Showing results for 
Search instead for 
Did you mean: 

Authentication Method (Block countries)

Level 1
Level 1

Is there a way to block countries using the authentication method?  For example I am able to block countries if the device IP shows in a country (that is not US, Canada, or India), but I want to block if the device IP is in say, the US, Canada, or India, but the Authentication Method device (cell phone, etc) shows in a country that is not one of those.

3 Replies 3

Level 3
Level 3

i dont beleive there is.. the assumption is that if you device is in a specific country, then the phone is also..

I wish they had something like that. We have been seeing trying to get in lately, and if we could block that, we would be better off.

Cisco Employee
Cisco Employee

While there is no way to explicitly define a policy with rules like you mentioned, you can apply some protection against unrealistic geovelocity with Trust Monitor (flagging auth events that show unrelaistic geo or geo mismatch between device accesses and authentication) and Risk-Based Factor Selection (step-up to more secure factor based on risk determinations).

Please contact Duo Support or your Duo Care success team (if you have one) to create a product feature request for policy options reflecting what you've described.

Duo, not DUO.
Quick Links