diff --git a/apps/authentication/signals_handlers.py b/apps/authentication/signals_handlers.py
index 461ddbb99..dc6bf5e27 100644
--- a/apps/authentication/signals_handlers.py
+++ b/apps/authentication/signals_handlers.py
@@ -1,3 +1,8 @@
+from importlib import import_module
+
+from django.conf import settings
+from django.contrib.auth import user_logged_in
+from django.core.cache import cache
 from django.dispatch import receiver
 
 from jms_oidc_rp.signals import openid_user_login_failed, openid_user_login_success
@@ -5,6 +10,17 @@ from jms_oidc_rp.signals import openid_user_login_failed, openid_user_login_succ
 from .signals import post_auth_success, post_auth_failed
 
 
+@receiver(user_logged_in)
+def on_user_auth_login_success(sender, user, request, **kwargs):
+    if settings.USER_LOGIN_SINGLE_MACHINE_ENABLED:
+        user_id = 'single_machine_login_' + str(user.id)
+        session_key = cache.get(user_id)
+        if session_key and session_key != request.session.session_key:
+            session = import_module(settings.SESSION_ENGINE).SessionStore(session_key)
+            session.delete()
+        cache.set(user_id, request.session.session_key, None)
+
+
 @receiver(openid_user_login_success)
 def on_oidc_user_login_success(sender, request, user, **kwargs):
     post_auth_success.send(sender, user=user, request=request)
diff --git a/apps/jumpserver/conf.py b/apps/jumpserver/conf.py
index dcbf439da..0e186726e 100644
--- a/apps/jumpserver/conf.py
+++ b/apps/jumpserver/conf.py
@@ -266,7 +266,8 @@ class Config(dict):
         'ORG_CHANGE_TO_URL': '',
         'LANGUAGE_CODE': 'zh',
         'TIME_ZONE': 'Asia/Shanghai',
-        'CHANGE_AUTH_PLAN_SECURE_MODE_ENABLED': True
+        'CHANGE_AUTH_PLAN_SECURE_MODE_ENABLED': True,
+        'USER_LOGIN_SINGLE_MACHINE_ENABLED': False
     }
 
     def compatible_auth_openid_of_key(self):
diff --git a/apps/jumpserver/settings/custom.py b/apps/jumpserver/settings/custom.py
index b691d3ce5..5149c3d9c 100644
--- a/apps/jumpserver/settings/custom.py
+++ b/apps/jumpserver/settings/custom.py
@@ -70,6 +70,9 @@ FLOWER_URL = CONFIG.FLOWER_URL
 # Enable internal period task
 PERIOD_TASK_ENABLED = CONFIG.PERIOD_TASK_ENABLED
 
+# only allow single machine login with the same account
+USER_LOGIN_SINGLE_MACHINE_ENABLED = CONFIG.USER_LOGIN_SINGLE_MACHINE_ENABLED
+
 # Email custom content
 EMAIL_SUBJECT_PREFIX = DYNAMIC.EMAIL_SUBJECT_PREFIX
 EMAIL_SUFFIX = DYNAMIC.EMAIL_SUFFIX
diff --git a/config_example.yml b/config_example.yml
index fd8710c78..f23b5c7e5 100644
--- a/config_example.yml
+++ b/config_example.yml
@@ -116,7 +116,10 @@ REDIS_PORT: 6379
 
 # Perm show single asset to ungrouped node
 # 是否把未授权节点资产放入到 未分组 节点中
-# PERM_SINGLE_ASSET_TO_UNGROUP_NODE: false
+# PERM_SINGLE_ASSET_TO_UNGROUP_NODE: False
+#
+# 同一账号仅允许在一台设备登录
+# USER_LOGIN_SINGLE_MACHINE_ENABLED: False
 #
 # 启用定时任务
 # PERIOD_TASK_ENABLE: True