diff --git a/config/env/dev.env.example b/config/env/dev.env.example
index 4b40294b..b8e195cf 100644
--- a/config/env/dev.env.example
+++ b/config/env/dev.env.example
@@ -31,6 +31,9 @@ SQL_PORT=5432
 # SQL_SSL_MODE=require
 
 LOGIN_REDIRECT_URL=
+CORS_ALLOWED_ORIGINS=http://localhost:3000
+# Domain used by Djoser for activation and password reset email links (should be the frontend URL)
+FRONTEND_DOMAIN=localhost:3000
 OPENAI_API_KEY=
 ANTHROPIC_API_KEY=
 PINECONE_API_KEY=
diff --git a/frontend/src/api/apiClient.ts b/frontend/src/api/apiClient.ts
index 856f78a9..545ce5d4 100644
--- a/frontend/src/api/apiClient.ts
+++ b/frontend/src/api/apiClient.ts
@@ -4,6 +4,7 @@ import { Conversation } from "../components/Header/Chat";
 import {
   V1_API_ENDPOINTS,
   CONVERSATION_ENDPOINTS,
+  AUTH_ENDPOINTS,
   endpoints,
 } from "./endpoints";
 
@@ -31,6 +32,70 @@ adminApi.interceptors.request.use(
   (error) => Promise.reject(error),
 );
 
+// Response interceptor to handle token refresh on 401
+let isRefreshing = false;
+let failedQueue: { resolve: (value: unknown) => void; reject: (reason?: unknown) => void }[] = [];
+
+const processQueue = (error: unknown, token: string | null = null) => {
+  failedQueue.forEach((prom) => {
+    if (error) {
+      prom.reject(error);
+    } else {
+      prom.resolve(token);
+    }
+  });
+  failedQueue = [];
+};
+
+adminApi.interceptors.response.use(
+  (response) => response,
+  async (error) => {
+    const originalRequest = error.config;
+
+    if (error.response?.status === 401 && !originalRequest._retry) {
+      if (isRefreshing) {
+        return new Promise((resolve, reject) => {
+          failedQueue.push({ resolve, reject });
+        }).then((token) => {
+          originalRequest.headers.Authorization = `JWT ${token}`;
+          return adminApi(originalRequest);
+        }).catch((err) => Promise.reject(err));
+      }
+
+      originalRequest._retry = true;
+      isRefreshing = true;
+
+      const refreshToken = localStorage.getItem("refresh");
+
+      if (!refreshToken) {
+        localStorage.removeItem("access");
+        localStorage.removeItem("refresh");
+        window.location.href = "/login";
+        return Promise.reject(error);
+      }
+
+      try {
+        const response = await axios.post(AUTH_ENDPOINTS.JWT_REFRESH, { refresh: refreshToken });
+        const newAccessToken = response.data.access;
+        localStorage.setItem("access", newAccessToken);
+        processQueue(null, newAccessToken);
+        originalRequest.headers.Authorization = `JWT ${newAccessToken}`;
+        return adminApi(originalRequest);
+      } catch (refreshError) {
+        processQueue(refreshError, null);
+        localStorage.removeItem("access");
+        localStorage.removeItem("refresh");
+        window.location.href = "/login";
+        return Promise.reject(refreshError);
+      } finally {
+        isRefreshing = false;
+      }
+    }
+
+    return Promise.reject(error);
+  },
+);
+
 const handleSubmitFeedback = async (
   feedbackType: FormValues["feedbackType"],
   name: FormValues["name"],
diff --git a/frontend/src/api/endpoints.ts b/frontend/src/api/endpoints.ts
index 3f8585f0..8e43a239 100644
--- a/frontend/src/api/endpoints.ts
+++ b/frontend/src/api/endpoints.ts
@@ -19,6 +19,10 @@ export const AUTH_ENDPOINTS = {
   USER_ME: `${API_BASE}/auth/users/me/`,
   RESET_PASSWORD: `${API_BASE}/auth/users/reset_password/`,
   RESET_PASSWORD_CONFIRM: `${API_BASE}/auth/users/reset_password_confirm/`,
+  USERS_CREATE: `${API_BASE}/auth/users/`,
+  USERS_ACTIVATION: `${API_BASE}/auth/users/activation/`,
+  USERS_RESEND_ACTIVATION: `${API_BASE}/auth/users/resend_activation/`,
+  JWT_REFRESH: `${API_BASE}/auth/jwt/refresh/`,
 } as const;
 
