diff --git a/app/controllers/admin/sessions_controller.rb b/app/controllers/admin/sessions_controller.rb
index 9048f2251..5dc244398 100644
--- a/app/controllers/admin/sessions_controller.rb
+++ b/app/controllers/admin/sessions_controller.rb
@@ -3,15 +3,25 @@ class Admin::SessionsController < Devise::SessionsController
   layout 'admin/application'
 
   def login
+    @admin_user = AdminUser.new
   end
 
-  # def create
-    # @user = AdminUser.first if params[:user1]
-    # @user = AdminUser.second if params[:user2]
+  def create
+    if params[:admin_user].blank?
+      @admin_user = AdminUser.new
+      flash[:alert] = 'Something went wrong'
+      return render 'login'
+    end
 
-    # return redirect_to :back, alert: 'No user' if @user.blank?
+    @admin_user = AdminUser.find_by(username: params[:admin_user][:username])
+    @admin_user ||= AdminUser.new(username: params[:admin_user][:username])
 
-    # flash[:notice] = I18n.t('welcome')
-    # sign_in_and_redirect @user, event: :authentication
-  # end
+    if @admin_user.valid_password?(params[:admin_user][:password])
+      sign_in @admin_user, event: :authentication
+      redirect_to admin_root_url, notice: I18n.t(:welcome)
+    else
+      flash[:alert] = 'Authorization error'
+      render 'login'
+    end
+  end
 end
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
deleted file mode 100644
index 0f6758f30..000000000
--- a/app/controllers/sessions_controller.rb
+++ /dev/null
@@ -1,17 +0,0 @@
-class SessionsController < Devise::SessionsController
-  skip_authorization_check only: :create
-
-  def create
-    # TODO: Create ID Card login here:
-    # this is just testing config
-    # if Rails.env.development? || Rails.env.test?
-    @user = AdminUser.first if params[:user1]
-    @user = AdminUser.second if params[:user2]
-
-    return redirect_to :back, alert: 'No user' if @user.blank?
-
-    flash[:notice] = I18n.t('welcome')
-    sign_in_and_redirect @user, event: :authentication
-    # end
-  end
-end
diff --git a/app/models/ability.rb b/app/models/ability.rb
index 84be67c3a..3fa44e6b0 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -91,6 +91,7 @@ class Ability
     can :manage, DomainVersion
     can :manage, User
     can :manage, ApiUser
+    can :manage, AdminUser
     can :manage, Certificate
     can :manage, Keyrelay
     can :manage, LegalDocument
diff --git a/app/views/admin/admin_users/_form.haml b/app/views/admin/admin_users/_form.haml
index 84f55285a..8db7583f2 100644
--- a/app/views/admin/admin_users/_form.haml
+++ b/app/views/admin/admin_users/_form.haml
@@ -8,11 +8,18 @@
           = f.label :username
         .col-md-8
           = f.text_field(:username, class: 'form-control')
-      .form-group
-        .col-md-4.control-label
-          = f.label :password
-        .col-md-8
-          = f.text_field(:password, class: 'form-control')
+      - if @admin_user.new_record? || can?(:update, AdminUser)
+        .form-group
+          .col-md-4.control-label
+            = f.label :password
+          .col-md-8
+            = f.text_field(:password, class: 'form-control')
+        .form-group
+          .col-md-4.control-label
+            = f.label :password_confirmation
+          .col-md-8
+            = f.text_field(:password_confirmation, class: 'form-control')
+
       %hr
       .form-group
         .col-md-4.control-label
diff --git a/app/views/admin/sessions/login.haml b/app/views/admin/sessions/login.haml
index 015caac1d..1ecca10ae 100644
--- a/app/views/admin/sessions/login.haml
+++ b/app/views/admin/sessions/login.haml
@@ -1,8 +1,15 @@
-%h2.form-signin-heading.text-center Eesti Interneti SA
-%hr
-.form-signin
-  / TODO: Refactor this when ID card login is done
-  = button_to 'ID card (user1)', admin_sessions_path,
-    class: 'btn btn-lg btn-primary btn-block', name: 'user1'
-  = button_to 'ID card (user2)', admin_sessions_path,
-    class: 'btn btn-lg btn-primary btn-block', name: 'user2'
+.row
+  .form-signin.col-md-6.center-block.text-center
+    %h2.form-signin-heading.text-center Eesti Interneti SA
+    %hr
+    .form-signin
+      = form_for(@admin_user, url: admin_sessions_path, method: :create, html: {class: 'form-signin'}) do |f|
+        = render 'admin/shared/errors', object: f.object
+
+        - error_class = f.object.errors.any? ? 'has-error' : ''
+        %div{class: error_class}
+          = f.text_field :username, class: 'form-control', placeholder: t(:username), required: true
+          = f.password_field :password, class: 'form-control', 
+            autocomplete: 'off', placeholder: t(:password), required: true
+        %button.btn.btn-lg.btn-primary.btn-block{:type => 'submit'}= t(:log_in)
+
diff --git a/app/views/admin/shared/_errors.haml b/app/views/admin/shared/_errors.haml
new file mode 100644
index 000000000..50eb6de12
--- /dev/null
+++ b/app/views/admin/shared/_errors.haml
@@ -0,0 +1,5 @@
+- if object.errors.any?
+  %p.text-danger
+    - object.errors.each do |attr, err|
+      = err
+      %br
diff --git a/app/views/registrar/sessions/login.haml b/app/views/registrar/sessions/login.haml
index 15586a645..8aaf8a01b 100644
--- a/app/views/registrar/sessions/login.haml
+++ b/app/views/registrar/sessions/login.haml
@@ -8,7 +8,8 @@
       - error_class = f.object.errors.any? ? 'has-error' : ''
       %div{class: error_class}
         = f.text_field :tag, class: 'form-control', placeholder: t(:username), required: true
-        = f.password_field :password, class: 'form-control', placeholder: t(:password), required: true
+        = f.password_field :password, class: 'form-control', 
+          autocomplete: 'off', placeholder: t(:password), required: true
 
       %button.btn.btn-lg.btn-primary.btn-block{:type => 'submit'}= t(:log_in)
 
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index 54816bf7a..83a076769 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -131,7 +131,7 @@ Devise.setup do |config|
 
   # ==> Configuration for :rememberable
   # The time the user will be remembered without asking for credentials again.
-  # config.remember_for = 2.weeks
+  config.remember_for = 2.weeks
 
   # Invalidates all the remember me tokens when the user signs out.
   config.expire_all_remember_me_on_sign_out = true
@@ -155,7 +155,7 @@ Devise.setup do |config|
   # ==> Configuration for :timeoutable
   # The time you want to timeout the user session without activity. After this
   # time the user will be asked for credentials again. Default is 30 minutes.
-  # config.timeout_in = 30.minutes
+  config.timeout_in = 8.hours
 
   # If true, expires auth token on session timeout.
   # config.expire_auth_token_on_timeout = false