Block a specific country location? Skip to main content
https://support.okta.com/help/answers?id=9060z00000078bbqay&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
David AirDavid Air 

Block a specific country location?

Hi,
How can i block a specific country location from trying to log into Okta?
We are getting alot of accounts locked out by repeated attempts to login from countries our users arent in.
Ryan Tapp (Admin)Ryan Tapp (Admin)
David, I believe this is part of the adaptive MFA product (at least for us, it showed up once we got some licenses for that product).  It's called a Dynamic Zone.  If you go to Security -> Networks and you have the ability to Add Zone, see if Dynamic Zone is there.  Once you create the zone you can use it in policies elsewhere OR you can check the "Blacklist IPs from this zone" to immediately stop those countries from logging in.  Blacklisting is the only way to stop the "DDOS" by account lockouts in AD.  If you try to use them in other policies for logging in to Okta or particular applications, the lockouts will continue.  See my question below regarding Dynamic Geo-Location Zones and AD Account Lock-outs.
TeDeryl BrownTeDeryl Brown (Okta, Inc.)
Hi David, TeDeryl here with Okta Support. To provide the best guidance on this issue, I would suggest to open a case with our support team. We do have a feature flag that can help with Geo-Location blocking. This feature will prevent access from any other country than the one's selected for access. I have also added our documenation on 'Networks' for review if needed. https://help.okta.com/en/prod/Content/Topics/Security/Security_Network.htm