diff --git a/.gitmodules b/.gitmodules
new file mode 100644
index 0000000000000000000000000000000000000000..3c81bb56f1091c1221c36e7b0b9d5c9a7548d68e
--- /dev/null
+++ b/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "user-mgmt-ui"]
+	path = user-mgmt-ui
+	url = https://gitlab.geant.org/gn4-3-wp8-t3.1-soc/soctools-user-mgmt-ui.git
diff --git a/configure.sh b/configure.sh
new file mode 100755
index 0000000000000000000000000000000000000000..474618105ff68bf49353e075fb69a20faffa801f
--- /dev/null
+++ b/configure.sh
@@ -0,0 +1,83 @@
+#!/bin/bash
+set -e
+if [ -f group_vars/all/variables.yml ]; then 
+	echo "Variables file (group_vars/all/variables.yml) is configure manually. please take a look if everything is correct and move to next step"
+	cat group_vars/all/variables.yml
+else 
+	echo "set FQDN which will be used to access the soctools services. (the DNS record should already be in place.)"
+	read -p 'soctoolsproxy: ' soctoolsproxy
+	if [ -z $soctoolsproxy ]; then
+		echo "Error: Empty string for soctoolsproxy! exiting..."
+		exit 1
+	fi
+	echo
+	echo "Organization's top level domain (will be used as organization name and organization domain in different services)"
+	read -p 'domain: ' domain
+        if [ -z $domain ]; then
+                echo "Error: Empty string for domain! exiting..."
+                exit 1
+        fi
+	echo
+	echo
+	echo
+	echo "Please provide following parameters for first socctolls user which will be created during the initialization with organization admin privileges:"
+	echo "firstname - First name of the user"
+	echo "lastname 	- Last name of the user"
+	echo "username 	- Username of the user"
+	echo "DN 	- Distinguished Name of the user, for user certificate"
+	echo "CN 	- Common Name of the user, for user certificate"
+	echo "Email will be generated automatically in Username@Domain format becouse of format restrictions in some services"
+	sleep 10
+	for i in firstname lastname username; do
+		read -p "${i}: " $i
+	      	if [ -z $i ]; then
+                	echo "Error: Empty string for ${i}! exiting..."
+                	exit 1
+        	fi
+	done
+	read -p "Enter CN for Certificate [${firstname}${lastname}]: " CN
+	CN=${CN:-${firstname}${lastname}}
+	DN=${CN}
+	echo
+	echo
+	echo
+	sleep 2
+	echo "Please check the gethered variables and type 'yes' if everything is correct: "
+	echo "soctoolsproxy: 	$soctoolsproxy"
+	echo "domain: 		$domain"
+	echo "firstname: 	$firstname"
+	echo "lastname: 	$lastname"
+	echo "username: 	$username"
+	echo "DN: 		$DN"
+	echo "CN:		$CN"
+	echo
+	echo
+	sleep 10
+	read -p "Correct? type 'yes' or 'no': " ANSWER
+	if [ $ANSWER = "yes" ]; then
+		if ! [ -f group_vars/all/variables.template ]; then
+			echo "template file(group_vars/all/variables.template) does not exists! exiting ..."
+			exit 1
+		else
+			cp -f group_vars/all/variables.template group_vars/all/variables.yml
+			sed -i "s/CHANGE_ME_TO_FQDN/${soctoolsproxy}/g" group_vars/all/variables.yml
+			sed -i "s/soctools.test/${domain}/g" group_vars/all/variables.yml
+			sed -i "11s/soc_admin/${firstname}/" group_vars/all/variables.yml
+			sed -i "12s/SOC/${lastname}/" group_vars/all/variables.yml
+			sed -i "13s/soc_admin/${username}/" group_vars/all/variables.yml
+			sed -i "14s/soc_admin/${username}/" group_vars/all/variables.yml
+			sed -i "15s/SOC_Admin/${DN}/" group_vars/all/variables.yml
+			sed -i "16s/SOC_Admin/${CN}/" group_vars/all/variables.yml
+			sed -i "26s/soc_admin/${username}/" group_vars/all/variables.yml
+			echo
+			echo
+			echo "variables file generated (group_vars/all/variables.yml)"
+			sleep 2
+			echo "move to next command to deploy the soctools cluster."
+			echo 'Thank You!'
+		fi
+	else
+		echo "Exiting based of user input ..."
+		exit 0
+	fi
+fi
diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml
index 3405aa99a37f3b76bf074406b3f7a4419751f478..4886a323f4cd1ec80cb2c0644f7333442d370386 100644
--- a/group_vars/all/main.yml
+++ b/group_vars/all/main.yml
@@ -1,13 +1,12 @@
 ---
 
