This rule defines which authentication action to prompt the user with if the previous authentication request:

  • Occurred within the defined period of time.
  • Originates from the same accessing device that was used for the previous authentication request.
  • Used an authentication method that is one of the allowed authentication methods included in this policy.
  • The authenticating device's mobile location is the office.

If the previous request was made at an office location, you might want to define less strict authentication requirements. For example, a user signed on from a specific office within the last 30 minutes using their mobile device.

  • If you are using PingOne DaVinci to orchestrate your PingID flows, this rule is not evaluated.
  • Location services must be enabled on a user's devices for a location based policy to be applied to that device. For users with Android Q and later, the Allow All The Time option check box must be selected.


To use this rule at least one of the mobile app authentication method must be selected in the Allowed Authentication Method section, such as Swipe, Mobile App Biometrics, or One-time passcode. If this rule does not appear in the + Add Rule list, ensure at least one of these authentication methods check boxes is selected.

  1. From within the relevant policy, click + Add Rule and select Recent authentication from office.
    A screen capture of the + Add Rule list.
  2. From the Action list, select which action to use if the previous authentication request was at an office location and within the time specified.
    • Deny (default): Deny access for authentication requests originating from the selected countries.
    • Approve: Approve access without requiring PingID authentication.
    • Authenticate: Allow the user to authenticate using any of the authentication methods allowed at the policy level.
    • Allowed Methods: Click Allowed Methods to reveal a list of authentication methods allowed by this policy, and then select the check box of each authentication method that you want to allow for this rule. See Rule authentication actions for description per authentication type.
  3. To define the time period that applies to the Action setting, from the Authentication With Device Within list, select the unit of time in Minutes, Hours, Days, or Weeks, and then enter the numerical value in the text box.
    A screen capture of the time unit list in the Authentication With Device Within section.
  4. To define additional office locations:

    The Office Locations wizard displays a list of the office locations currently defined. If the authenticating device is located within one of the defined areas, it is considered to be inside a company office.

    1. Click + Add office or enter an address in the search box.
      A screen capture of the Office Locations wizard with the + Add Office option and map and search feature.
      A blue circle appears on the map, defining the office area.
      A screen capture of a blue circle on a map defining a added office location.
    2. Use the white dots on the circle to fine-tune the geofence:

      A screen capture of a blue circle with white dots in the center and on the rim enabling editing of its position on the map.
      • To reposition the circle, click and drag the white dot at the circle's center to the desired location.
      • To resize the circle, click and drag any white dot on the circle's rim.
    3. To add another office location, click a location outside the blue circle. A new circle is added.
    4. To edit an office location, click the Pencil icon () and edit the name.

      By default, the location is named after its street address.

      A screen capture of an added Office location defined by its street address.
    5. To delete an office address, click the Minus icon ().

      If you edit or delete offices in the Office Locations list, changes are applied to all rules that specify office locations.

  5. Click Save.
  6. In the Policy list, click and drag the new policy and place it in the order in which you want it to be considered. Click Save Order.
To ensure the policy is applied to your organization, go to PingID > Configuration and ensure Enforce Policy is set to Enabled.