 /**
diff --git a/frontend/src/components/Header/Header.tsx b/frontend/src/components/Header/Header.tsx
index c2fe3cfc..488920d8 100644
--- a/frontend/src/components/Header/Header.tsx
+++ b/frontend/src/components/Header/Header.tsx
@@ -207,7 +207,14 @@ const Header: React.FC<LoginFormProps> = ({ isAuthenticated, isSuperuser }) => {
           Balancer
         </span>
         <Chat showChat={showChat} setShowChat={setShowChat} />
-        {isAuthenticated && authLinks()}
+        {isAuthenticated ? authLinks() : (
+          <Link
+            to="/login"
+            className="font-satoshi flex cursor-pointer items-center text-black hover:text-blue-600"
+          >
+            Log In
+          </Link>
+        )}
       </div>
       <MdNavBar handleForm={handleForm} isAuthenticated={isAuthenticated} />
     </header>
diff --git a/frontend/src/components/Header/MdNavBar.tsx b/frontend/src/components/Header/MdNavBar.tsx
index ccd06fcd..550b74d2 100644
--- a/frontend/src/components/Header/MdNavBar.tsx
+++ b/frontend/src/components/Header/MdNavBar.tsx
@@ -127,15 +127,25 @@ const MdNavBar = (props: LoginFormProps) => {
                           Support Development
                         </a>
                     </li>
-                    {isAuthenticated &&
+                    {isAuthenticated ? (
                       <li className="border-b border-gray-300 p-4">
                         <Link
-                              to="/logout"
-                              className="mr-9 text-black hover:border-b-2 hover:border-blue-600 hover:text-black hover:no-underline"
-                          >Sign Out
+                          to="/logout"
+                          className="mr-9 text-black hover:border-b-2 hover:border-blue-600 hover:text-black hover:no-underline"
+                        >
+                          Sign Out
+                        </Link>
+                      </li>
+                    ) : (
+                      <li className="border-b border-gray-300 p-4">
+                        <Link
+                          to="/login"
+                          className="mr-9 text-black hover:border-b-2 hover:border-blue-600 hover:text-black hover:no-underline"
+                        >
+                          Log In
                         </Link>
                       </li>
-                    }
+                    )}
                 </ul>
             </div>
             <Chat showChat={showChat} setShowChat={setShowChat}/>
diff --git a/frontend/src/components/ProtectedRoute/AdminRoute.tsx b/frontend/src/components/ProtectedRoute/AdminRoute.tsx
new file mode 100644
index 00000000..61195cb8
--- /dev/null
+++ b/frontend/src/components/ProtectedRoute/AdminRoute.tsx
@@ -0,0 +1,38 @@
+import { ReactNode, useEffect } from 'react';
+import { Navigate, useLocation } from 'react-router-dom';
+import { useSelector, useDispatch } from 'react-redux';
+import { RootState } from '../../services/actions/types';
+import { AppDispatch, checkAuthenticated } from '../../services/actions/auth';
+import Spinner from '../LoadingSpinner/LoadingSpinner';
+
+interface AdminRouteProps {
+  children: ReactNode;
+}
+
+const AdminRoute = ({ children }: AdminRouteProps) => {
+  const location = useLocation();
+  const dispatch = useDispatch<AppDispatch>();
+  const { isAuthenticated, isSuperuser } = useSelector((state: RootState) => state.auth);
+
+  useEffect(() => {
+    if (isAuthenticated === null) {
+      dispatch(checkAuthenticated());
+    }
+  }, [dispatch, isAuthenticated]);
+
+  if (isAuthenticated === null) {
+    return <Spinner />;
+  }
+
+  if (!isAuthenticated) {
+    return <Navigate to="/login" replace state={{ from: location }} />;
+  }
+
+  if (!isSuperuser) {
+    return <Navigate to="/" replace />;
+  }
+
+  return children;
+};
+
+export default AdminRoute;
diff --git a/frontend/src/pages/Activate/Activate.tsx b/frontend/src/pages/Activate/Activate.tsx
new file mode 100644
index 00000000..391ec04b
--- /dev/null
+++ b/frontend/src/pages/Activate/Activate.tsx
@@ -0,0 +1,76 @@
+import { useEffect, useState } from "react";
+import { useParams, Link } from "react-router-dom";
+import { useDispatch } from "react-redux";
+import { verify, AppDispatch } from "../../services/actions/auth";
+import Layout from "../Layout/Layout";
+import Spinner from "../../components/LoadingSpinner/LoadingSpinner";
+
+const Activate = () => {
+  const { uid, token } = useParams<{ uid: string; token: string }>();
+  const dispatch = useDispatch<AppDispatch>();
+  const [status, setStatus] = useState<"loading" | "success" | "error">("loading");
+
+  useEffect(() => {
+    if (!uid || !token) {
+      setStatus("error");
+      return;
+    }
+
+    (async () => {
+      try {
+        await dispatch(verify(uid, token));
+        setStatus("success");
+      } catch {
+        setStatus("error");
+      }
+    })();
+  }, [dispatch, uid, token]);
+
+  if (status === "loading") {
+    return (
+      <Layout>
+        <Spinner />
+      </Layout>
+    );
+  }
+
+  if (status === "error") {
+    return (
+      <Layout>
+        <section className="mx-auto mt-24 w-[20rem] md:mt-48 md:w-[32rem] text-center">
+          <div className="mb-4 rounded-md bg-white px-3 pb-12 pt-6 shadow-md ring-1 md:px-12">
+            <h2 className="blue_gradient mb-4 font-satoshi text-3xl font-bold text-gray-600">
+              Activation failed
+            </h2>
+            <p className="text-gray-600 mb-6">
+              This activation link is invalid or has already been used. Please register again or request a new activation email.
+            </p>
+            <Link to="/register" className="btnBlue w-full text-lg text-center block">
+              Back to register
+            </Link>
+          </div>
+        </section>
+      </Layout>
+    );
+  }
+
+  return (
+    <Layout>
+      <section className="mx-auto mt-24 w-[20rem] md:mt-48 md:w-[32rem] text-center">
+        <div className="mb-4 rounded-md bg-white px-3 pb-12 pt-6 shadow-md ring-1 md:px-12">
+          <h2 className="blue_gradient mb-4 font-satoshi text-3xl font-bold text-gray-600">
+            Email verified
+          </h2>
+          <p className="text-gray-600 mb-6">
+            Your account has been activated. You can now log in.
+          </p>
+          <Link to="/login" className="btnBlue w-full text-lg text-center block">
+            Continue to log in
+          </Link>
+        </div>
+      </section>
+    </Layout>
+  );
+};
+
+export default Activate;
diff --git a/frontend/src/pages/Login/LoginForm.tsx b/frontend/src/pages/Login/LoginForm.tsx
index d0d08184..1d27aac5 100644
--- a/frontend/src/pages/Login/LoginForm.tsx
+++ b/frontend/src/pages/Login/LoginForm.tsx
@@ -6,7 +6,6 @@ import { RootState } from "../../services/actions/types";
 import { useState, useEffect } from "react";
 import ErrorMessage from "../../components/ErrorMessage";
 import LoadingSpinner from "../../components/LoadingSpinner/LoadingSpinner";
-import { FaExclamationTriangle } from "react-icons/fa";
 
