The country is determined by the IP address of the accessing device and not by the authenticating device.

  1. From within the relevant policy, click + Add Rule and from the list, select Accessing From Countries.

    A screen capture of the Rules section with the + Add Rule list displayed.
    The Accessing From Countries rule wizard opens.
  2. From the Action list, select the action to use when signing on in the selected countries.
    • Deny (default): Deny access for authentication requests originating from the selected countries.
    • Authenticate: Allow the user to authenticate using any of the authentication methods allowed at the policy level.
    • Allowed Methods: Click Allowed Methods to reveal a list of authentication methods allowed by this policy, and then select the check box of each authentication method that you want to allow for this rule. See Rule authentication actions for description per authentication type.
  3. From the Countries list, select the check box next to each country that you want to include in the rule.

    A screen capture of the Accessing From Countries section with the Countries list displayed and an active country search of "united".


    Search by name

    In the Search box, enter a string or part of a string to search for a specific country.


    The list of countries is filtered to display only countries containing the string.

    View only the selected countries

    Click Show Only Selected.

    Select all countries in the list

    Click Select All.

    Clear all selections

    Click Unselect All.

  4. Click Save.
  5. If you have more than one policy listed, in the Policy list, click and drag the new policy and place it in the order in which you want it to be considered. Click Save Order.
To ensure the policy is applied to your organization, go to PingID > Configuration and ensure Enforce Policy is set to Enabled.