Login & Access Security

This module is well suited for enterprise portals, CRMs, HR systems, finance platforms, and regulated Drupal applications where access control and session oversight are critical. When combined with Identity and Access Security elements like SSO and MFA; it will transform into a full fledged enterprise Access Gateway solution within Drupal, something similar to what we have already done for one of our customers.

Download Key Features Documentation

Key Features Documentation

Schedule a call with expert

Our Trusted Customers

See All Customers →

Access Security, Before and After Login

Control who gets in. Control what they do. Complete Control, Zero Compromise.

Access Control during Login

Control how, when, and from where users can access your system with added security and flexibility.

Activity Control after Login

Manage, monitor, and audit user sessions with automatic logout on inactivity or after a fixed duration.

Advanced Login & Access Security

Login Audit & Brute Force Protection

Track failed login attempts at both user and IP levels to prevent unauthorized access. Admins can set attempt limits and automatically block users or IPs when thresholds are exceeded.
IP-Based Restriction & Network-Level Protection

Block malicious IP addresses manually or automatically, including individual IPs and IP ranges. Active sessions can be terminated if unusual changes in IP address or geographic location are detected.
Geofencing (Location-Based Access Control)

Restrict or allow access to the Drupal site based on specific countries or geographic locations. The system can also trigger a forced logout when a location change is detected.
Session Management, Monitoring & Auditing

Control user sessions by setting session lifetimes, limiting concurrent sessions, and managing active sessions. Admins can monitor login activity (IP, device, browser, timestamp) and export logs in CSV format for auditing.

Additional Security Controls

Honeypot Bot Detection

Detect and block automated bots using honeypot techniques that identify non-human behaviour during login attempts. This adds an extra security layer without affecting legitimate users.
Automatic Logout

Automatically log out users after a period of inactivity or after a fixed session duration. This ensures sessions do not remain active longer than the configured limit.
IP Whitelisting / Blacklisting

Allow trusted IPs through whitelisting to ensure secure access for internal networks or partners. Block suspicious or unwanted IPs using blacklisting to prevent unauthorized access.
Time-Based Access Control

Grant user or role-based access for a specific time period. Once the configured duration expires, access is automatically revoked to protect sensitive environments.

Drupal Login Security with Layered Protection

Security checks to govern pre-login security - Defines who can log in, from where, from which device, and under what conditions.

Security checks to govern users activity, post login - Control user sessions, Limit their activity, define auto-logout and zero-trust policies.

The module combines user access control, session management, IP restriction, adaptive login security, and real-time monitoring into a single solution.

Benefits - It helps prevent unauthorized access, session abuse, brute-force attacks, and suspicious login behavior, making it ideal for enterprise and security-sensitive Drupal applications.

Pricing Plans for Everyone

Transparent, Simple Pricing

Contact Us at

drupalsupport@xecurify.com

COMMUNITY

$0/Year

Limit the number of simultaneous sessions per user
Allows users to check their session history
Set inactivity time after which the user will be auto logout will be triggered
Set response time for users on auto Logout confirmation screen

PREMIUM

3 Step Process to Setup Drupal Session Management Module

Step 01

Download and Install

Download and install the Drupal Session Management module from the Drupal marketplace.

Step 02

Enable Session Limiting

Enable the Session Limiting checkbox and enter the Session Limit Count.

Step 03

Session Monitor Configuration

Enable the Display all sessions registered by the user under the user profile checkbox to show all sessions in the user profile.

Popular Usecase

Explore real-world use cases of the Drupal SAML SP Module to implement secure and seamless Single Sign-On (SSO).

Drupal Login and Session Control

This case study explores how a non-profit healthcare organization, with a massive interconnected ecosystem was struggling to sustainably protect their cyberspace. This was primarily with respect to user logins, auditing and controlling access to sensitive information. And since their entire ecosystem was split into multiple systems, a unified login and monitoring system was just the thing that the doctor prescribed.

Know More→

Secure Drupal site with Drupal Session Management Module

This video will walk you through the key features of the Session Management module for Drupal. It will help you efficiently manage and secure your Drupal site by setting rules to restrict user sessions. Prevent unauthorized access, and gain full control over user sessions with this powerful Drupal security solution. Perfect for site admins looking to enhance security and manage user access effectively.

Learn more

Frequently Asked Questions

Module Inquiries

Does miniOrange store any user data?

miniOrange does not transfer any data out of your systems or store any Personal Identifiable Information (PII). All the modules are completely on premise. All the data remains within your premises / server. Only for the Drupal 2FA module - We need to store the user's email address. For Risk Based Authentication, information such as device type, location, IP address, and time are necessary to identify the user and give access based on the risk.

Does miniorange provide developer license for paid module?

We do not provide the developer license for our paid module and the source code is protected. It is strictly prohibited to make any changes in the code without having written permission from miniOrange. There are hooks provided in the module which can be used by the developers to extend the module's functionality.

Does miniOrange offer technical support?

Yes, we provide 24*7 support for all and any issues you might face while using the module, which includes technical support from our developers. You can get prioritized support based on the Support Plan you have opted for. You can check out the different Support Plans here.

How to activate the Premium Module on my Drupal Site?

Once you complete the payment, go to the miniOrange Dashboard to download your premium module or followthe Composer installation steps.
To activate the paid module, go to the Registration /Login tab and login with your miniOrange account for which you have purchased a license.
Once you are logged in, it will ask you to enter your license key. Go to miniOrange Dashboard → License → View License Key to get your license key.

How can I free up my license Key?

You can remove the license key from the module by clicking on the Remove Account button from the Register/Login tab of the module.