 interface LoginFormProps {
   isAuthenticated: boolean | null;
@@ -60,19 +59,9 @@ function LoginForm({ isAuthenticated, loginError }: LoginFormProps) {
           className="mb-4 rounded-md  bg-white px-3 pb-12 pt-6 shadow-md ring-1 md:px-12"
         >
           <div className="flex flex-col items-center justify-center">
-            {/* {errorMessage && <div className="text-red-500">{errorMessage}</div>} */}
             <h2 className="blue_gradient mb-6 font-satoshi text-3xl font-bold text-gray-600">
-              Welcome
+              Log in
             </h2>
-
-            <blockquote className="p-4 mb-4 border-s-4 border-yellow-500 bg-amber-50 flex gap-5 items-center">
-                <div className="mb-2 text-yellow-500">
-                  <FaExclamationTriangle size={24} />
-                </div>
-                <div>
-                  <p className="text-gray-800">This login is for Code for Philly administrators. Providers can use all site features without logging in. <Link to="/" className="underline hover:text-blue-600 hover:no-underline" style={{ 'whiteSpace': 'nowrap' }}>Return to Homepage</Link></p>
-                </div>
-            </blockquote>
           </div>
           <ErrorMessage errors={errors} />
           <div className="mb-4 mt-5">
@@ -113,18 +102,17 @@ function LoginForm({ isAuthenticated, loginError }: LoginFormProps) {
               Sign In
             </button>
           </div>
+          <div className="mt-4 flex justify-between text-sm">
+            <Link to="/register" className="text-blue-600 hover:underline">
+              Don't have an account? Sign up
+            </Link>
+            <Link to="/resetPassword" className="text-blue-600 hover:underline">
+              Forgot password?
+            </Link>
+          </div>
         </form>
       </section>
-      { loading &&  <LoadingSpinner /> }
-
-      {/* <p>
-        Don't have an account?{" "}
-        <Link to="/register" className="font-bold hover:text-blue-600">
-          {" "}
-          Register here
-        </Link>
-        .
-      </p> */}
+      { loading && <LoadingSpinner /> }
     </>
   );
 }
diff --git a/frontend/src/pages/Login/ResetPassword.tsx b/frontend/src/pages/Login/ResetPassword.tsx
index 61345aa8..34ffc44b 100644
--- a/frontend/src/pages/Login/ResetPassword.tsx
+++ b/frontend/src/pages/Login/ResetPassword.tsx
@@ -1,9 +1,11 @@
 import { useFormik } from "formik";
-import { useNavigate } from "react-router-dom";
+import { useNavigate, Link } from "react-router-dom";
 import { reset_password, AppDispatch } from "../../services/actions/auth";
 import { connect, useDispatch } from "react-redux";
 import { RootState } from "../../services/actions/types";
 import { useEffect, useState } from "react";
+import axios from "axios";
+import { AUTH_ENDPOINTS } from "../../api/endpoints";
 import Layout from "../Layout/Layout";
 
 interface ResetPasswordProps {
@@ -14,6 +16,8 @@ function ResetPassword(props: ResetPasswordProps) {
   const { isAuthenticated } = props;
   const dispatch = useDispatch<AppDispatch>();
   const [requestSent, setRequestSent] = useState(false);
+  const [submittedEmail, setSubmittedEmail] = useState("");
+  const [resendStatus, setResendStatus] = useState<"idle" | "sent" | "error">("idle");
 
   const navigate = useNavigate();
 
@@ -29,49 +33,86 @@ function ResetPassword(props: ResetPasswordProps) {
     },
     onSubmit: (values) => {
       dispatch(reset_password(values.email));
+      setSubmittedEmail(values.email);
       setRequestSent(true);
     },
   });
 
+  const handleResend = async () => {
+    try {
+      await axios.post(AUTH_ENDPOINTS.RESET_PASSWORD, { email: submittedEmail });
+      setResendStatus("sent");
+    } catch {
+      setResendStatus("error");
+    }
+  };
+
   if (requestSent) {
-    navigate("/");
-  }
-  return (
-    <>
+    return (
       <Layout>
-        <section className="mx-auto mt-36 w-full max-w-xs">
-          <h2 className="blue_gradient mb-6 font-satoshi text-xl font-bold text-gray-600">
-            Reset Password
-          </h2>
-          <form
-            onSubmit={handleSubmit}
-            className="mb-4 rounded bg-white px-8 pb-8 pt-6 shadow-md"
-          >
-            <div className="mb-4">
-              <label
-                htmlFor="email"
-                className="mb-2 block text-sm font-bold text-gray-700"
-              >
-                Email
-              </label>
-              <input
-                id="login-email"
-                name="email"
-                type="email"
-                onChange={handleChange}
-                value={values.email}
-                className="focus:shadow-outline w-full appearance-none rounded border px-3 py-2 leading-tight text-gray-700 shadow focus:outline-none"
-              />
-            </div>
-            <div className="flex items-center justify-between">
-              <button className="black_btn" type="submit">
-                Reset Password
+        <section className="mx-auto mt-24 w-[20rem] md:mt-48 md:w-[32rem] text-center">
+          <div className="mb-4 rounded-md bg-white px-3 pb-12 pt-6 shadow-md ring-1 md:px-12">
+            <h2 className="blue_gradient mb-4 font-satoshi text-3xl font-bold text-gray-600">
+              Check your email
+            </h2>
+            <p className="text-gray-600 mb-6">
+              If an account exists for <strong>{submittedEmail}</strong>, you'll receive a password reset link shortly.
+            </p>
+            <div className="flex flex-col gap-3">
+              <Link to="/login" className="btnBlue w-full text-lg text-center block">
+                Back to log in
+              </Link>
+              <button onClick={handleResend} className="text-sm text-blue-600 hover:underline" type="button">
+                {resendStatus === "sent"
+                  ? "Email resent!"
+                  : resendStatus === "error"
+                  ? "Failed to resend. Try again."
+                  : "Resend email"}
               </button>
             </div>
-          </form>
+          </div>
         </section>
       </Layout>
-    </>
+    );
+  }
+
+  return (
+    <Layout>
+      <section className="mx-auto mt-24 w-[20rem] md:mt-48 md:w-[32rem]">
+        <form
+          onSubmit={handleSubmit}
+          className="mb-4 rounded-md bg-white px-3 pb-12 pt-6 shadow-md ring-1 md:px-12"
+        >
+          <h2 className="blue_gradient mb-6 font-satoshi text-3xl font-bold text-gray-600 text-center">
+            Reset password
+          </h2>
+          <div className="mb-4">
+            <label
+              htmlFor="email"
+              className="mb-2 block text-lg font-bold text-gray-700"
+            >
+              Email
+            </label>
+            <input
+              id="login-email"
+              name="email"
+              type="email"
+              onChange={handleChange}
+              value={values.email}
+              className="focus:shadow-outline w-full appearance-none rounded border px-3 py-3 leading-tight text-gray-700 shadow focus:outline-none"
+            />
+          </div>
+          <button className="btnBlue w-full text-lg" type="submit">
+            Send reset link
+          </button>
+          <div className="mt-4 text-center">
+            <Link to="/login" className="text-sm text-blue-600 hover:underline">
+              Back to log in
+            </Link>
+          </div>
+        </form>
+      </section>
+    </Layout>
   );
 }
 
