If the number of push notifications the user receives exceeds the limit defined, specify an action from the list of allowed methods that are available, or choose to deny the user access.

You can define an array of up to three push notification limits (subrules), and specify up to three actions that are triggered sequentially as the user reaches each limit. Select increasingly restrictive actions as the number of push notifications that are ignored or denied increases within the defined time period.

For example, within a 5-minute period:

  • After 5 push notifications, the user must authenticate with a security key.
  • After 10 push notifications, the user must authenticate using biometrics, or number matching (future feature).
  • After 15 push notifications, the user is denied access.
Limit push notifications rule showing the time period to which the limit applies, and three notification limits, defining the number of push notifications received during the time period, and the action that should be triggered when the limit is reached.

By default, only one limit is shown, however up to three limits can be defined. If you select Deny for the first or second limit action, no further actions can be specified.

  1. From within the relevant policy, click + Add Rule and from the list, select Limit push notifications.
    The Limit Push Notifications rule wizard opens.
  2. In the Time Period field, select the time period within which the push notifications limit is to apply (1-120 minutes).
  3. To define a push notification limit:
    1. In the After Push field, select the number of push notifications a user can receive within the time period specified, and in the Action field, select the action triggered when the limit is reached. Choose from the following actions:
      • Deny: Deny access after the number of push notifications is reached.
      • Allowed Methods: Click Allowed Methods to reveal a list of authentication methods allowed by this policy, and then select the check box of each authentication method that you want to allow for this rule. See Rule authentication actions for description per authentication type.
    2. Click Add to add another push notification limit.
  4. Click Save.
  5. In the Policy list, click and drag the new policy and place it in the order in which you want it to be considered. Click Save Order.
To ensure the policy is applied to your organization, go to PingID > Configuration and ensure Enforce Policy is set to Enabled.