Geo-based access policies
I am new. Where should I start?
Purpose
Geo-based access control allows organizations to:
Restrict access by country or region
Allow access only from approved geographic locations
Block access from high-risk or restricted regions
Comply with regulatory, legal, or internal security requirements
This feature helps reduce security risks related to unauthorized or suspicious access from certain locations.
Prerequisites
Remember to check the following before configuration:
You have Admin or Security Management permissions
An Access Security policy can be created or edited
You know which countries or regions should be allowed or denied
Geo-location detection is enabled and supported by the system
I already understand. How do I proceed step by step?
Step 1: Create a New Access Security Policy
Sign in as an administrator : Oten Admin | Security Policy & User management
Profile Account → Admin
Welcome page Admin
Click on menu Security Policy → Access Security
Select Create new access security
Fill in the required fields:
Access security code
Access security name
(Optional) Add a Description to clarify the policy purpose
Step 2: Add an Access Security Rule
In the Access Security Rules section, select Add rule
A new rule (for example, Rule 1) will appear
Step 3: Add Geo Location Condition
Under the rule, select Add condition
Choose Location (Country / Region)
Step 4: Select Policy Mode
Choose how geographic locations are evaluated:
Whitelist / Allow
Users from the selected countries or regions will have access
All other locations will be denied
Example:
Allow access only from Vietnam and Singapore
Blacklist / Deny
Users from the selected countries or regions will not have access
All other locations will be allowed
Example:
Deny access from restricted or high-risk countries (Cambodia,..)
Step 5: Select country or region
In the Country / Region field, select one or more locations
Multiple countries or regions can be added based on policy needs
Step 6: (Optional) Combine with Other Conditions
Select Add condition to combine geo-based rules with:
IP or IP ranges
Device OS
Device compliance
All conditions in the same rule are evaluated together
Step 7: Create Access security policy
Review all rules and conditions
Select Create access security to activate the policy
Result
User access is evaluated based on detected geographic location
Access is automatically allowed or denied based on policy configuration
Policies are enforced during sign-in and access attempts
Additional notes
Geo-location is determined using IP-based location data
VPNs or proxies may affect location accuracy
If Whitelist / Allow is used and no location matches, access is denied by default
If Blacklist / Deny is used, only selected locations are blocked
For stronger security, combine geo-based rules with MFA
Summary
Geo-based policies control access by country or region
Supports both allowlist and denylist strategies
Helps improve security and regulatory compliance
Works best when combined with other access security controls
Last updated