By default, the default policy includes a single default action Authenticate that is applied to a user access request. You can edit the default policy to modify the default action or to include additional rules.


An application- or group-specific policy always overrides the default policy configuration. To configure an application- or group-specific policy, see Configuring an app or group-specific authentication policy.

  1. In the admin portal, go to Setup > PingID > Settings > Policy > Web.
    The Default Policy is displayed.
    A screen capture of the Default Policy list displaying the Allowed Authentication Methods with the Desktop, Email, One-time passcode check boxes selected.

  2. Click the Expand icon ( ), and then click the Pencil icon ( ).
    The Default Policy section displays showing the Default Action rule.
    A screen capture of the Default Policy section displaying the Default Action rule.
  3. To edit the Default Action rule, click the Arrow icon to expand the rule.

    The Default Action rule determines which authentication action will be performed when no other default policy rule applies.

  4. Select the action you want to apply:
    • Approve: Approve access without requiring PingID authentication.
    • Authenticate: Allow the user to authenticate using any of the authentication methods available to the user, and allowed at the policy level.
    • Allowed Methods: Click Allowed Methods to reveal a list of authentication methods allowed by this policy, and then select the check box of each authentication method that you want to allow for this rule. See Rule authentication actions for description per authentication type.
    • Deny: Deny access.
  5. From the Allowed Authentication Methods list, select a specific authentication method check box.

    The options listed are defined by those configured at policy level. For descriptions by authentication type, see Rule authentication actions.

  6. To add and configure one or more rules to replace the Default Action:
    1. Click + Add Rule.
    2. Configure one or more of the following rules:
  7. Click Save.
The Default Policy is saved and applied to all applications where an application-specific policy is not defined.