-soctoolsproxy: "CHANGE_ME_TO_FQDN"
-
 maxmind_key: ""
 
 docker_build_dir: "{{playbook_dir}}/build"
 
 soctools_netname: "soctoolsnet"
 soctools_network: "172.22.0.0/16"
+soctools_network_gw: "172.22.0.1"
 
 repo: soctools
 version: 7
@@ -15,6 +14,12 @@ suffix: a20201004
 
 kibana_plugins_version: "v0.7"
 
+THEHIVE_KIBANA_USER:
+  username: "kibana"
+  name: "Kibana"
+  surname: "User"
+  roles: '["read", "write"]'
+
 haproxy_name: "soctools-haproxy"
 haproxy_version: "2.2"
 haproxy_img: "{{repo}}/haproxy:{{version}}{{suffix}}"
diff --git a/group_vars/all/users.yml b/group_vars/all/users.yml
deleted file mode 100644
index d4108e11b723c7bf5e75435888aed3d03525a23a..0000000000000000000000000000000000000000
--- a/group_vars/all/users.yml
+++ /dev/null
@@ -1,33 +0,0 @@
----
-
-domain: "soctools.test"
-
-soctools_users:
-  - firstname: "User1"
-    lastname: "SOC"
-    username: "user1"
-    email: "user1@{{domain}}"
-    DN: "CN=User1Soctools"
-    CN: "User1Soctools"
-  - firstname: "User2"
-    lastname: "SOC"
-    username: "user2"
-    email: "user2@{{domain}}"
-    DN: "CN=User2Soctools"
-    CN: "User2Soctools"
-
-# Minimum one user is required
-ODFE_ADMIN_USERS:
-  - user1
-
-THEHIVE_KIBANA_USER:
-  username: "kibana"
-  name: "Kibana"
-  surname: "User"
-  roles: '["read", "write"]'
-
-# Special account for user management GUI, configured as admin user in some of the tools
-USER_MGMT_ADMIN_USER:
-  username: "soctools-user-mgmt"
-  DN: "CN=soctools-user-mgmt"
-  CN: "soctools-user-mgmt"
\ No newline at end of file
diff --git a/group_vars/all/variables.template b/group_vars/all/variables.template
new file mode 100644
index 0000000000000000000000000000000000000000..ed0178a7249d1afc7c1f64af3ab87c9c5b164a18
--- /dev/null
+++ b/group_vars/all/variables.template
@@ -0,0 +1,28 @@
+---
+
+# set FQDN which will be used to access the soctools services. (the DNS record should already be in place.)
+soctoolsproxy: "CHANGE_ME_TO_FQDN"
+
+# Organization's top level domain (will be used as organization name and organization domain in different services)
+domain: "soctools.test"
+
+#List of users which will be created during the initialization with organization admin privileges
+soctools_users:
+  - firstname: "soc_admin"
+    lastname: "SOC"
+    username: "soc_admin"
+    email: "soc_admin@{{domain}}"
+    DN: "CN=SOC_Admin"
+    CN: "SOC_Admin"
+#  - firstname: "soc_admin_2"
+#    lastname: "SOC"
+#    username: "soc_admin_2"
+#    email: "soc_admin_2@{{domain}}"
+#    DN: "CN=SOC_Admin_2"
+#    CN: "SOC_Admin_2"
+    
+# list of users(username) from previous step which will recive admin roles in ODFE. (Minimum one user is required)
+ODFE_ADMIN_USERS:
+  - soc_admin
+#  -   soc_admin_2
+
diff --git a/roles/docker/tasks/haproxy.yml b/roles/docker/tasks/haproxy.yml
index 5fb181e93d2ca094431d4d7e7b5a1835d52c2533..4eca955c135b997404dd48027ccde47a76ad1bc2 100644
--- a/roles/docker/tasks/haproxy.yml
+++ b/roles/docker/tasks/haproxy.yml
@@ -10,6 +10,7 @@
     networks_cli_compatible: yes
     published_ports:
       - "443:443"
+      - "5443:5443"
       - "8888:8888"
       - "8443:8443"
       - "9443:9443"
diff --git a/roles/haproxy/templates/haproxy.cfg.j2 b/roles/haproxy/templates/haproxy.cfg.j2
index 86ee05bfc6fef364b734bea561560f412271ed36..3166247724fe2b6a0a23d58f0b38460e80ed5f76 100644
--- a/roles/haproxy/templates/haproxy.cfg.j2
+++ b/roles/haproxy/templates/haproxy.cfg.j2
@@ -86,6 +86,17 @@ listen cortexserv
 	server {{cortexhost}} {{cortexhost}}:9001 check verify none
 {% endfor %}
 
