Location Filter
-
- UpdatedAug 1, 2024
- 2 minutes to read
- Xanadu
- Platform Security
Location filter criteria can be used as filter input for users based on the user location.
Location filter is a filter criteria that the admins can use while crafting the authentication policies based on the physical location of the device.
- Location filter is available with Zero Trust Access feature. For more information, see Zero Trust Access.
- The instance should be on ADCv2. If the instance isn’t on ADCv2, then user location information won’t be available.
The location filter criteria enable you to perform the following:
- Act as policy input act for policy conditions to verify and meet the requirements for authentication.
- Provide an ability to create adaptive authentication policies based on the country.
- Allow or not allow instance access to a given geography.
- Use the geo location-based pre-authentication or post authentication policy to:
- Prevent access from sanctioned countries, outside of a tight privacy-controlled region, company discretion.
- Allow access to areas only within applicable privacy region and company discretion.
- Configure country-based allow list for authentication.
Use cases
Following are some of the use case for using location filter criteria for Adaptive Authentication:
- Block access to the instance from a country.
- Allow access to the instance only from a particular country.
- Enforce step-up authentication or MFA to log in based on country.
- Reduce or limit roles for the user based on the country.
- Location Filter criteria can be used for MFA, Zero Trust Access (ZTA), Pre-authenication context, and Post authentication context.
Location Identification
The location services for identifying the location of the user are provided by a third-party service - MaxMind.
The location of the user is identified through the VPN, from the x-forwarded-for header. In case if there’s no header populated by the service, then only the VPN IP (location) is displayed as the user location.