@@ -79,8 +120,5 @@ const mapStateToProps = (state: RootState) => ({
   isAuthenticated: state.auth.isAuthenticated,
 });
 
-// Assign the connected component to a named constant
 const ConnectedResetPassword = connect(mapStateToProps)(ResetPassword);
-
-// Export the named constant
 export default ConnectedResetPassword;
diff --git a/frontend/src/pages/Login/ResetPasswordConfirm.tsx b/frontend/src/pages/Login/ResetPasswordConfirm.tsx
index 533669bb..80f36a63 100644
--- a/frontend/src/pages/Login/ResetPasswordConfirm.tsx
+++ b/frontend/src/pages/Login/ResetPasswordConfirm.tsx
@@ -1,5 +1,5 @@
 import { useFormik } from "formik";
-import { useNavigate, useParams } from "react-router-dom";
+import { useNavigate, useParams, Link } from "react-router-dom";
 import {
   reset_password_confirm,
   AppDispatch,
@@ -17,7 +17,8 @@ const ResetPasswordConfirm: React.FC<ResetPasswordConfirmProps> = ({
   isAuthenticated,
 }) => {
   const dispatch = useDispatch<AppDispatch>();
-  const [requestSent, setRequestSent] = useState(false);
+  const [success, setSuccess] = useState(false);
+  const [error, setError] = useState<string | null>(null);
   const { uid, token } = useParams<{ uid: string; token: string }>();
 
   const navigate = useNavigate();
@@ -33,66 +34,94 @@ const ResetPasswordConfirm: React.FC<ResetPasswordConfirmProps> = ({
       new_password: "",
       re_new_password: "",
     },
-    onSubmit: (values) => {
-      dispatch(
-        reset_password_confirm(
-          uid!,
-          token!,
-          values.new_password,
-          values.re_new_password
-        )
-      );
-      setRequestSent(true);
+    onSubmit: async (values, { setSubmitting }) => {
+      try {
+        await dispatch(
+          reset_password_confirm(
+            uid!,
+            token!,
+            values.new_password,
+            values.re_new_password
+          )
+        );
+        setSuccess(true);
+      } catch {
+        setError("This reset link is invalid or has expired. Please request a new one.");
+      } finally {
+        setSubmitting(false);
+      }
     },
   });
 
-  if (requestSent) {
-    navigate("/");
-  }
-  return (
-    <>
+  if (success) {
+    return (
       <Layout>
-        <section className="mx-auto mt-36 w-full max-w-xs">
-          <h2 className="blue_gradient mb-6 font-satoshi text-xl font-bold text-gray-600">
-            Reset Password
-          </h2>
-          <form
-            onSubmit={handleSubmit}
-            className="mb-4 rounded bg-white px-8 pb-8 pt-6 shadow-md"
-          >
-            <div className="mb-4">
-              <label
-                htmlFor="email"
-                className="mb-2 block text-sm font-bold text-gray-700"
-              >
-                Password
-              </label>
-              <input
-                id="new_password"
-                name="new_password"
-                type="password"
-                onChange={handleChange}
-                value={values.new_password}
-                className="focus:shadow-outline w-full appearance-none rounded border px-3 py-2 leading-tight text-gray-700 shadow focus:outline-none"
-              />
-              <input
-                id="re_new_password"
-                name="re_new_password"
-                type="password"
-                onChange={handleChange}
-                value={values.re_new_password}
-                className="focus:shadow-outline w-full appearance-none rounded border px-3 py-2 leading-tight text-gray-700 shadow focus:outline-none"
-              />
-            </div>
-            <div className="flex items-center justify-between">
-              <button className="black_btn" type="submit">
-                Reset Password
-              </button>
-            </div>
-          </form>
+        <section className="mx-auto mt-24 w-[20rem] md:mt-48 md:w-[32rem] text-center">
+          <div className="mb-4 rounded-md bg-white px-3 pb-12 pt-6 shadow-md ring-1 md:px-12">
+            <h2 className="blue_gradient mb-4 font-satoshi text-3xl font-bold text-gray-600">
+              Password updated
+            </h2>
+            <p className="text-gray-600 mb-6">
+              Your password has been reset. You can now log in with your new password.
+            </p>
+            <Link to="/login" className="btnBlue w-full text-lg text-center block">
+              Log in now
+            </Link>
+          </div>
         </section>
       </Layout>
-    </>
+    );
+  }
+
+  return (
+    <Layout>
+      <section className="mx-auto mt-24 w-[20rem] md:mt-48 md:w-[32rem]">
+        <form
+          onSubmit={handleSubmit}
+          className="mb-4 rounded-md bg-white px-3 pb-12 pt-6 shadow-md ring-1 md:px-12"
+        >
+          <h2 className="blue_gradient mb-6 font-satoshi text-3xl font-bold text-gray-600 text-center">
+            Set new password
+          </h2>
+          {error && <p className="text-red-500 text-sm mb-4">{error}</p>}
+          <div className="mb-4">
+            <label
+              htmlFor="new_password"
+              className="mb-2 block text-lg font-bold text-gray-700"
+            >
+              New password
+            </label>
+            <input
+              id="new_password"
+              name="new_password"
+              type="password"
+              onChange={handleChange}
+              value={values.new_password}
+              className="focus:shadow-outline w-full appearance-none rounded border px-3 py-3 leading-tight text-gray-700 shadow focus:outline-none"
+            />
+          </div>
+          <div className="mb-6">
+            <label
+              htmlFor="re_new_password"
+              className="mb-2 block text-lg font-bold text-gray-700"
+            >
+              Confirm new password
+            </label>
+            <input
+              id="re_new_password"
+              name="re_new_password"
+              type="password"
+              onChange={handleChange}
+              value={values.re_new_password}
+              className="focus:shadow-outline w-full appearance-none rounded border px-3 py-3 leading-tight text-gray-700 shadow focus:outline-none"
+            />
+          </div>
+          <button className="btnBlue w-full text-lg" type="submit">
+            Set new password
+          </button>
+        </form>
+      </section>
+    </Layout>
   );
 };
 
