Skip to content

Foreign Sanction Impacts on Duo Two-Factor Authentication

May 12, 2022
image with the green Duo multifactor authentication service logo on it.

UC Merced users traveling abroad should be aware of the impact of this change.
Starting May 5, 2022, UC Merced’s two-factor authentication (2FA) tool, Duo, began blocking authentications from users whose IP address originates in a country or region subject to economic and trade sanctions enforced by the U.S. Office of Foreign Assets Control (OFAC). UC Merced affiliates attempting to authenticate to Duo-protected applications from the following OFAC-regulated countries or regions will be blocked from completing their login and will receive an error message:

  • Cuba

  • North Korea

  • Iran

  • Sudan

  • Syria

  • Crimea region

  • Sevastopol region

  • Donetsk region

  • Luhansk region

This means that UC Merced affiliates based in or traveling to these countries or regions will not be able to access or communicate via most University-provided technology resources. This restriction is based on location, not identity, and applies to all methods of Duo authentication, including the Duo mobile app, SMS text messages, phone calls, and physical tokens. Due to University security requirements, there are currently no recommended alternatives or workarounds. Please contact the IT Service Desk at (209) 228-4357 or Report a Problem via for any questions or concerns you may have regarding this information.

If you are planning travel to one of the affected regions above, it is important that you inform the International Students and Scholars office prior to departure.

More about UC Merced's Two Factor Authentication (2FA) service.