Control Access from Outside the US

Two part question.

  1. Is there a way to control geo-location access? For example all users in the US are authenticated and all attempts outside the US are restricted.

  2. When a user travels outside the US create a policy that allows them to authenticate while all other users not traveling are still restricted.

Hi @works2020 ,

  1. Yes, by way of the User Location policy (available in the Access and Beyond editions of Duo).

  2. You may place the user in question into a group that does not have the User Location policy enabled, or you can permit the country they are visiting. This group policy can then be assigned to the applications said user will need to log into. Please see the Duo Policy Guide for further information.


Exactly what I was looking for, appreciate it.