Duo: Automatic blocking of logins from OFAC-regulated locations

Tags duo 2fa ofac

As of May 5, 2022, authentications to MSU Duo-protected applications (Microsoft 365 email, Banner, Canvas, CAS, VPN, etc.) coming from countries or regions that are currently under economic or trade sanctions from the U.S. Office of Foreign Assets Control (OFAC) are blocked.

Users will receive an "Access Denied. Duo Security does not provide services in your current location." error message or other generic failed login message if attempting to authenticate from these locations.

Please see the announcement from Duo below for more information including a list of the countries or regions affected:

In order to comply with U.S. regulations, Duo will begin blocking authentications from users whose IP address originates in a country or region subject to economic and trade sanctions enforced by the U.S. Office of Foreign Assets Control.
Beginning May 5, 2022, users attempting to authenticate to a Duo-protected application from an access device with an IP address originating in an OFAC-regulated country or region will be blocked from completing their login and receive an error message. This change will roll out May 5 through 12 as part of Duo’s regular release process.
Web-based applications will display the following error message: “Access denied. Duo Security does not provide services in your current location.” Other applications may display a generic failed login message.
OFAC restrictions relevant to Duo currently apply to the following countries or regions:

  • Cuba
  • North Korea
  • Iran
  • Sudan
  • Syria
  • Crimea region
  • Sevastopol region
  • Donetsk Region
  • Luhansk region

-Duo Technical Communications Team on behalf of Duo Security


Article ID: 1876
Wed 3/2/22 9:35 AM
Mon 3/18/24 5:33 PM