@@ -100,9 +129,5 @@ const mapStateToProps = (state: RootState) => ({
   isAuthenticated: state.auth.isAuthenticated,
 });
 
-// Assign the connected component to a named constant
-const ConnectedResetPasswordConfirm =
-  connect(mapStateToProps)(ResetPasswordConfirm);
-
-// Export the named constant
+const ConnectedResetPasswordConfirm = connect(mapStateToProps)(ResetPasswordConfirm);
 export default ConnectedResetPasswordConfirm;
diff --git a/frontend/src/pages/Register/RegistrationForm.tsx b/frontend/src/pages/Register/RegistrationForm.tsx
index c1745b3d..8134c521 100644
--- a/frontend/src/pages/Register/RegistrationForm.tsx
+++ b/frontend/src/pages/Register/RegistrationForm.tsx
@@ -1,71 +1,211 @@
 import { useFormik } from "formik";
+import * as Yup from "yup";
 import { Link } from "react-router-dom";
+import { useDispatch, useSelector } from "react-redux";
+import { signup, AppDispatch } from "../../services/actions/auth";
+import { RootState } from "../../services/actions/types";
+import { useState } from "react";
+import axios from "axios";
+import { AUTH_ENDPOINTS } from "../../api/endpoints";
+
+const validationSchema = Yup.object({
+  first_name: Yup.string().required("First name is required"),
+  last_name: Yup.string().required("Last name is required"),
+  email: Yup.string().email("Enter a valid email").required("Email is required"),
+  password: Yup.string()
+    .min(8, "Password must be at least 8 characters")
+    .required("Password is required"),
+  re_password: Yup.string()
+    .oneOf([Yup.ref("password")], "Passwords must match")
+    .required("Please confirm your password"),
+});
+
+const RegistrationForm = () => {
+  const dispatch = useDispatch<AppDispatch>();
+  const signupError = useSelector((state: RootState) => state.auth.error);
+  const [submitted, setSubmitted] = useState(false);
+  const [submittedEmail, setSubmittedEmail] = useState("");
+  const [resendStatus, setResendStatus] = useState<"idle" | "sent" | "error">("idle");
+
+  const { handleSubmit, handleChange, handleBlur, values, errors, touched, isSubmitting } =
+    useFormik({
+      initialValues: {
+        first_name: "",
+        last_name: "",
+        email: "",
+        password: "",
+        re_password: "",
+      },
+      validationSchema,
+      onSubmit: async (values, { setSubmitting }) => {
+        try {
+          await dispatch(signup(values.first_name, values.last_name, values.email, values.password, values.re_password));
+          setSubmittedEmail(values.email);
+          setSubmitted(true);
+        } catch {
+          // error is stored in Redux state and displayed via signupError
+        } finally {
+          setSubmitting(false);
+        }
+      },
+    });
+
+  const handleResend = async () => {
+    try {
+      await axios.post(AUTH_ENDPOINTS.USERS_RESEND_ACTIVATION, { email: submittedEmail });
+      setResendStatus("sent");
+    } catch {
+      setResendStatus("error");
+    }
+  };
+
+  if (submitted) {
+    return (
+      <section className="mx-auto mt-24 w-[20rem] md:mt-48 md:w-[32rem]">
+        <div className="mb-4 rounded-md bg-white px-3 pb-12 pt-6 shadow-md ring-1 md:px-12 text-center">
+          <h2 className="blue_gradient mb-4 font-satoshi text-3xl font-bold text-gray-600">
+            Check your email
+          </h2>
+          <p className="text-gray-600 mb-6">
+            We sent an activation link to <strong>{submittedEmail}</strong>. Click the link to activate your account.
+          </p>
+          <div className="flex flex-col gap-3">
+            <Link to="/login" className="btnBlue w-full text-lg text-center">
+              Go to log in
+            </Link>
+            <button onClick={handleResend} className="text-sm text-blue-600 hover:underline" type="button">
+              {resendStatus === "sent"
+                ? "Email resent!"
+                : resendStatus === "error"
+                ? "Failed to resend. Try again."
+                : "Resend email"}
+            </button>
+          </div>
+        </div>
+      </section>
+    );
+  }
 
-const LoginForm = () => {
-  const { handleSubmit, handleChange, values } = useFormik({
-    initialValues: {
-      email: "",
-      password: "",
-    },
-    onSubmit: (values) => {
-      console.log("values", values);
-      // make registration post request here.
-    },
-  });
   return (
-    <>
-      <section className="mt-12 mx-auto w-full max-w-xs">
-        <h2 className="font-satoshi font-bold text-gray-600 text-xl blue_gradient mb-6">
-          Register
+    <section className="mx-auto mt-24 w-[20rem] md:mt-48 md:w-[32rem]">
+      <form
+        onSubmit={handleSubmit}
+        className="mb-4 rounded-md bg-white px-3 pb-12 pt-6 shadow-md ring-1 md:px-12"
+      >
+        <h2 className="blue_gradient mb-6 font-satoshi text-3xl font-bold text-gray-600 text-center">
+          Create account
         </h2>
-        <form
-          onSubmit={handleSubmit}
-          className="bg-white shadow-md rounded px-8 pt-6 pb-8 mb-4">
-          <div className="mb-4">
-            <label
-              htmlFor="email"
-              className="block text-gray-700 text-sm font-bold mb-2">
-              Email
-            </label>
-            <input
-              id="email"
-              name="email"
-              type="email"
-              onChange={handleChange}
-              value={values.email}
-              className="shadow appearance-none border rounded w-full py-2 px-3 text-gray-700 leading-tight focus:outline-none focus:shadow-outline"
-            />
-          </div>
-          <div className="mb-6">
-            <label
-              htmlFor="email"
-              className="block text-gray-700 text-sm font-bold mb-2">
-              Password
-            </label>
-            <input
-              id="password"
-              name="password"
-              type="password"
-              onChange={handleChange}
-              value={values.password}
-              className="shadow appearance-none border rounded w-full py-2 px-3 text-gray-700 leading-tight focus:outline-none focus:shadow-outline"
-            />
-          </div>
 
