The PingID mobile app can collect user location information to provide valuable contextual information for use in current and future risk-based policies and data analytics.
Location collection is defined per organization and is not enabled by default. Location is only collected when a policy that requires it is configured. If enabled, when installing the PingID mobile app, end users are prompted to allow the PingID mobile app the relevant permissions to collect location information. Users can disable location collection by the PingID app in their mobile device settings.
Location-based policies already defined in your system might deny users access during authentication. We recommend that you enable location collection for all organizations to enable you to apply location-based policy rules and to allow for behavioral analysis in the future.
When changing location collection configuration at the organization level:
- Changes will apply to the end user's mobile device the next time the end user authenticates online.
- If a mobile device is paired with more than one organization, changing location services for one organization level affects all organizations with which the device is paired.
If you are enabling location collection for an organization:
- Configure a policy that requires location collection. For more information, see PingID policy settings.
If you are disabling location collection for an organization:
- When pairing a device with the PingID mobile app, users are not prompted to allow location collection
when pairing a new device. Note:
Although location collection remains enabled, if location collection is disabled at the organization level, PingID will not collect location information from the user’s device.
- If the user has the PingID mobile app installed and has granted permission to location collection, the collection of location information will stop the next time the user authenticates online. The user is not prompted to authorize this change and location is not collected, regardless of whether location collection settings for PingID are allowed or denied.
- When pairing a device with the PingID mobile app, users are not prompted to allow location collection when pairing a new device.
If you are re-enabling location collection for an organization:
- When installing the PingID
mobile app on a device and pairing, users are prompted to allow location collection
permissions when pairing the device with the organization.Note:
Android users running Android Q and later must select Allow all the time.
- If the user already has PingID
installed and did not grant permission to location collection in the past, their
device will prompt them to grant permission the next time they open the PingID app. Important:
A user authenticating through the lock screen is not prompted to allow location permissions, and location collection is not enabled. To approve location permissions, the user must unlock their device and open the PingID app. After the user approves location collection, PingID collects location information.
If a user is paired with a different organization that has not enabled location collection, location information will not be collected.
- When installing the PingID mobile app on a device and pairing, users are prompted to allow location collection permissions when pairing the device with the organization.