diff --git a/app/assets/stylesheets/login.css.scss b/app/assets/stylesheets/login.css.scss
new file mode 100644
index 000000000..d4bc61502
--- /dev/null
+++ b/app/assets/stylesheets/login.css.scss
@@ -0,0 +1,14 @@
+body {
+  padding-top: 40px;
+  padding-bottom: 40px;
+  background-color: #eee;
+}
+
+.form-signin {
+  max-width: 330px;
+  padding: 15px;
+  margin: 0 auto;
+  input {
+    margin-bottom: 10px;
+  }
+}
diff --git a/app/controllers/admin/domains_controller.rb b/app/controllers/admin/domains_controller.rb
index 6ebe73d6e..8fb900539 100644
--- a/app/controllers/admin/domains_controller.rb
+++ b/app/controllers/admin/domains_controller.rb
@@ -1,6 +1,4 @@
 class Admin::DomainsController < ApplicationController
-  load_and_authorize_resource
-
   before_action :set_domain, only: [:show, :edit, :update, :destroy]
   before_action :verify_deletion, only: [:destroy]
 
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index d82fa7d37..c49d86893 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -4,7 +4,7 @@ class ApplicationController < ActionController::Base
   protect_from_forgery with: :exception
 
   def after_sign_in_path_for(resource)
-    if current_user.admin?
+    if resource.admin?
       (session[:user_return_to].nil?) ? admin_root_path : session[:user_return_to].to_s
     else
       (session[:user_return_to].nil?) ? client_root_path : session[:user_return_to].to_s
diff --git a/app/controllers/client_controller.rb b/app/controllers/client_controller.rb
index d45b8f5ad..22b441cdd 100644
--- a/app/controllers/client_controller.rb
+++ b/app/controllers/client_controller.rb
@@ -1,5 +1,3 @@
 class ClientController < ApplicationController
-  def current_user
-    EppUser.last
-  end
+
 end
diff --git a/app/controllers/concerns/shared/common_domain.rb b/app/controllers/concerns/shared/common_domain.rb
index f30c8d385..4a54c68c0 100644
--- a/app/controllers/concerns/shared/common_domain.rb
+++ b/app/controllers/concerns/shared/common_domain.rb
@@ -2,6 +2,7 @@ module Shared::CommonDomain
   extend ActiveSupport::Concern
 
   included do
+    load_and_authorize_resource
     before_action :set_domain, only: [:show, :edit, :update, :destroy]
     before_action :verify_deletion, only: [:destroy]
   end
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index c44cb4b7f..75a87d73a 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -1,7 +1,11 @@
 class SessionsController < Devise::SessionsController
   def create
-    @user = User.find_by(identity_code: '37810013855')
-    sign_in_and_redirect @user, :event => :authentication
+    if Rails.env.development?
+      @user = User.find_by(username: 'gitlab') if params[:gitlab]
+      @user = User.find_by(username: 'zone') if params[:zone]
+      sign_in_and_redirect @user, :event => :authentication
+      return
+    end
   end
 
   def login
diff --git a/app/models/ability.rb b/app/models/ability.rb
index 731fd0794..1074c02cf 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -7,6 +7,7 @@ class Ability
     if user.admin?
       can :manage, Domain
     else
+      can :manage, Domain, registrar_id: user.registrar.id
       can :read, DomainTransfer, transfer_to_id: user.registrar.id
       can :approve_as_client, DomainTransfer, transfer_from_id: user.registrar.id, status: DomainTransfer::PENDING
     end
diff --git a/app/models/registrar.rb b/app/models/registrar.rb
index f70ea537c..910081b7a 100644
--- a/app/models/registrar.rb
+++ b/app/models/registrar.rb
@@ -3,6 +3,7 @@ class Registrar < ActiveRecord::Base
   has_many :domains
   has_many :ns_sets
   has_many :epp_users
+  has_many :users
   has_many :domain_transfers, foreign_key: 'transfer_to_id'
 
   def to_s
diff --git a/app/models/user.rb b/app/models/user.rb
index 8470dc1a2..091281e24 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -7,4 +7,5 @@ class User < ActiveRecord::Base
   # TODO Estonian id validation
 