-          <button className="black_btn ml-auto block" type="submit">
-            Register
-          </button>
-        </form>
-      </section>
-      <p>
+        {signupError && (
+          <p className="text-red-500 text-sm mb-4">{signupError}</p>
+        )}
+
+        <div className="mb-4">
+          <label htmlFor="first_name" className="mb-2 block text-lg font-bold text-gray-700">
+            First name
+          </label>
+          <input
+            id="first_name"
+            name="first_name"
+            type="text"
+            onChange={handleChange}
+            onBlur={handleBlur}
+            value={values.first_name}
+            className="focus:shadow-outline w-full appearance-none rounded border px-3 py-3 leading-tight text-gray-700 shadow focus:outline-none"
+          />
+          {touched.first_name && errors.first_name && (
+            <p className="text-red-500 text-sm mt-1">{errors.first_name}</p>
+          )}
+        </div>
+
+        <div className="mb-4">
+          <label htmlFor="last_name" className="mb-2 block text-lg font-bold text-gray-700">
+            Last name
+          </label>
+          <input
+            id="last_name"
+            name="last_name"
+            type="text"
+            onChange={handleChange}
+            onBlur={handleBlur}
+            value={values.last_name}
+            className="focus:shadow-outline w-full appearance-none rounded border px-3 py-3 leading-tight text-gray-700 shadow focus:outline-none"
+          />
+          {touched.last_name && errors.last_name && (
+            <p className="text-red-500 text-sm mt-1">{errors.last_name}</p>
+          )}
+        </div>
+
+        <div className="mb-4">
+          <label htmlFor="email" className="mb-2 block text-lg font-bold text-gray-700">
+            Email
+          </label>
+          <input
+            id="email"
+            name="email"
+            type="email"
+            onChange={handleChange}
+            onBlur={handleBlur}
+            value={values.email}
+            className="focus:shadow-outline w-full appearance-none rounded border px-3 py-3 leading-tight text-gray-700 shadow focus:outline-none"
+          />
+          {touched.email && errors.email && (
+            <p className="text-red-500 text-sm mt-1">{errors.email}</p>
+          )}
+        </div>
+
+        <div className="mb-4">
+          <label htmlFor="password" className="mb-2 block text-lg font-bold text-gray-700">
+            Password
+          </label>
+          <input
+            id="password"
+            name="password"
+            type="password"
+            onChange={handleChange}
+            onBlur={handleBlur}
+            value={values.password}
+            className="focus:shadow-outline w-full appearance-none rounded border px-3 py-3 leading-tight text-gray-700 shadow focus:outline-none"
+          />
+          {touched.password && errors.password && (
+            <p className="text-red-500 text-sm mt-1">{errors.password}</p>
+          )}
+        </div>
+
+        <div className="mb-6">
+          <label htmlFor="re_password" className="mb-2 block text-lg font-bold text-gray-700">
+            Confirm password
+          </label>
+          <input
+            id="re_password"
+            name="re_password"
+            type="password"
+            onChange={handleChange}
+            onBlur={handleBlur}
+            value={values.re_password}
+            className="focus:shadow-outline w-full appearance-none rounded border px-3 py-3 leading-tight text-gray-700 shadow focus:outline-none"
+          />
+          {touched.re_password && errors.re_password && (
+            <p className="text-red-500 text-sm mt-1">{errors.re_password}</p>
+          )}
+        </div>
+
+        <button
+          className="btnBlue w-full text-lg"
+          type="submit"
+          disabled={isSubmitting}
+        >
+          {isSubmitting ? "Creating account..." : "Create account"}
+        </button>
+      </form>
+      <p className="text-center">
         Already have an account?{" "}
         <Link to="/login" className="font-bold hover:text-blue-600">
-          {" "}
-          Login here.
+          Log in
         </Link>
       </p>
-    </>
+    </section>
   );
 };
 
-export default LoginForm;
+export default RegistrationForm;
diff --git a/frontend/src/routes/routes.tsx b/frontend/src/routes/routes.tsx
index dc974e85..b94cb64f 100644
--- a/frontend/src/routes/routes.tsx
+++ b/frontend/src/routes/routes.tsx
@@ -19,6 +19,8 @@ import ListofFiles from "../pages/Files/ListOfFiles.tsx";
 import RulesManager from "../pages/RulesManager/RulesManager.tsx";
 import ManageMeds from "../pages/ManageMeds/ManageMeds.tsx";
 import ProtectedRoute from "../components/ProtectedRoute/ProtectedRoute.tsx";
+import AdminRoute from "../components/ProtectedRoute/AdminRoute.tsx";
+import Activate from "../pages/Activate/Activate.tsx";
 
 const routes = [
   {
@@ -28,17 +30,17 @@ const routes = [
   },
   {
     path: "listoffiles",
-    element: <ProtectedRoute><ListofFiles /></ProtectedRoute>,
+    element: <AdminRoute><ListofFiles /></AdminRoute>,
     errorElement: <RouteError />,
   },
   {
     path: "rulesmanager",
-    element: <ProtectedRoute><RulesManager /></ProtectedRoute>,
+    element: <AdminRoute><RulesManager /></AdminRoute>,
     errorElement: <RouteError />,
   },
   {
     path: "uploadfile",
-    element: <ProtectedRoute><UploadFile /></ProtectedRoute>,
+    element: <AdminRoute><UploadFile /></AdminRoute>,
   },
   {
     path: "drugSummary",
@@ -48,6 +50,10 @@ const routes = [
     path: "register",
     element: <RegistrationForm />,
   },
+  {
+    path: "activate/:uid/:token",
+    element: <Activate />,
+  },
   {
     path: "login",
     element: <LoginForm />,
@@ -86,11 +92,11 @@ const routes = [
   },
   {
     path: "adminportal",
-    element: <ProtectedRoute><AdminPortal /></ProtectedRoute>,
+    element: <AdminRoute><AdminPortal /></AdminRoute>,
   },
   {
     path: "Settings",
-    element: <ProtectedRoute><Settings /></ProtectedRoute>,
+    element: <AdminRoute><Settings /></AdminRoute>,
   },
   {
     path: "medications",
@@ -98,7 +104,7 @@ const routes = [
   },
   {
     path: "managemeds",
-    element: <ProtectedRoute><ManageMeds /></ProtectedRoute>,
+    element: <AdminRoute><ManageMeds /></AdminRoute>,
   },
 ];
 
diff --git a/frontend/src/services/actions/auth.tsx b/frontend/src/services/actions/auth.tsx
index a6a30ff3..43c95fd7 100644
--- a/frontend/src/services/actions/auth.tsx
+++ b/frontend/src/services/actions/auth.tsx
@@ -233,64 +233,58 @@ export const reset_password_confirm =
     }
   };
 
