Create a global session policy
Creating global session policies for groups in your org helps you identify users when they sign in and set the context for them to advance to the next step. Global session policies also specify whether to allow access and how frequently to prompt for a challenge. Users who aren't identified by one of your group policies are evaluated by the default policy, which allows access with two factors.
In the Admin Console, go to .
Click Add policy.
Enter a policy name and description.
In the Assign to Groups field, specify which groups to apply the policy. The group names must already exist before assigning them to a policy.
Click Create Policy and Add Rule.
The next step is to add at least one rule to your new policy. Policies without rules can't be applied. See Add a global session policy rule.
Add a global session policy rule