diff --git a/notify-bc-lb/src/controllers/administrator.controller.ts b/notify-bc-lb/src/controllers/administrator.controller.ts
index 4c59b8cbf..c5bfe04b5 100644
--- a/notify-bc-lb/src/controllers/administrator.controller.ts
+++ b/notify-bc-lb/src/controllers/administrator.controller.ts
@@ -139,6 +139,7 @@ export class AdministratorController extends BaseController {
     super(appConfig, configurationRepository);
   }
 
+  // start: ported
   @authenticate('ipWhitelist', 'clientCertificate')
   @post('/administrators', {
     responses: {
@@ -176,9 +177,10 @@ export class AdministratorController extends BaseController {
     });
     return savedUser;
   }
+  // end: ported
 
-  @authenticate('anonymous')
   // start: ported
+  @authenticate('anonymous')
   @post('/administrators/login', {
     responses: {
       '200': {
@@ -282,6 +284,7 @@ export class AdministratorController extends BaseController {
     return this.administratorRepository.find(filter, undefined);
   }
 
+  // start: ported
   @get('/administrators/{id}', {
     responses: {
       '200': {
@@ -311,7 +314,6 @@ export class AdministratorController extends BaseController {
     );
   }
 
-  // start: ported
   @patch('/administrators/{id}', {
     responses: {
       '204': {
@@ -368,7 +370,6 @@ export class AdministratorController extends BaseController {
       undefined,
     );
   }
-  // end: ported
 
   @del('/administrators/{id}', {
     responses: {
@@ -394,4 +395,5 @@ export class AdministratorController extends BaseController {
     await this.userCredentialRepository.deleteAll({userId: id}, undefined);
     await this.administratorRepository.deleteById(id, undefined);
   }
+  // end: ported
 }
diff --git a/src/api/administrators/administrators.controller.ts b/src/api/administrators/administrators.controller.ts
index a9623797d..0c19ce0c7 100644
--- a/src/api/administrators/administrators.controller.ts
+++ b/src/api/administrators/administrators.controller.ts
@@ -19,6 +19,7 @@ import {
   ApiTags,
 } from '@nestjs/swagger';
 import { genSalt, hash } from 'bcryptjs';
+import { omit } from 'lodash';
 import { FilterQuery } from 'mongoose';
 import { AuthnStrategy, Role } from 'src/auth/constants';
 import { UserProfile } from 'src/auth/dto/user-profile.dto';
@@ -295,24 +296,50 @@ export class AdministratorsController {
     return this.administratorsService.update(id, updateAdministratorDto, req);
   }
 
+  @Get(':id')
+  findOne(@Param('id') id: string, @Req() req): Promise<Administrator> {
+    if (
+      req.user.authnStrategy === AuthnStrategy.AccessToken &&
+      req.user.securityId !== id
+    ) {
+      throw new HttpException(undefined, HttpStatus.FORBIDDEN);
+    }
+    return this.administratorsService.findOne(id);
+  }
+
+  @Delete(':id')
+  async remove(@Param('id') id: string, @Req() req) {
+    if (
+      req.user.authnStrategy === AuthnStrategy.AccessToken &&
+      req.user.securityId !== id
+    ) {
+      throw new HttpException(undefined, HttpStatus.FORBIDDEN);
+    }
+    await this.accessTokenService.removeAll({ userId: id });
+    await this.userCredentialService.removeAll({ userId: id });
+    this.administratorsService.remove(id);
+  }
+
   @Post()
   @Roles(Role.SuperAdmin)
-  create(@Body() createAdministratorDto: CreateAdministratorDto, @Req() req) {
-    return this.administratorsService.create(createAdministratorDto, req);
+  async signUp(
+    @Body() createAdministratorDto: CreateAdministratorDto,
+    @Req() req,
+  ): Promise<Administrator> {
+    const savedUser = (
+      await this.administratorsService.create(
+        omit(createAdministratorDto, 'password'),
+        req,
+      )
+    ).toJSON();
+    await this.createCredential(savedUser.id, req, {
+      password: createAdministratorDto.password,
+    });
+    return savedUser;
   }
 
   @Get()
   findAll() {
     return this.administratorsService.findAll();
   }
-
-  @Get(':id')
-  findOne(@Param('id') id: string) {
-    return this.administratorsService.findOne(id);
-  }
-
-  @Delete(':id')
-  remove(@Param('id') id: string) {
-    return this.administratorsService.remove(id);
-  }
 }
diff --git a/src/api/common/base.service.ts b/src/api/common/base.service.ts
index eb76c2fc4..404eafcce 100644
--- a/src/api/common/base.service.ts
+++ b/src/api/common/base.service.ts
@@ -122,7 +122,7 @@ export class BaseService<T> {
     return this.findOneAndReplace(updateDto, { _id }, req, upsert);
   }
 
-  findOneAndReplace(
+  async findOneAndReplace(
     updateDto,
     filter: FilterQuery<T> | null,
     req: (Request & { user?: any }) | null,
@@ -132,12 +132,19 @@ export class BaseService<T> {
       updateDto.updatedBy = req.user;
       updateDto.updated = new Date();
     }
-    return this.model
+    const res = await this.model
       .findOneAndUpdate(filter, updateDto, {
         upsert,
         new: true,
+        includeResultMetadata: true,
       })
       .exec();
+    if (upsert && !res.lastErrorObject.updatedExisting) {
+      await this.model.findByIdAndUpdate(res.value._id, {
+        createdBy: req.user,
+      });
+    }
+    return res.value;
   }
 
   remove(id: string) {