-// export const signup =
-//   (first_name, last_name, email, password, re_password) =>
-//   async (dispatch: Dispatch<ActionType>) => {
-//     const config = {
-//       headers: {
-//         "Content-Type": "application/json",
-//       },
-//     };
-
-//     const body = JSON.stringify({
-//       first_name,
-//       last_name,
-//       email,
-//       password,
-//       re_password,
-//     });
-
-//     try {
-//       const res = await axios.post(
-//         `${process.env.REACT_APP_API_URL}/auth/users/`,
-//         body,
-//         config
-//       );
+export const signup =
+  (first_name: string, last_name: string, email: string, password: string, re_password: string): ThunkType =>
+  async (dispatch: AppDispatch) => {
+    const config = {
+      headers: {
+        "Content-Type": "application/json",
+      },
+    };
 
-//       dispatch({
-//         type: SIGNUP_SUCCESS,
-//         payload: res.data,
-//       });
-//     } catch (err) {
-//       dispatch({
-//         type: SIGNUP_FAIL,
-//       });
-//     }
-//   };
+    const body = JSON.stringify({ first_name, last_name, email, password, re_password });
 
-// export const verify =
-//   (uid, token) => async (dispatch: Dispatch<ActionType>) => {
-//     const config = {
-//       headers: {
-//         "Content-Type": "application/json",
-//       },
-//     };
+    try {
+      const res = await axios.post(AUTH_ENDPOINTS.USERS_CREATE, body, config);
+      dispatch({
+        type: SIGNUP_SUCCESS,
+        payload: res.data,
+      });
+    } catch (err) {
+      let errorMessage = "Registration failed";
+      if (isAxiosError(err) && err.response) {
+        const messages = Object.values(err.response.data as Record<string, string[]>).flat();
+        if (messages.length > 0) errorMessage = messages.join(" ");
+      }
+      dispatch({
+        type: SIGNUP_FAIL,
+        payload: errorMessage,
+      });
+      throw err;
+    }
+  };
 
-//     const body = JSON.stringify({ uid, token });
+export const verify =
+  (uid: string, token: string): ThunkType =>
+  async (dispatch: AppDispatch) => {
+    const config = {
+      headers: {
+        "Content-Type": "application/json",
+      },
+    };
 
-//     try {
-//       await axios.post(
-//         `${process.env.REACT_APP_API_URL}/auth/users/activation/`,
-//         body,
-//         config
-//       );
+    const body = JSON.stringify({ uid, token });
 
-//       dispatch({
-//         type: ACTIVATION_SUCCESS,
-//       });
-//     } catch (err) {
-//       dispatch({
-//         type: ACTIVATION_FAIL,
-//       });
-//     }
-//   };
+    try {
+      await axios.post(AUTH_ENDPOINTS.USERS_ACTIVATION, body, config);
+      dispatch({
+        type: ACTIVATION_SUCCESS,
+        payload: "",
+      });
+    } catch (err) {
+      dispatch({
+        type: ACTIVATION_FAIL,
+      });
+      throw err;
+    }
+  };
diff --git a/frontend/src/services/reducers/auth.ts b/frontend/src/services/reducers/auth.ts
index 769f3071..9cc5d278 100644
--- a/frontend/src/services/reducers/auth.ts
+++ b/frontend/src/services/reducers/auth.ts
@@ -68,12 +68,15 @@ const initialState: StateType = {
 
 export default function authReducer(state = initialState, action: ActionType): StateType {
     switch(action.type) {
-        case AUTHENTICATED_SUCCESS:
+        case AUTHENTICATED_SUCCESS: {
+            const token = localStorage.getItem('access');
+            const decoded: TokenClaims = token ? jwtDecode(token) : { is_superuser: false };
             return {
                 ...state,
                 isAuthenticated: true,
-                isSuperuser: true
+                isSuperuser: decoded.is_superuser
             }
+        }
         case LOGIN_SUCCESS:
         case GOOGLE_AUTH_SUCCESS:
         case FACEBOOK_AUTH_SUCCESS:{
diff --git a/server/api/permissions.py b/server/api/permissions.py
new file mode 100644
index 00000000..0dbe0597
--- /dev/null
+++ b/server/api/permissions.py
@@ -0,0 +1,6 @@
+from rest_framework.permissions import BasePermission
+
+
+class IsSuperUser(BasePermission):
+    def has_permission(self, request, view):
+        return bool(request.user and request.user.is_authenticated and request.user.is_superuser)
diff --git a/server/api/views/ai_settings/views.py b/server/api/views/ai_settings/views.py
index 9ee6aad7..7f453200 100644
--- a/server/api/views/ai_settings/views.py
+++ b/server/api/views/ai_settings/views.py
@@ -1,6 +1,6 @@
 from rest_framework import status
 from rest_framework.decorators import api_view, permission_classes
-from rest_framework.permissions import IsAuthenticated
+from api.permissions import IsSuperUser
 from rest_framework.response import Response
 from drf_spectacular.utils import extend_schema
 from .models import AI_Settings
@@ -9,7 +9,7 @@
 
 @extend_schema(request=AISettingsSerializer, responses={200: AISettingsSerializer(many=True), 201: AISettingsSerializer})
 @api_view(['GET', 'POST'])
-@permission_classes([IsAuthenticated])
+@permission_classes([IsSuperUser])
 def settings_view(request):
     if request.method == 'GET':
         settings = AI_Settings.objects.all()
diff --git a/server/api/views/listMeds/views.py b/server/api/views/listMeds/views.py
index 1b199a7e..4321615d 100644
--- a/server/api/views/listMeds/views.py
+++ b/server/api/views/listMeds/views.py
@@ -1,5 +1,6 @@
 from rest_framework import status, serializers as drf_serializers
 from rest_framework.permissions import AllowAny
+from api.permissions import IsSuperUser
 from rest_framework.response import Response
 from rest_framework.views import APIView
 from drf_spectacular.utils import extend_schema, inline_serializer
@@ -127,6 +128,7 @@ class AddMedication(APIView):
     """
     API endpoint to add a medication to the database with its risks and benefits.
     """
+    permission_classes = [IsSuperUser]
     serializer_class = MedicationSerializer
 
     def post(self, request):
@@ -158,6 +160,7 @@ class DeleteMedication(APIView):
     """
     API endpoint to delete medication if medication in database.
     """
+    permission_classes = [IsSuperUser]
 
