Access: allow from IP address OR email address

I’m trying to setup ‘access’ to allow anyone on our office IP or, if they’re not in the office, using their company email address.

The rules I’ve setup looklike this:

IP Ranges: x.x.x.x/32
Emails Ending in:

However, everyone is still being prompted to login with their email address despite being behind that IP address.

I use the same setup. Bypass for my Home IP address range, and Allow for an email address.

It sounds like you don’t have it set to Bypass for the IP address range. Or the IP range isn’t correct. Is it possible you’re using IPv6?

Ah ha! It was in fact the lack of Bypass… but surely including the IP address as part of a policy that’s then ‘allowed’ should work?

If it doesn’t, then I need to create 2 policies (one for email address, one for IP address) and then include both of those into every rule I create. Which seems… dumb.