In Settings > Global Login Controls, you can choose to enable or disable additional security features that restrict login attempts based on their geographic location or the time of day.
The actual restrictions (e.g. specify that users can only log in from UK or USA, or within regular business hours) are set on a per Organizational Unit basis within the Administrate > Security section of CloudM Manage.
Enabling Location Restriction allows you to set a whitelist of which country or countries a user can login from for each Organizational Unit (or they can be inherited from the Root Organizational Unit). See the IP Range / Country Restriction and Behavior article for more detail.
Enabling Time Restriction allows you to configure the time periods when users of an Organizational Unit can login via SSO and access CloudM Manage. When the time period expires, users will be logged out. See the Access Time article for more detail.