--- title: Using predictors to recreate legacy PingID policy rules description: This section is a guide for the admin who has migrated a PingID account from the legacy PingID admin portal to PingOne and wants to know how to create configurations similar to legacy PingID policies in PingOne. component: pingone page_id: pingone:threat_protection_using_pingone_protect:p1_protect_recreating_legacy_pingid_rules canonical_url: https://docs.pingidentity.com/pingone/threat_protection_using_pingone_protect/p1_protect_recreating_legacy_pingid_rules.html section_ids: creating-useful-predictors-to-recreate-legacy-pingid-rules: Creating useful predictors to recreate legacy PingID rules CountriesPredictor: Allowed or disallowed countries predictor RecentAuthenticationFromOfficePredictor: Recent authentication from company network predictor steps: Steps --- # Using predictors to recreate legacy PingID policy rules This section is a guide for the admin who has migrated a PingID account from the legacy PingID admin portal to PingOne and wants to know how to create configurations similar to legacy PingID policies in PingOne. This section is relevant for workforce environments only. | | | | - | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | Configure device management and PingID mobile app-related settings in the **PingID mobile application** located on the **Applications** tab. Learn more in [(Workforce Only) Configuring the PingID mobile application settings](../strong_authentication_mfa/p1_configuring_pid_mobile_application.html). | The following table details common policy-related configurations in the legacy PingID admin portal and how to configure equivalent configurations in PingOne: | Legacy PingID policy field or rule | Where is it in PingOne? | | ----------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Allowed Methods | In the [MFA policy](../strong_authentication_mfa/p1_creating_an_mfa_policy_for_strong_auth.html), define the MFA methods you want to allow\.Some authentication methods require additional configurations. Learn more in [Setting up an environment for strong authentication (MFA)](../strong_authentication_mfa/p1_create_environment_strong_authentication_start.html). | | Accessing From Company Network Rule | The location-based part of this rule isn't available in PingOne.You can create a [composite predictor](p1_protect_adding_composite_predictors.html) that specifies a range of allowed IP addresses. | | Accessing From Countries | Create a composite predictor that specifies the countries that you want to allow or disallow. For an example, see [Allowed or disallowed countries predictor](#CountriesPredictor). | | Authenticating From a New Device | Create a New Device predictor. Learn more in [Configuring predictors](p1_protect_managing_predictors.html). | | Recent Authentication From Office | The location-based part of this rule is not available in PingOne, and is deprecated in the legacy PingID admin portal.You can create a Recent authentication from company network predictor to recreate some of this functionality. Learn more in [Recent authentication from company network predictor](#RecentAuthenticationFromOfficePredictor). | | Recent Authentication | Configure remembered devices and enable the 'Remember me' feature in the MFA policy.Learn more in [Configuring an MFA policy for strong authentication](../strong_authentication_mfa/p1_creating_an_mfa_policy_for_strong_auth.html) and [Remembered Devices](https://developer.pingidentity.com/pingone-api/mfa/users/remembered-devices.html) in the PingOne API documentation. | | Mobile OS Version | This option is only available in PingOne for registration flows. Define a list of allowed or disallowed Mobile OS versions for mobile app pairing as part of the [PingID mobile application configurations](../strong_authentication_mfa/p1_configuring_pid_mobile_application.html). | | Geovelocity Anomaly | Configure a [Geovelocity Anomaly Predictor](p1_protect_risk_predictors.html) and add it to a risk policy. | | Limit Push Notifications | Configure a push notification limit in the [MFA policy](../strong_authentication_mfa/p1_creating_an_mfa_policy_for_strong_auth.html). | ## Creating useful predictors to recreate legacy PingID rules Use a composite predictor to recreate legacy PingID rules, such as the following examples: * [Allowed or disallowed countries predictor](#CountriesPredictor) * [Recent authentication from company network predictor](#RecentAuthenticationFromOfficePredictor) ### Allowed or disallowed countries predictor This section explains how to configure a composite predictor that recommends the appropriate authentication action for a user, based on the country where their device is located. 