Use this rule to define:

  • The authentication action to prompt the user with if the web accessing device is within the company network, such as requiring a specific authentication method when within the company network, like Mobile App Biometrics or Swipe, or allowing silent authentication when within the company network.
  • Optionally require the user's mobile authenticating device to be located within a defined office location during authentication with the Authenticating Device in Company Offices option. If this option is enabled, to sign on:
    • The user's authenticating device must be in a company office location.
    • The user's accessing device should originate from an IP address within the company network.

When creating this rule, you must specify the IP addresses that define the company network or define the geographic location of one or more offices around the world or both.

Note: If you are using PingOne DaVinci to orchestrate your PingID flows, the authenticating device in company offices section is not included in the policy evaluation.
  1. In PingOne, go to Setup > PingID > Policy.
  2. From within the relevant policy, click + Add Rule, and from the rule list, select Accessing From Company Network.
    A screen capture of the + Add Rule button displaying the rule list options.
    The Accessing From Company Network configuration wizard opens. A screen capture of the Accessing From Company Network configuration wizard.
  3. From the Action list, select the authentication action to be used if the rule conditions are met.
    • Approve: Approve access without requiring PingID authentication.
    • Authenticate: Allow the user to authenticate using any of the authentication methods available to the user, and allowed at the policy level.
    • Allowed Methods: Click Allowed Methods to reveal a list of authentication methods allowed by this policy, and then select the check box of each authentication method that you want to allow for this rule. See Rule authentication actions for description per authentication type.
  4. In the IP Addresses field, enter a list of external IP addresses or the IP range that belongs to the company network.
    Note:

    Enter the IP addresses and ranges using CIDR notation with each entry on its own line.

  5. To require a user's authenticating device to be in the company offices when signing on from within the company network:
    1. Go to the Authenticating Device In Company Offices section.
    2. Click Enable.
    3. Define one or more company office locations.

      If the authenticating device is located within one of the defined areas, it is considered to be inside a company office.

    Note:

    If you are including a company office location in this rule, Swipe, Mobile App Biometrics, or a One-time passcode must be defined as an Allowed Authentication Method to ensure location-based information can be collected from the user.

    The Office Locations wizard opens enabling you to define one or more office locations.
    A screen capture of the Office Locations wizard with one defined location and with the search location feature open with an "O" entered and results listed.
  6. To define additional office locations:
    1. Click + Add Office or enter an address in the search box.
      A blue circle appears on the map defining the office area.
      A screen capture of the Office Locations wizard with a defined office location and a blue circle identifying the location on the map.
    2. Use the white dots on the circle to fine-tune the geofence:

      A screen capture of the blue circle with white dots in the center and on the rim enabling the edit of the coordinates.
      • To reposition the circle, click and drag the white dot at the circle's center to the desired location.
      • To resize the circle, click and drag any white dot on the circle's rim.
    3. To add another office location, click a location outside the circle. A new circle is added.
    4. To edit an office location, click the Pencil icon () and edit the name.

      By default, the location is named after its street address.


      A screen capture of an added Office location defined by its street address.
    5. To delete an office address, click the Minus icon ().
    Note:

    If you edit or delete offices in the Office Locations list, changes are applied to all rules that specify office locations.

  7. To save the rule and apply it to the relevant policy, click Save.
  8. To rearrange and save the new policy order, in the policy list, click and drag the new policy and place it in the order in which you want it to be considered. Click Save Order.
To ensure the policy is applied to your organization, go to PingID > Configuration and ensure Enforce Policy is set to Enabled.