You might want to define stricter authentication requirements for older, more vulnerable OS versions.


To use this rule, at least one mobile app authentication method must be selected in the Allowed Authentication Method section, such as Swipe, Mobile App Biometrics, or One-time passcode. If this rule does not appear in the + Add Rule list, ensure at least one of these authentication methods is selected.

Note: If you are using PingOne DaVinci to orchestrate your PingID flows, this rule is not evaluated.
  1. From within the relevant policy, click + Add Rule and from the list, select Mobile OS Version.

    A screen capture of the + Add Rule list.
    The Mobile OS Version rule wizard opens.
    A screen capture of the Mobile OS Version rule wizard.
  2. From the Action list, select which authentication action to use for OS versions meeting the defined criteria.
    • Deny (default): Deny access for authentication requests originating from the selected countries.
    • Approve: Approve access without requiring PingID authentication.
    • Authenticate: Allow the user to authenticate using any of the authentication methods allowed at the policy level.
    • Allowed Methods: Click Allowed Methods to reveal a list of authentication methods allowed by this policy, and then select the check box of each authentication method that you want to allow for this rule. See Rule authentication actions for description per authentication type.
  3. To define the minimum or maximum permitted mobile operating system versions and associated action:
    1. Select the check boxes next to the OS that you want to include in the rule: iOS, Android, or both.
    2. For each OS that you want to include, select either:
      • Above, and then select the minimum permitted operating system version from the list.
      • Below, and then select the minimum permitted operating system version from the list.
  4. Click Save.
  5. In the Policy list, click and drag the new policy and place it in the order in which you want it to be considered, and then click Save Order.
To ensure the policy is applied to your organization, go to PingID > Configuration and ensure Enforce Policy is set to Enabled.