   belongs_to :role
+  belongs_to :registrar
 end
diff --git a/app/views/layouts/login.haml b/app/views/layouts/login.haml
index 32711051f..3d7409479 100644
--- a/app/views/layouts/login.haml
+++ b/app/views/layouts/login.haml
@@ -1 +1,24 @@
-= button_to 'logi sisse', 'sessions'
+!!!
+%html{:lang => "en"}
+  %head
+    %meta{:charset => "utf-8"}/
+    %meta{:content => "IE=edge", "http-equiv" => "X-UA-Compatible"}/
+    %meta{:content => "width=device-width, initial-scale=1", :name => "viewport"}/
+    %meta{:content => "Full stack top-level domain (TLD) management.", :name => "description"}/
+    %meta{:content => "Gitlab LTD", :name => "author"}/
+    = csrf_meta_tags
+    = stylesheet_link_tag 'application', media: 'all', 'data-turbolinks-track' => true
+    = stylesheet_link_tag 'login', media: 'all', 'data-turbolinks-track' => true
+    %link{:href => "../../favicon.ico", :rel => "icon"}/
+    %title Eesti Interneti SA - Log In
+  %body
+    .container
+      .form-signin
+        %h2.form-signin-heading.text-center Eesti Interneti SA
+        %hr
+        - if Rails.env.development?
+          = button_to 'ID card (gitlab)', 'sessions', class: 'btn btn-lg btn-primary btn-block', name: 'gitlab'
+          = button_to 'ID card (zone)', 'sessions', class: 'btn btn-lg btn-primary btn-block', name: 'zone'
+        -else
+          = button_to 'ID card', 'sessions', class: 'btn btn-lg btn-primary btn-block'
+          = button_to 'Mobile ID', 'sessions', class: 'btn btn-lg btn-primary btn-block'
diff --git a/config/initializers/assets.rb b/config/initializers/assets.rb
new file mode 100644
index 000000000..b6e232a8e
--- /dev/null
+++ b/config/initializers/assets.rb
@@ -0,0 +1 @@
+Rails.application.config.assets.precompile += %w( login.css )
diff --git a/db/migrate/20140925084916_add_admin_to_users.rb b/db/migrate/20140925084916_add_admin_to_users.rb
index 2ddf290ff..e386d33dd 100644
--- a/db/migrate/20140925084916_add_admin_to_users.rb
+++ b/db/migrate/20140925084916_add_admin_to_users.rb
@@ -1,5 +1,5 @@
 class AddAdminToUsers < ActiveRecord::Migration
   def change
-    add_column :users, :admin, :boolean
+    add_column :users, :admin, :boolean, default: false
   end
 end
diff --git a/db/migrate/20140925101927_add_registrar_to_users.rb b/db/migrate/20140925101927_add_registrar_to_users.rb
new file mode 100644
index 000000000..d560efea7
--- /dev/null
+++ b/db/migrate/20140925101927_add_registrar_to_users.rb
@@ -0,0 +1,5 @@
+class AddRegistrarToUsers < ActiveRecord::Migration
+  def change
+    add_column :users, :registrar_id, :integer
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index 1b01d4519..9f31cf2bb 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20140925085340) do
+ActiveRecord::Schema.define(version: 20140925101927) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
@@ -192,13 +192,14 @@ ActiveRecord::Schema.define(version: 20140925085340) do
     t.datetime "created_at"
     t.datetime "updated_at"
     t.string   "email"
-    t.integer  "sign_in_count",      default: 0, null: false
+    t.integer  "sign_in_count",      default: 0,     null: false
     t.datetime "current_sign_in_at"
     t.datetime "last_sign_in_at"
     t.inet     "current_sign_in_ip"
     t.inet     "last_sign_in_ip"
-    t.boolean  "admin"
+    t.boolean  "admin",              default: false
     t.string   "identity_code"
+    t.integer  "registrar_id"
   end
 
 end
diff --git a/db/seeds.rb b/db/seeds.rb
index fed89fc14..7b4c8cb61 100644
--- a/db/seeds.rb
+++ b/db/seeds.rb
@@ -25,3 +25,4 @@ elkdata = Registrar.where(
 EppUser.where(username: 'elkdata', password: '8932iods', active: true, registrar: elkdata).first_or_create
 
 User.where(username: 'gitlab', password: '12345', email: 'enquiries@gitlab.eu', admin: true, identity_code: '37810013855').first_or_create
+User.where(username: 'zone', password: '54321', email: 'info-info@zone.ee', admin: false, identity_code: '37810010085', registrar_id: zone.id).first_or_create
diff --git a/spec/models/registrar_spec.rb b/spec/models/registrar_spec.rb
index 0712b7bd2..893959039 100644
--- a/spec/models/registrar_spec.rb
+++ b/spec/models/registrar_spec.rb
@@ -5,4 +5,5 @@ describe Registrar do
   it { should have_many(:domains) }
   it { should have_many(:ns_sets) }
   it { should have_many(:epp_users) }
+  it { should have_many(:users) }
 end
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index 2f99cf77d..25c1334b3 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -2,4 +2,5 @@ require 'rails_helper'
 
 describe User do
   it { should belong_to(:role) }
+  it { should belong_to(:registrar) }
 end