Skip navigation
Product & Engineering

Easily Enable Conditional Access by Country with Duo

The conflict in Ukraine has shined a light on threats from bad actors operating from specific parts of the world. If you haven’t done so already, this is an opportune time to evaluate, and if necessary tighten, your organization’s security posture. Enabling conditional access policies that block access from specific countries would be an excellent way to do this.

Our latest Duo Trusted Access Report found that roughly 74% of organizations implementing location restrictions choose to restrict access from Russia and China. Other countries topping the list include North Korea (42%), Iran (37%), Afghanistan (28%), Ukraine (22%), Iraq (21%), Nigeria (19%), Syria (19%) and South Korea (16%):

How to block access by location with Duo

Duo Access and Duo Beyond customers can set a conditional access policy in only a few minutes that prevents unauthorized access from any location.

To change your user location policy, go into the Duo Admin panel navigate to Policies and click “Edit Global Policy.” Start typing the country name into the Duo Admin Panel to select it from the list. Change the drop-down to “Deny access,” then click “Save.” This prevents all authentication attempts from IP addresses that originate from the selected country.

This policy setting overrides other access policies, like Authentication Policy, Authorized Networks and Remembered Devices, when the setting applied here is more restrictive than the setting applied by those other policy options.

Learn more about enabling conditional access by country

Try Duo For Free

With our free 30-day trial, see how easy it is to get started with Duo and create custom conditional access policies based on role, device, location, and many other contextual factors.