When there is a need to give a user temporary access in Django, typically, you will need to enable their user and then expire their user manually. This creates an issue as it relies on remembering to disable the user. One way to deal with this is to save the expiration time somewhere and have a script running that will expire users, however this creates another weak point in the app and a critical scheduled job to make sure is always running.
In an app where security was critical and where such a scheduled script would have been subject to audits, I found this method to work perfectly:
Rather than use a boolean to indicate active status, use datetimes for active start and end times and let Django figure out if the user is active based on the current time.