OOTB way to enforce T&C acceptance on first login

I’m looking for the recommended OOTB approach in Constellation 25 to enforce mandatory Terms & Conditions acceptance on first login (or when T&C version changes).

Requirement:

• User must accept T&C before accessing any other case types or landing pages.

• Access must be blocked server-side (no URL/API bypass).

• Acceptance must be auditable and version-aware.

Current proposed design (high level):

• Dedicated data instance storing Operator + App + Version + AcceptedDateTime.

• Simple case type to capture acceptance.

• Access restricted via RBAC / Access Control Policies until acceptance record exists.

• Optionally, auto-start case via post-authentication activity.

Before implementing this, I’d like to confirm:
Is there any OOTB mechanism in Constellation 25 for this scenario?

There is a standard cookie consent modal shown on first login, but I couldn’t find a supported way to reuse or customize it for T&C.

Is the custom data + case + access control approach the recommended pattern?

Thanks.

Not exactly covering RBAC and backend flow as it covers only frontend but good starting point might be modification of cookie consent banner: Customizing Constellation Portal

@vbarashko That might be the safest option, as you wanted to track approval stats for each requestor. If you just want to get users’ consent to use web access, then @Kamil_Janeczek provided approach would suffice, as it’s just acceptance of web access terms & conditions.

Thanks @Kamil_Janeczek, this seems as a good starting point, let me explore that.