Determine which authentication action to prompt the user with when accessing the VPN or SSH, if the users device is within the company network.
You can require a user’s authenticating device to be in the company offices when signing on from within the company network. In addition, you can choose to silently authenticate the user without requiring active user intervention in the authentication process for in-network access.
To apply the PingID policy features that require IP address information, the client's IP address must be provided first. For more information, see Prerequisites: Pingfederate RADIUS server.
From within the relevant policy, click + Add Rule and from
the Conditions list, select Accessing from company
From the Action list:
- Approve: Approves access without requiring PingID authentication.
Authenticate: Allows a user to authenticate using any of
the authentication methods allowed at the policy level.Note:
If more than one authentication method is available, the method initiated by default is the method most recently paired by the user that is authenticating.
- Select a specific authentication method. The options listed are defined by those configured at policy level. For a description of each authentication type, see Rule authentication actions.
In the IP Addresses field, enter a list of external IP
addresses or ranges that belong to the company network.
Enter the IP addresses or ranges using CIDR notation with each entry on its own line.
To require a user's authenticating device to be in the company offices when signing
on from within the company network, in the Authenticating Device In
Company Offices field, click Enable and then
define one or more company office locations.
If you are defining a company office in addition to an IP address, in the Allowed Authentication Method section, select the Swipe, Mobile App Biometrics, or One-time passcode check box to define an authentication method to apply this rule.The Office Locations wizard opens, enabling you to define one or more office locations. If the authenticating device is located within one of the defined areas, it is considered to be inside a company office.
To define additional office locations:
Click + Add office or enter an address in the search
A blue circle appears on the map, defining the office area.
Click center of the circle to edit the coordinates.
- To reposition the circle, click and drag the white dot at the circle's center to the desired location.
- To resize the circle, click and drag any white dot on the circle's rim.
- To add another office location, click a location outside the circle. A new circle is added.
To edit an office location, click the Pencil icon
() and edit the
By default, the location is named after its street address.
- To delete an office address, click the Minus icon ( ).
If you edit or delete offices in the Office Locations list, changes are applied to all rules that specify office locations.
- Click + Add office or enter an address in the search box.
- In the Policy list, click and drag the new rule and place it in the order in which you want it to be considered. Click Save Order.
- Click Save.