diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm
index 2f5ee043a..d987d55ae 100644
--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm
@@ -28,6 +28,7 @@ sub defaultValues {
         'casAccessControlPolicy'        => 'none',
         'casAuthnLevel'                 => 1,
         'checkTime'                     => 600,
+        'checkUser'                     => 1,
         'checkXSS'                      => 1,
         'confirmFormMethod'             => 'post',
         'cookieName'                    => 'lemonldap',
diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
index 9e08efa2d..5599a514b 100644
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
@@ -767,6 +767,10 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
             'default' => 600,
             'type'    => 'int'
         },
+        'checkUser' => {
+            'default' => 1,
+            'type'    => 'bool'
+        },
         'checkXSS' => {
             'default' => 1,
             'type'    => 'bool'
diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
index 32c6329e1..ce6d63cc1 100644
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
@@ -578,6 +578,12 @@ sub attributes {
             documentation => 'Enable Cross Domain Authentication',
             flags         => 'hp',
         },
+        checkUser => {
+            default       => 1,
+            type          => 'bool',
+            documentation => 'Enable Check user',
+            flags         => 'p',
+        },
         checkXSS => {
             default       => 1,
             type          => 'bool',
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugins.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugins.pm
index 802d2601c..571ec9da5 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugins.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugins.pm
@@ -25,6 +25,7 @@ our @pList = (
     autoSigninRules            => '::Plugins::AutoSignin',
     checkState                 => '::Plugins::CheckState',
     portalForceAuthn           => '::Plugins::ForceAuthn',
+    checkUser                  => '::Plugins::CheckUser',
 );
 
 ##@method list enabledPlugins
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm
new file mode 100644
index 000000000..abe0ca321
--- /dev/null
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm
@@ -0,0 +1,111 @@
+package Lemonldap::NG::Portal::Plugins::CheckUser;
+
+use Data::Dumper;
+use strict;
+use Mouse;
+use Lemonldap::NG::Portal::Main::Constants qw(
+    PE_CONFIRM
+    PE_OK
+    PE_TOKENEXPIRED
+    PE_USERNOTFOUND
+);
+
+our $VERSION = '2.0.3';
+
+extends 'Lemonldap::NG::Portal::Main::Plugin';
+
+# INITIALIZATION
+
+has ott => (
+    is      => 'rw',
+    lazy    => 1,
+    default => sub {
+        my $ott = $_[0]->{p}
+            ->loadModule('Lemonldap::NG::Portal::Lib::OneTimeToken');
+        $ott->timeout( $_[0]->{conf}->{formTimeout} );
+        return $ott;
+    }
+);
+
+sub init {
+    my ($self) = @_;
+    $self->addAuthRoute( checkuser => 'check', [ 'GET', 'POST' ] );
+    return 1;
+}
+
+# RUNNING METHOD
+
+sub check {
+    my ( $self, $req ) = @_;
+    my $hdrs  = my $attrs = {};
+    my $auth  = 0;
+    my $msg   = 'checkUser';
+
+    ## Check user attributes
+    # Use submitted attribute if exists
+    $req->{user} = $req->param('user') if ( $req->param('user') );
+    $attrs = $self->_attributes($req);
+
+    if ( $req->error ) {
+        $msg   = 'PE' . $req->{error};
+        $attrs = {};
+    }
+
+    # Check if user is allowed to access submitted URL and compute headers
+    if ( $req->param('url') ) {
+
+        # Return VirtualHost headers
+        $hdrs = $self->_headers($req);
+
+        # User is allowed ?
+        $auth = $self->_authorized($req);
+    }
+
+    # Display form
+    return $self->p->sendHtml(
+        $req,
+        'checkuser',
+        params => {
+            MAIN_LOGO  => $self->conf->{portalMainLogo},
+            LANGS      => $self->conf->{showLanguages},
+            MSG        => $msg,
+            HEADERS    => %$hdrs,
+            ATTRIBUTES => %$attrs,
+            ALLOWED    => $auth,
+            PORTAL     => $self->conf->{portal},
+        }
+    );
+}
+
+sub _attributes {
+    my ( $self, $req ) = @_;
+
+    # Search user in database
+    $req->steps(
+        [   'getUser',                  'setSessionInfo',
+            'setMacros',                'setGroups',
+            'setPersistentSessionInfo', 'setLocalGroups'
+        ]
+    );
+    if ( my $error = $self->p->process($req) ) {
+        if ( $error == PE_USERNOTFOUND ) {
+            $self->userLogger->warn( "Check asked for an unvalid user ("
+                    . $req->param('user')
+                    . ")" );
+        }
+        return $req->error($error);
+    }
+    return $req->{sessionInfo};
+}
+
+sub _headers {
+    my ( $self, $req ) = @_;
+    return {};
+}
+
+sub _authorized {
+    my ( $self, $req ) = @_;
+    return 1;
+}
+
+1;
diff --git a/lemonldap-ng-portal/site/templates/bootstrap/checkuser.tpl b/lemonldap-ng-portal/site/templates/bootstrap/checkuser.tpl
new file mode 100644
index 000000000..75252a4df
--- /dev/null
+++ b/lemonldap-ng-portal/site/templates/bootstrap/checkuser.tpl
@@ -0,0 +1,36 @@
+<TMPL_INCLUDE NAME="header.tpl">
+
+<div id="errorcontent" class="container">
+<div class="message message-positive alert"><span trspan="<TMPL_VAR NAME="MSG">"></span></div>
+
+<form id="checkuser" action="/checkuser" method="post" class="password" role="form">
+  <!--
+  <input type="hidden" name="confirm" value="<TMPL_VAR NAME="CONFIRMKEY">">
+  <input type="hidden" name="url" value="<TMPL_VAR NAME="URL">">
+  -->
+  <div class="input-group mb-3">
+    <div class="input-group-prepend">
+      <span class="input-group-text"><i class="fa fa-user"></i> </span>
+    </div>
+    <input name="user" type="text" class="form-control" value="<TMPL_VAR NAME="LOGIN">" trplaceholder="user" aria-required="true"/>
+  </div>
+  <div class="input-group mb-3">
+    <div class="input-group-prepend">
+      <span class="input-group-text"><i class="fa fa-link"></i> </span>
+    </div>
+    <input name="url" type="text" class="form-control" trplaceholder="URL" aria-required="true"/>
+  </div>
+  <div class="buttons">
+    <button type="submit" class="btn btn-success">
+      <span class="fa fa-sign-in"></span>
+      <span trspan="checkUser">Check user</span>
+    </button>
+    <a href="<TMPL_VAR NAME="PORTAL_URL">" class="btn btn-primary" role="button">
+      <span class="fa fa-home"></span>
+      <span trspan="goToPortal">Go to portal</span>
+    </a>
+  </div>
+</form>
+</div>
+
+<TMPL_INCLUDE NAME="footer.tpl">