+listen user-mgmt-ui
+        bind *:5443 ssl crt /etc/ssl/haproxy alpn h2,http/1.1
+        mode http
+        maxconn 5000
+        fullconn 5000
+        balance source
+        option tcpka
+        option forwardfor
+        option httplog
+        server soctools_server {{ soctools_network_gw }}:8050
+
 {% for port in range(50, 60) %}
 listen nifiservtcp77{{port}}
 	bind *:77{{port}}
diff --git a/roles/soctools-server/tasks/main.yml b/roles/soctools-server/tasks/main.yml
index 61507d66af74b30c48a6abd2a5a087467ce2cf9e..da0b59fa2d342f1b006ca592ae663b87be7be2a8 100644
--- a/roles/soctools-server/tasks/main.yml
+++ b/roles/soctools-server/tasks/main.yml
@@ -13,13 +13,36 @@
   when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
 - name: Install required packages
   yum:
-    name: ["docker-ce","docker-ce-cli","containerd.io","python-pip","unzip","firewalld","python-docker-py"]
+    name: ["docker-ce","docker-ce-cli","containerd.io","python-pip","unzip","firewalld","python-docker-py","python36"]
     state: latest
     validate_certs: no
   when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
 - name: Install pip packages
   pip:
     name: ["pexpect==3.3"]
+
+- name: create venv for user-mgmt-ui
+  shell: 'python3 -m venv venv'
+  args:
+    chdir: '{{playbook_dir}}/user-mgmt-ui'
+    warn: no
+
+- name: install venv packages for user-mgmt-ui
+  shell: './venv/bin/python3 -m pip install -r requirements.txt'
+  args:
+    chdir: '{{playbook_dir}}/user-mgmt-ui'
+    warn: no
+
+- name: create systemd service file for user-mgmt-ui
+  template: src=user-mgmt-ui.service.j2 dest=/etc/systemd/system/user-mgmt-ui.service mode=644
+
+- name: enable and start user-mgmt-ui service
+  systemd:
+    state: restarted
+    daemon_reload: yes
+    name: user-mgmt-ui
+    enabled: yes
+
 - name: Set sysctl parameters
   sysctl:
     name: "{{item.key}}"
diff --git a/roles/soctools-server/templates/user-mgmt-ui.service.j2 b/roles/soctools-server/templates/user-mgmt-ui.service.j2
new file mode 100644
index 0000000000000000000000000000000000000000..dde0c4ee833baa507fb60b2d4a7a0becbe395765
--- /dev/null
+++ b/roles/soctools-server/templates/user-mgmt-ui.service.j2
@@ -0,0 +1,14 @@
+[Unit]
+Description=user-mgmt-ui service
+Requires=network.target
+After=syslog.target network.target
+
+[Service]
+Type=simple
+ExecStart={{playbook_dir}}/user-mgmt-ui/venv/bin/gunicorn --workers=2 --bind 0.0.0.0:8050 main:app
+User=root
+KillMode=process
+WorkingDirectory={{playbook_dir}}/user-mgmt-ui
+
+[Install]
+WantedBy=multi-user.target