:p1_pid_desktop_app_v2_windows_manage_lna_prompt
canonical_url: https://docs.pingidentity.com/pingone/strong_authentication_mfa/p1_pid_desktop_app_v2_windows_manage_lna_prompt.html
section_ids:
overview: Overview
use-cases: Use cases
windows-machines: Windows machines
google-chrome: Google Chrome
microsoft-edge: Microsoft Edge
mac-machines: Mac machines
google-chrome-2: Google Chrome
microsoft-edge-2: Microsoft Edge
---
# Suppressing the Local Network Access prompt for PingID desktop authentication
## Overview
Security updates in Chromium-based browsers (specifically Google Chrome version 142 and Microsoft Edge version 143) introduced a new permission layer known as Local Network Access (LNA).
This security feature prevents public websites from communicating with local devices or services (such as the PingID desktop application running on localhost) without explicit permission. Unless configured otherwise, users will see a popup on their browser prompting them for approval each time they authenticate with PingID desktop app
To ensure a seamless, passwordless experience, you can configure the browser policies to add the PingOne authentication URLs to the allow list. This preapproves those URLs and eliminates the need for user interaction during the handshake between the browser and the PingID desktop client.
## Use cases
This procedure varies slightly depending on the browser used. The following examples show how to add the necessary PingOne origins to the allow list for the most commonly used browsers.
### Windows machines
The following examples show how to use Group Policy (GPO) for Windows to add the necessary PingOne URls to the allow list for Google Chrome and Microsoft Edge.
#### Google Chrome
1. Download and install the latest Google Chrome Administrative (ADMX) Templates.
2. On your Group Policy management server, run the following command:
`gpmc.msc`
3. Navigate to the relevant Group Policy Object (GPO) or create a new one.
4. Go to **Computer Configuration > Policies > Administrative Templates > Google Chrome > Local Network Access settings**.
5. Double-click the **Allow sites to make requests to local network endpoints** policy.
6. Click **Enabled**, and then under **Options** click **Show…**.
7. In the **Show Contents** modal, add the PingOne authentication URLs for all relevant geographies (for example, `https://auth.pingone.com`, `https://auth.pingone.eu`), and then apply the changes.
| | |
| - | ------------------------------------------------------------------------------- |
| | This adds the public URL that initiates the request, not the local application. |
8. Push the policy to all Windows user machines.
#### Microsoft Edge
1. Download and install the latest Microsoft Edge Administrative (ADMX) Templates.
2. On your Group Policy management server, run the following command:
`gpmc.msc`
3. Navigate to the relevant GPO, or create a new one.
4. Go to **Computer Configuration > Policies > Administrative Templates > Microsoft Edge > Network settings**.
5. Double-click the **Allow sites to make requests to local network endpoints** policy.
6. Click **Enabled**, and then under **Options** click **Show…**.
7. In the **Show Contents** modal, add the PingOne authentication URLs for all relevant geographies (for example, `https://auth.pingone.com`, `https://auth.pingone.eu`), and then apply the changes.
| | |
| - | ------------------------------------------------------------------------------- |
| | This adds the public URL that initiates the request, not the local application. |
8. Push the policy to all Windows user machines.
## Mac machines
The following examples show how to add the necessary PingOne origins to the allow list for Google Chrome or Microsoft Edge by providing the necessary approvals in the browser or pushing a Mobile Device Management (MDM) policy.
### Google Chrome
You can enable access through either:
* An MDM-pushed Chrome policy for macOS
To deploy the Chrome policy using traditional MDM tools (for example Jamf or Intune), use the following XML payload snippet. Deploy this as an Application & Custom Settings payload using the preference domain com.google.Chrome. This policy adds your Ping domains for local network access to the allow list.
Example XML Payload for MDM
```xml
LocalNetworkAccessRestrictionsEnabled
LocalNetworkAccessAllowedForUrls
[*.]pingone.com
[*.]yourdomain.com
```
* A Google Workspace-managed Chrome policy.
If you manage Chrome using the Google Admin console, in the Google Admin console, go to **Devices > Chrome > Settings > User & browser settings > Custom Chrome Policy** and apply the following JSON configuration:
Example JSON Payload for Google Workspace
```json
{
"LocalNetworkAccessAllowedForUrls": [
"[*.]pingone.com",
"[*.]yourdomain.com"
],
"LocalNetworkAccessRestrictionsEnabled": true
}
```
* Manual user approval in Google Chrome.
Users can manually allow access when prompted by the browser for local network permissions.
### Microsoft Edge
You can enable access through an MDM-pushed Edge policy for macOS.
To deploy the Edge policy using traditional MDM tools (for example, Jamf or Intune), use the following XML payload snippet. Deploy this as an Application & Custom Settings payload using the preference domain `com.microsoft.Edge`. This policy adds your Ping Identity domains for local network access to the allow list.
\+
Example XML Payload for MDM
```xml
LocalNetworkAccessRestrictionsEnabled
LocalNetworkAccessAllowedForUrls
[*.]pingone.com
[*.]yourdomain.com
```