There might be a sleeker solution than this, but you could use the Ipiphy plugin to determine the user’s current IP, and save it to the user. If he enters from a different IP, he can’t sign in. You could use a timestamp updated at regular intervals while he is using the app, and if the timestamp is older than the update frequency when he enters from another IP, the saved user IP will update to the new one.
Say the timestamp updates every 60 seconds.
So, check the IP and timestamp when he opens the app. If IP is not saved IP, and timestamp is older than 60 seconds, allow him to log in. If IP is not saved IP and timestamp<60 seconds old, show message “already in use on another device”.
Again, I welcome people to come up with a better one, this was top of mind