| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Odoo Apps Dependencies |
Discuss (mail)
|
| Lines of code | 508 |
| Technical Name |
nz_device_restriction |
| License | LGPL-3 |
| Website | https://www.nezam.co |
| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Odoo Apps Dependencies |
Discuss (mail)
|
| Lines of code | 508 |
| Technical Name |
nz_device_restriction |
| License | LGPL-3 |
| Website | https://www.nezam.co |
NZ Solutions Apps for Odoo
Device Restriction - Odoo 19
Restrict and manage user access by device. Register devices on first login, automatically approve the first trusted device, block logins from unknown devices, and let administrators review, approve, or revoke device access. Remote logout and per-device allow/deny controls keep sessions secure and auditable.
Email Us
+20 1550935225
What does this module provide?
This module secures user access by restricting logins to registered devices. On first successful login from a device, the module can automatically register and approve that device. Subsequent logins from unregistered devices are blocked until an administrator or a responsible user approves them. Administrators can review device details, approve or deny devices, toggle allow/deny per device, enforce global policies (allow each device, allow only the first device, or block all devices), and remotely log out users from active sessions. All device events are recorded for audit and troubleshooting.
KEY HIGHLIGHTS
Device registration on first login
Automatically registers and (optionally) approves the first device a user logs in from, simplifying trust establishment for new users.
Block unregistered devices
Prevent logins from unknown devices until they are reviewed and explicitly allowed, reducing account compromise risk.
Approve or reject blocked devices
Review device details for blocked login attempts and approve or deny registration, with clear UI actions to allow immediate access when necessary.
Flexible policy modes
Choose between per-device allow, allow-only-first-device, or block-all policies and switch modes as required by your security policy.
Per-device allow/deny toggles
Toggle each registered device between allowed and denied states from the device management UI, granting fine-grained control.
Remote logout from active devices
Force logout for users across their active devices to immediately revoke access from lost or compromised endpoints.
1) Assign Device Manager Access Group
To allow a user to manage registered devices and access device restriction features, assign the Device Manager security group from the user permissions settings. Administrators already receive this access automatically by default without requiring any manual configuration.
2) Device Restriction Tab
Open the Device Restriction tab to manage registered devices and review recent access attempts. This view is the central place for device controls and policy selection.
3) First Device Auto-Approved and Recorded
When a user logs in for the first time, the module can automatically approve and store that device's details (browser, OS, IP, timestamp), making it the trusted device for that user.
4) Login Blocked From Unregistered Device
If a login attempt is made from a device that is not registered or approved, the system blocks access and shows a clear message indicating the login was prevented.
5) Review & Register Blocked Device
Blocked login attempts are recorded with device metadata and a registration request. Administrators can review the device information and choose to allow the device to register and access the account.
6) Policy Modes and Per-Device Controls
Use the available policy modes to control behavior: allow individual devices, allow only the first registered device and block others, or block all devices. Each registered device can be switched between allow and deny independently.
7) Remote Logout of Active Devices
Administrators can remotely log out a user from any or all registered devices that currently have active sessions, instantly revoking access.
How does the first-device auto-approve work?
When enabled, the module records and approves the first device a user logs in from, marking it as trusted. Later devices will be blocked until reviewed unless the policy allows multiple devices.
What happens when a login is blocked?
The login attempt is rejected and recorded with device metadata. An admin can review the request and choose to permit the device or keep it blocked.
How do I approve a blocked device?
Open the Device Restriction tab, inspect the pending device entry, and click the allow button to register and approve it for the user.
Can I force logout for a user from their devices?
Yes. Administrators can remotely terminate active sessions for any registered device, instantly revoking access.
What policy modes are available?
The module supports per-device allow, allow-only-first-device, and block-all modes. Choose the mode that matches your security requirements.
Who can approve devices?
Users assigned to the Device Restriction Manager security group have the rights to approve, deny, or revoke device registrations and to change global device policies.
Version 19.0.1.0.0
Initial Release- Device registration and metadata capture on login
- Automatic approval option for the first device
- Block logins from unregistered devices and record attempts
- Admin approval workflow for blocked devices
- Global policy modes (per-device, only-first, block-all)
- Per-device allow/deny toggles and remote logout
- Audit logging of device events and approval actions
- Device Restriction Manager security group for access control
- Odoo 19 Community & Enterprise support
Our Services
Please log in to comment on this module