> For the complete documentation index, see [llms.txt](https://docs.oort.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.oort.io/understanding-check-failures/oort-insights/identity-posture-management-insights/access-from-denied-countries.md).

# Access from Denied Territories

Detects successful logins from territories restricted because of embargoes or other government regulations, or where the network's ASN country is restricted regardless of IP address's reported location. This check applies to employees and external entities, including third parties and contractors.

The default list of restricted territories is based on the Office of Foreign Assets Control's guidelines and can be customized via Custom Detection Settings to align with your organization's specific requirements.

#### **Recommended Actions**

Audit the user's recent activity for any suspicious behavior, data access, or configuration changes. Contact the user directly through a trusted channel (not email) to confirm that the login was authorized. If the login was not legitimate, immediately revoke all active sessions and reset the user's credentials.\
\
If the access was legitimate, document the business justification for accessing corporate resources from a restricted territory. Implement preventative measures to reduce risk from high-risk or non-business-related regions by configuring firewall rules, applying location-based access policies, and enabling identity provider settings (such as Duo Risk-Based Authentication) to block access or require additional verification for logins from restricted territories or unapproved geographic locations.

#### **Default Check Settings**

Block List: 14 items

#### **Compatibility**

[Microsoft Entra ID](/integrations/azure-active-directory-integration.md)

[Okta](/integrations/okta-data-integration.md)

[Duo](/integrations/duo-security-integration.md)

[Salesforce](/integrations/salesforce-integration.md)

[GitHub](/integrations/github.md)

[AWS](/integrations/aws.md)

[OpenAI](/integrations/openai.md)

<figure><img src="/files/gCj3WLJCuAl8ud0XLqKc" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.oort.io/understanding-check-failures/oort-insights/identity-posture-management-insights/access-from-denied-countries.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.