Overview

Twingate enables organizations to control access to protected Resources based on geolocation. This allows admins to implement country-based blocking on their Resources.

Common Use Cases

• Blocking high-risk countries for compliance
• Allowing access only from countries where an organization has offices
• Limiting contractor access to known working locations

Location Determination and Accuracy

Twingate uses IP address-based geolocation. Latitude/longitude coordinates are obtained from a Google Cloud load balancer, truncated to two decimal places, and then mapped to a country. Country mapping uses geographical boundary data from Natural Earth.

Note that the accuracy of IP address-based geolocation is impacted by a variety of factors and may not be completely accurate in all cases.

Configuring location requirements

• Select the Resource Policy to add location requirements to and click Enable

• Choose the restriction type.
  • Allowlists let admins create a list of countries that are allowed to access Resources that use the Resource Policy.
  • Denylists let admins create a list of countries that are denied access to Resources that use the Resource policy.

• Based on the selected restriction type, select countries that should be allowed or denied access to Resources.

Restricted Countries

Certain countries are always blocked due to embargoes or other legal restrictions. These countries currently are:

• Cuba
• Iran
• North Korea
• Syria

As a result, these countries do not appear in the list of countries available for selection.

These countries, in addition to certain non-country regions, are always blocked. This is not user configurable and cannot be overridden.

Blocked devices

Devices blocked from accessing a Resource due to geoblocking will see the following error message.