     @extend_schema(
         request=inline_serializer(name='DeleteMedicationRequest', fields={
diff --git a/server/api/views/medRules/views.py b/server/api/views/medRules/views.py
index 2f80f8f3..7e4ecae5 100644
--- a/server/api/views/medRules/views.py
+++ b/server/api/views/medRules/views.py
@@ -1,7 +1,7 @@
 from rest_framework.views import APIView
-from rest_framework.permissions import IsAuthenticated
 from rest_framework.response import Response
 from rest_framework import status, serializers as drf_serializers
+from api.permissions import IsSuperUser
 from django.utils.decorators import method_decorator
 from django.views.decorators.csrf import csrf_exempt
 from drf_spectacular.utils import extend_schema, inline_serializer
@@ -13,7 +13,7 @@
 
 @method_decorator(csrf_exempt, name='dispatch')
 class MedRules(APIView):
-    permission_classes = [IsAuthenticated]
+    permission_classes = [IsSuperUser]
     serializer_class = MedRuleSerializer
 
     def get(self, request, format=None):
diff --git a/server/api/views/text_extraction/views.py b/server/api/views/text_extraction/views.py
index 020740ad..35abe976 100644
--- a/server/api/views/text_extraction/views.py
+++ b/server/api/views/text_extraction/views.py
@@ -3,7 +3,7 @@
 import re
 
 from rest_framework.views import APIView
-from rest_framework.permissions import IsAuthenticated
+from api.permissions import IsSuperUser
 from rest_framework.response import Response
 from rest_framework import status
 from django.utils.decorators import method_decorator
@@ -97,7 +97,7 @@ def anthropic_citations(client: anthropic.Client, user_prompt: str, content_chun
 @method_decorator(csrf_exempt, name='dispatch')
 class RuleExtractionAPIView(APIView):
 
-    permission_classes = [IsAuthenticated]
+    permission_classes = [IsSuperUser]
 
     @extend_schema(
         parameters=[
@@ -155,7 +155,7 @@ def openai_extraction(content_chunks, user_prompt):
 
 @method_decorator(csrf_exempt, name='dispatch')
 class RuleExtractionAPIOpenAIView(APIView):
-    permission_classes = [IsAuthenticated]
+    permission_classes = [IsSuperUser]
 
     @extend_schema(
         parameters=[
diff --git a/server/api/views/uploadFile/views.py b/server/api/views/uploadFile/views.py
index eda43b76..6da092ce 100644
--- a/server/api/views/uploadFile/views.py
+++ b/server/api/views/uploadFile/views.py
@@ -1,5 +1,6 @@
 from rest_framework.views import APIView
-from rest_framework.permissions import AllowAny, IsAuthenticated
+from rest_framework.permissions import AllowAny
+from api.permissions import IsSuperUser
 from rest_framework.response import Response
 from rest_framework import status, serializers as drf_serializers
 from rest_framework.generics import UpdateAPIView
@@ -24,7 +25,7 @@ class UploadFileView(APIView):
     def get_permissions(self):
         if self.request.method == 'GET':
             return [AllowAny()]  # Public access
-        return [IsAuthenticated()]  # Auth required for other methods
+        return [IsSuperUser()]  # Superuser required for write methods
 
     def get(self, request, format=None):
         print("UploadFileView, get list")
@@ -217,7 +218,7 @@ def get(self, request, guid, format=None):
 
 
 class EditFileMetadataView(UpdateAPIView):
-    permission_classes = [IsAuthenticated]
+    permission_classes = [IsSuperUser]
     serializer_class = UploadFileSerializer
     lookup_field = 'guid'
 
diff --git a/server/balancer_backend/settings.py b/server/balancer_backend/settings.py
index a4ccaaae..070ac581 100644
--- a/server/balancer_backend/settings.py
+++ b/server/balancer_backend/settings.py
@@ -67,7 +67,7 @@
 
 ROOT_URLCONF = "balancer_backend.urls"
 
-CORS_ALLOW_ALL_ORIGINS = True
+CORS_ALLOWED_ORIGINS = os.environ.get("CORS_ALLOWED_ORIGINS", "http://localhost:3000").split(",")
 
 TEMPLATES = [
     {
@@ -139,12 +139,15 @@
     "default": db_config,
 }
 
-EMAIL_BACKEND = "django.core.mail.backends.smtp.EmailBackend"
-EMAIL_HOST = "smtp.gmail.com"
-EMAIL_PORT = 587
-EMAIL_HOST_USER = os.environ.get("EMAIL_HOST_USER", "")
-EMAIL_HOST_PASSWORD = os.environ.get("EMAIL_HOST_PASSWORD", "")
-EMAIL_USE_TLS = True
+if DEBUG:
+    EMAIL_BACKEND = "django.core.mail.backends.console.EmailBackend"
+else:
+    EMAIL_BACKEND = "django.core.mail.backends.smtp.EmailBackend"
+    EMAIL_HOST = "smtp.gmail.com"
+    EMAIL_PORT = 587
+    EMAIL_HOST_USER = os.environ.get("EMAIL_HOST_USER", "")
+    EMAIL_HOST_PASSWORD = os.environ.get("EMAIL_HOST_PASSWORD", "")
+    EMAIL_USE_TLS = True
 
 
 # Password validation
@@ -218,6 +221,12 @@
     "AUTH_TOKEN_CLASSES": ("rest_framework_simplejwt.tokens.AccessToken",),
 }
 
+# Domain used by Djoser to build activation and password reset links in emails.
+# Should point to the frontend, not the backend, since the frontend handles these routes.
+# Override in production via environment variable.
+DOMAIN = os.environ.get("FRONTEND_DOMAIN", "localhost:3000")
+SITE_NAME = "Balancer"
+
 DJOSER = {
     "LOGIN_FIELD": "email",
     "USER_CREATE_PASSWORD_RETYPE": True,