<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Restrict Specific Countries' Access to an Application using Dynamic Zone and App Sign-in Policy
Oct 9, 2025
Administration
Okta Identity Engine
Overview

This article provides steps to create a Dynamic Zone and apply it to an existing app sign-in policy rule to restrict application access to a specific country.

Applies To
  • Dynamic Zones
  • Authentication Policies
  • App Sign-in Policies
  • Okta Identity Engine (OIE)
Solution

  1. Navigate to Security > Networks.

  2. Select Add Zone > Dynamic Zone.

  3. Enter a name for the new zone.

  4. In the Locations field, select the appropriate country to allow.

Add Dynamic Zone

  1. Select Save.

  2. Navigate to Security > Authentication Policies.

  3. Locate and select the app sign in policy that applies to the desired application.

  4. Find the relevant rule within the policy and select the Edit option.

  5. In the IF condition section, locate the And User's IP is dropdown menu and select the newly created Dynamic Zone.

And User's IP is

  1. Click Save.
  2. Ensure all rules below this rule are set to DENY access.

  3. Verify that users have the intended access based on the new policy rule.

Related References

Recommended content

Still looking for help?
Loading
Restrict Specific Countries' Access to an Application using Dynamic Zone and App Sign-in Policy