Use this rule to waive PingID authentication if the last successful authentication request occurred within a specific IP range in the company network and within a given time period, such as within the last 30 minutes.
This rule defines which authentication action to prompt the user with if the previous authentication request:
- Occurs within the defined period of time.
- Originates from the same accessing device that was used for the previous authentication request.
- Uses an authentication method that is one of the allowed authentication methods included in this policy.
- The authenticating device's mobile location is within the specified IP range in the company network.
- Optional: You can require the user's mobile authenticating device to be located
within a defined office location during authentication. See the
Authenticating Device In Company Offices rule. Note:
If this option is enabled, to sign on:
- The user's authenticating device must be in a company office location.
- The user's accessing device should originate from an IP address within the company network.
When creating this rule, you must specify the IP addresses that define the company network and optionally define the geographic location of one or more offices around the world.
Note:
- If you are using PingOne DaVinci to orchestrate your PingID flows, location-based policy rules are not evaluated.
- Location services must be enabled on a user's devices in order for a location based policy to be applied to that device. For users with Android Q and later, the Allow all the time option must be selected.