I’ve create an application with 2 requirements:
- only allow access using OTP with an email address of mine
- Only access from my country (Israel)
I’ve tested access from Israel, and it works. However, when I use a VPN service like Surfshark and accessing the page from other countries, it still shows the access page instead of blocking it.
Screenshot for the policy is enclosed.