User Cabinet & Authentication

Secure Access Control for Your Organization

Comprehensive user management and authentication system providing enterprise-grade security with multi-factor authentication, role-based access control, and advanced session management. Protect your organization with modern security practices and granular permission controls.

Media content

Key Benefits

Multi-Factor Authentication

Enhance account security with MFA support including TOTP, SMS, and email verification. Protect against unauthorized access and credential theft.

Role-Based Access Control

Implement granular permissions with RBAC. Create custom roles, assign permissions, and control what users can see and do throughout the platform.

Advanced Security

Password policies, session management, brute-force protection, account lockout, and comprehensive audit logging keep your system secure.

User Self-Service

Empower users with self-service capabilities: password reset, profile management, security settings, and activity monitoring.

Features & Capabilities

Authentication & Security

  • Multi-factor authentication (TOTP, SMS, Email)
  • Password complexity requirements and policies
  • Account lockout after failed login attempts
  • Brute-force attack protection
  • Session timeout and concurrent session control
  • IP-based access restrictions
  • Password expiration and history
  • Security questions for account recovery

User Management

  • User registration and approval workflows
  • Bulk user import/export (CSV, Excel)
  • User profile management with custom fields
  • Department and organization hierarchy
  • User status management (active, inactive, locked)
  • Email verification and activation
  • User search and filtering

Roles & Permissions

  • Role-based access control (RBAC)
  • Create custom roles with specific permissions
  • Permission groups for easier management
  • Module-level and feature-level permissions
  • Permission inheritance and delegation
  • Dynamic permission checks
  • Role templates for common scenarios

Session Management

  • Active session monitoring and management
  • Force logout from all devices
  • Session history and activity log
  • Device fingerprinting and recognition
  • Suspicious activity detection
  • Geographic location tracking
  • Concurrent session limits

Audit & Compliance

  • Comprehensive audit logs for all actions
  • User activity timeline
  • Login history with IP and location
  • Permission change tracking
  • Failed login attempt monitoring
  • GDPR compliance features (data export, deletion)
  • Compliance reporting and analytics

Integration & API

  • LDAP/Active Directory integration
  • OAuth 2.0 and OpenID Connect support
  • SAML 2.0 for enterprise SSO
  • REST API for user management

Use Cases

Enterprise User Management

Manage thousands of users across departments with hierarchical organization structure, bulk operations, and automated workflows. Integrate with existing LDAP/AD infrastructure for seamless user provisioning.

Secure Authentication for Critical Systems

Implement MFA for privileged accounts, enforce strong password policies, and monitor suspicious login activities. Protect sensitive data with advanced authentication mechanisms.

Compliance Requirements (GDPR, SOX, HIPAA)

Meet regulatory requirements with comprehensive audit logs, user consent management, data retention policies, and automated compliance reporting. Provide users with data access and deletion capabilities.

Self-Service Portal

Reduce help desk load by allowing users to manage their own profiles, reset passwords, configure MFA, and monitor their account activity. Empower users while maintaining security.

Third-Party Integration

Enable single sign-on (SSO) with external applications using OAuth/SAML. Allow partners and contractors secure access to specific modules without creating separate accounts.

Security Incident Response

Quickly respond to security incidents by reviewing user activity logs, forcing password changes, locking compromised accounts, and terminating active sessions across all devices.

Technical Details

Architecture

Built on Django's authentication framework (User, Group) with custom models: CabinetUser (profile, company, department, position), CabinetGroup, Department (MPTT), Position, UserSession, UserActivity, AccessOptions. User data in project database; email sent via MailAccount. GeoIP (GeoLite2) for session location.

Security

Django password hashing (PBKDF2 by default). Password rules: minimum length, upper/lowercase, digits (PCI-DSS style). CSRF, XSS and SQL injection protection. Optional reCAPTCHA v3 and math captcha on login and password reset. Account lockout after failed attempts. Security headers and input validation.

Scalability

Standard Django scaling. Site statistics and activity logs with pagination.

Customization

Profile fields (company, department, position, phone, avatar, employment dates). Group-based AccessOptions (users, groups, org structure, site statistics) with company scope. Configurable bot protection and reCAPTCHA in SiteSettings. Multilingual group/department/position names.

Frequently Asked Questions

What MFA methods are supported?

The platform supports multiple MFA methods: TOTP (Time-based One-Time Password) using apps like Google Authenticator or Authy, SMS verification codes, and email verification. Administrators can configure which methods are available and make MFA mandatory for specific roles.

Can we integrate with our existing LDAP/Active Directory?

Yes! The platform provides native LDAP/Active Directory integration. You can configure LDAP servers, map LDAP attributes to user fields, and enable automatic user synchronization. Users can authenticate using their existing corporate credentials.

How do password policies work?

Administrators can configure comprehensive password policies including minimum length, complexity requirements (uppercase, lowercase, numbers, special characters), password history (prevent reuse), expiration periods, and account lockout after failed attempts.

Is the platform GDPR compliant?

Yes, the platform includes GDPR compliance features: user consent management, data access requests, right to be forgotten (data deletion), data portability (export), audit logs for data access, and privacy policy acknowledgment.

Can users manage their own accounts?

Yes, users have access to a self-service portal where they can update their profiles, change passwords, configure MFA.

Related Modules

Access Management

Security Awareness Training

Security Operations Center

Ready to Get Started?

Explore this module and enhance your organization's security posture