diff --git a/crm/api/demo.py b/crm/api/demo.py
new file mode 100644
index 000000000..ad081dee6
--- /dev/null
+++ b/crm/api/demo.py
@@ -0,0 +1,36 @@
+import frappe
+from frappe import _
+from frappe.auth import LoginManager
+
+
+@frappe.whitelist(allow_guest=True)
+def login_demo():
+	if not frappe.conf.demo_username or not frappe.conf.demo_password:
+		return
+	frappe.local.response["redirect_to"] = "/crm"
+	login_manager = LoginManager()
+	login_manager.authenticate(frappe.conf.demo_username, frappe.conf.demo_password)
+	login_manager.post_login()
+	frappe.local.response["type"] = "redirect"
+	frappe.local.response["location"] = frappe.local.response["redirect_to"]
+
+
+def validate_reset_password(user):
+	if frappe.conf.demo_username and frappe.session.user == frappe.conf.demo_username:
+		frappe.throw(
+			_("Password cannot be reset by Demo User {}").format(
+				frappe.bold(frappe.conf.demo_username)
+			),
+			frappe.PermissionError,
+		)
+
+
+def validate_user(doc, event):
+	if frappe.conf.demo_username and frappe.session.user == frappe.conf.demo_username and doc.new_password:
+		frappe.throw(
+			_("Password cannot be reset by Demo User {}").format(
+				frappe.bold(frappe.conf.demo_username)
+			),
+			frappe.PermissionError,
+		)
+
diff --git a/crm/hooks.py b/crm/hooks.py
index 286eee4d4..e8e7a906f 100644
--- a/crm/hooks.py
+++ b/crm/hooks.py
@@ -132,6 +132,7 @@
 override_doctype_class = {
 	"Contact": "crm.overrides.contact.CustomContact",
 	"Email Template": "crm.overrides.email_template.CustomEmailTemplate",
+	"User": "crm.overrides.user.CustomUser",
 }
 
 # Document Events
@@ -156,6 +157,9 @@
 	"CRM Deal": {
 		"on_update": ["crm.fcrm.doctype.erpnext_crm_settings.erpnext_crm_settings.create_customer_in_erpnext"],
 	},
+	"User": {
+		"before_validate": ["crm.api.demo.validate_user"],
+	}
 }
 
 # Scheduled Tasks
diff --git a/crm/overrides/user.py b/crm/overrides/user.py
new file mode 100644
index 000000000..d938825c2
--- /dev/null
+++ b/crm/overrides/user.py
@@ -0,0 +1,10 @@
+# import frappe
+from frappe import _
+from frappe.core.doctype.user.user import User
+from crm.api.demo import validate_reset_password
+
+
+class CustomUser(User):
+	def validate_reset_password(self):
+		# restrict demo user to reset password
+		validate_reset_password(self)