1. Configure a composite predictor in which you specify the allowed countries that would return a low risk score: 1. In the PingOne admin console, go to **Threat Protection > Predictors**. 2. Click the **+** icon, and in the **Predictor** list, select **Composite**. 3. In the **Display Name** field, enter a name for the predictor. The display name is used in the **Threat Protection Dashboard** and policy configuration. 4. In the **Compact Name** field, enter a short name. This name is returned in the API response. | | | | - | -------------------------------------------------------- | | | You can't change the compact name after it's been saved. | 5. Configure the following criteria for the composite predictor: * Predictor condition: **All**. * In the list, select **Country**. * Select the **Is In** operator. * In the Country list, select one or more countries. * For **Risk Level Equals**, select **Low**. * (Optional) To configure the risk level result to assign if the defined conditions are not met, for **Else Return**, select **Medium** or **High**. 2. Create a risk policy and add the Allowed Countries composite predictor to the mitigations list. 1. Go to **Threat Protection > Risk Policies**, and click the **+** icon. 2. Enter a unique name for the risk policy. 3. Select the user groups and applications to which you want the policy to apply. 4. In the **Mitigations** section, click **+ Add** and select the Allowed Countries composite predictor that you created in the previous steps. 5. Use the **Operator**, **Level**, and **Returned Action** fields to define the action you want, based on the risk level returned by the rule. 1. If you select **MFA** as the **Returned Action**, define the following: * **Authentication**: Select the MFA policy you want to apply in an authentication flow. * **Registration**: Select the MFA policy you want to apply in a registration flow. 2. Click **Apply**. To create a similar predictor, specifying the countries you want to disallow, repeat the steps above, specifying the **Not In** operator instead of the **Is In** operator. ### Recent authentication from company network predictor This section describes how to create a composite predictor to bypass PingID authentication if the last successful authentication request occurred within a specific IP range in the company network and within a given time period, such as within the last 30 minutes. ## Steps 1. Before you configure the predictor, in the relevant MFA policy, under **Remember Me Configurations**, select **Web Sessions**, and then enter a duration. 1. Create one or more remembered devices. Learn more in [Remembered Devices](https://developer.pingidentity.com/pingone-api/mfa/users/remembered-devices.html) in the PingOne API documentation. 2. Configure a composite predictor in which you specify the allowed IP range that would return a low risk score: 1. In the PingOne admin console, go to **Threat Protection > Predictors**. 2. Click the **+** icon, and in the **Predictor list**, select **Composite**. 3. In the **Display Name** field, enter a name for the predictor. The display name is used in the **Threat Protection Dashboard** and policy configuration. 4. In the **Compact Name** field, enter a short name. This name is returned in the API response. | | | | - | -------------------------------------------------------- | | | You can't change the compact name after it's been saved. | 5. Configure the following criteria for the composite predictor: * Predictor condition: **All**. * In the list, select **IP**. * Select the **Is In** operator. * Enter an IP range in the format x.x.x.x/xx (for example, 1.1.1.1/24). * For **Risk Level Equals**, select **Low**. * (Optional) To configure the risk level result to assign if the defined conditions are not met, for **Else Return**, select **Medium** or **High**. 3. Create a risk policy and add the Recent authentication from company network predictor to the **Mitigations** list: 1. Go to **Threat Protection > Risk Policies**, and click the **+** icon. 2. Enter a unique name for the risk policy. 3. Select the user groups and applications to which you want the policy to apply. 4. In the **Mitigations** section, click **+ Add** and select the Recent Authentication from the officerule that you created in the previous steps. 5. Use the **Operator**, **Level**, and **Returned Action** fields to define the action you want, based on the risk level returned by the rule. 1. If you select **MFA** as the **Returned Action**, you'll also need to define the: * **Authentication**: Select the MFA policy you want to apply in an authentication flow. * **Registration**: Select the MFA policy you want to apply in a registration flow. | | | | - | ----------------------------------------------------------------------------------- | | | Make sure to select an MFA policy that is configured to support remembered devices. |