Configure an Enhanced Dynamic Zone to Allow Access From Specific Countries in Okta
May 5, 2026
Administration
Okta Classic Engine
Okta Identity Engine
Network Zones
Overview
Configuring an Enhanced dynamic zone in Okta restricts tenant access to specific geographic locations. This configuration allows access exclusively from designated countries while blocking all other locations.
Applies To
- Okta Identity Engine (OIE)
- Okta Classic Engine
- Security
- Enhanced Dynamic Zone
Solution
What are the steps to configure an Enhanced dynamic zone to restrict access by country?
Navigate to the network security settings in the Admin Console to create a new Enhanced dynamic zone, configure the blocking conditions for the network zone, and specify the allowed countries to restrict tenant access.
- In the Okta Admin Console, navigate to Security > Network.
- Select Add zone > Enhanced dynamic zone.
- Enter a name for the network zone.
- Select the Block access from IPs matching conditions listed in this zone checkbox.
- Under Locations, select the All locations except option.
- Add the countries permitted to access the Okta tenant.
NOTE: This configuration restricts access to only the selected countries.
