diff --git a/app/models/user.rb b/app/models/user.rb
index 87652c380..13efdf965 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -3,8 +3,9 @@ class User < ApplicationRecord
   attribute :registering_from_web, default: false
 
   devise :database_authenticatable, :registerable, :confirmable, :recoverable, :rememberable,
-         :trackable, :validatable, :omniauthable, :password_expirable, :secure_validatable, :lockable,
+         :trackable, :validatable, :omniauthable, :password_expirable, :secure_validatable,
          authentication_keys: [:login]
+  devise :lockable if Rails.application.config.devise_lockable
 
   acts_as_voter
   acts_as_paranoid column: :hidden_at
diff --git a/config/application.rb b/config/application.rb
index 9a37609a9..636d4552b 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -138,6 +138,9 @@ module Consul
 
     config.paths["app/views"].unshift(Rails.root.join("app", "views", "custom"))
 
+    # Set to true to enable devise user lockable feature
+    config.devise_lockable = Rails.application.secrets.devise_lockable
+
     # Set to true to enable managing different tenants using the same application
     config.multitenancy = Rails.application.secrets.multitenancy
   end
diff --git a/config/environments/test.rb b/config/environments/test.rb
index 5787afca2..530286e6c 100644
--- a/config/environments/test.rb
+++ b/config/environments/test.rb
@@ -81,6 +81,8 @@ Rails.application.configure do
 
   # Allow managing different tenants using the same application
   config.multitenancy = true
+
+  config.devise_lockable = true
 end
 
 require Rails.root.join("config", "environments", "custom", "test")
diff --git a/config/secrets.yml.example b/config/secrets.yml.example
index c2c736321..7edfa57cd 100644
--- a/config/secrets.yml.example
+++ b/config/secrets.yml.example
@@ -18,6 +18,7 @@ http_basic_auth: &http_basic_auth
 development:
   http_basic_username: "dev"
   http_basic_password: "pass"
+  devise_lockable: false
   multitenancy: false
   security:
     last_sign_in: false
@@ -50,6 +51,7 @@ staging:
   errbit_self_hosted_ssl: false
   http_basic_username: ""
   http_basic_password: ""
+  devise_lockable: false
   managers_url: ""
   managers_application_key: ""
   multitenancy: false
@@ -89,6 +91,7 @@ preproduction:
   errbit_self_hosted_ssl: false
   http_basic_username: ""
   http_basic_password: ""
+  devise_lockable: false
   managers_url: ""
   managers_application_key: ""
   multitenancy: false
@@ -133,6 +136,7 @@ production:
   errbit_self_hosted_ssl: false
   http_basic_username: ""
   http_basic_password: ""
+  devise_lockable: false
   managers_url: ""
   managers_application_key: ""
   multitenancy: false