Overview

Twingate enables organizations to control access to protected Resources based on geolocation. This allows admins to implement country-based blocking on their Resources.

Common Use Cases

• Blocking high-risk countries for compliance
• Allowing access only from countries where an organization has offices
• Limiting contractor access to known working locations

Location Determination and Accuracy

Twingate uses IP address-based geolocation. Latitude/longitude coordinates are obtained from a Google Cloud load balancer, truncated to two decimal places, and then mapped to a country. Country mapping uses geographical boundary data from Natural Earth.

Note that the accuracy of IP address-based geolocation is impacted by a variety of factors and may not be completely accurate in all cases.

Configuring location requirements

• Select the Resource Policy to add location requirements to and click Enable

• Choose the restriction type.
  • Allowlists let admins create a list of countries that are allowed to access Resources that use the Resource Policy.
  • Denylists let admins create a list of countries that are denied access to Resources that use the Resource policy.

• Based on the selected restriction type, select countries that should be allowed or denied access to Resources.

Blocked devices

Devices blocked from accessing a Resource due to geoblocking will see the following error message.