Login Settings
The Login Settings Page provides a central location to manage the Geo Restrictions and MFA settings on your ThreatLocker account. Here, you can set restrictions on organization-wide Geo Restrictions by countries and/or IP addresses, restrict MFA options, and override the MFA restrictions for specific users.
Navigate to Security Center > Login Settings.

Geo Restrictions

In the Geo Restrictions tab, you can specify countries and/or IP addresses from which logins to your ThreatLocker account are permitted or prohibited.
Under 'Do you want to restrict login to your ThreatLocker Account by country', select 'Yes' to create a list of countries from which login to your ThreatLocker account is permitted, or a list of countries from which login to your ThreatLocker account is prohibited.
Please note: If you create an allowlist, all countries not on the allowlist will be blocked. If you create a blocklist, all countries not on the blocklist will be permitted.

In the 'Allowed Countries' dropdown, select countries that login is permitted from, clicking the 'Add' button after each selection to create an allowlist.
In the 'Blocked Countries' dropdown, select countries that login is prohibited from, clicking the 'Add' button after each selection to create a blocklist.
When you have finished creating either an allowlist or a blocklist, be sure to click the 'Update Settings' button in the top left corner to save your settings.

Under 'Do you want to restrict login to your ThreatLocker Account by IP Address', select 'Yes' to create a list of IP addresses from which login to your ThreatLocker account is permitted, or a list of IP addresses from which login to your ThreatLocker account is prohibited.
In the 'Allowed IP Addresses' textbox, input IP addresses that login is permitted from, clicking the 'Add' button after each selection to create an allowlist.
In the 'Blocked IP Addresses' textbox, input IP addresses that login is prohibited from, clicking the 'Add' button after each selection to create a blocklist.

When you have finished creating either an allowlist or a blocklist, be sure to click the 'Update Settings' button in the top left corner to save your settings.
Please note: If you create an allowlist, all IP addresses not on the allowlist will be blocked. If you create a blocklist, all IP addresses not on the blocklist will be permitted. This does not override Allowed Countries. If you whitelist specific IPs within a country and also whitelist the country itself with Geo Restrictions, the entire country will be whitelisted.
MFA Settings

In the MFA Settings tab, at the top you will find a list of all ThreatLocker Admins on your account with their current MFA Method listed.
Below that, you can choose to limit the options for MFA across your organization. Once you select the button next to 'Yes', you can choose between DUO (if it is configured), SMS, or OTC. You can choose as many options as you'd like. These settings will apply to your entire organization.

If you haven't previously set up DUO, you can navigate to the Integrations Page and set up the DUO Integration for your organization. For assistance with the DUO Integration, see our associated article here.
You also have the ability to override the MFA settings for any user. Select 'Yes' in the next section under 'Do you want to override login restriction settings per user?'

Next, select the username from the dropdown list. Then select the desired MFA methods from the next dropdown, and click the 'Update' button.
Be sure to click the 'Update Settings' button at the top of the page after you make your selections. The next time admins log into the ThreatLocker Portal, if they do not currently have MFA set up, they will be forced to set up MFA according to your Login Settings.
