For Google Workspace.

For Microsoft 365.

Question:

How to configure personal devices to be required One-Time Password while accessing from Outside of the Corporate Network?

Answer:

Such settings will be enabled by the following steps;

Set [Pass-cookie] on the company-use PC, and then, set [Pass-cookie] in the [OTP required condition] on the company side system.

* This [company-use PC] means the PC which has experienced logging in with company internal IP address. 

1. Go to [Access Policy Group] –> activate [Condition to allow access] -> Set up the requirements as follows;

　・Company Internal IP Address
　・Permit the entry permission cookie “has_pass:true”
　（the address in the red bracket is to be the company internal IP Address）

2. Go to [Domain settings] –> activate [Pass-cookie issue condition] –> specify [company internal IP address] in the issue requirement.

　・Company Internal IP Address

3. Go to [Access Policy Group] -> activate [Condition not to require OTP]
　　Set up the [Condition not to require OTP] as follows;

　・Company Internal IP Address
　・Permit/grant the entry permission cookie “has_pass:true”

　
After the above settings;

The OTP will be no longer required to the [PC accessing with the company internal IP address] and/or to the [PC which once has achieved access successfully with the company internal IP address] when they access from outside the office.

On the other hand, the OTP will be required to the [PC which has not yet achieved access with the company internal IP address] and/or [smartphone] when they access from outside the office.