diff --git a/ccp/modules/ovis-compose.yml b/ccp/modules/ovis-compose.yml
index d8ebd32f..537812e0 100644
--- a/ccp/modules/ovis-compose.yml
+++ b/ccp/modules/ovis-compose.yml
@@ -24,7 +24,7 @@ services:
       - OAUTH2_PROXY_SCOPE=openid profile email
       - OAUTH2_PROXY_SET_AUTHORIZATION_HEADER=true
       - OAUTH2_PROXY_SET_XAUTHREQUEST=true
-      - OAUTH2_PROXY_ALLOWED_GROUPS=${OIDC_PSP_GROUP}
+      - OAUTH2_PROXY_ALLOWED_GROUPS=${OIDC_USER_GROUP}
       - OAUTH2_PROXY_OIDC_GROUPS_CLAIM=${OIDC_GROUP_CLAIM}
       - OAUTH2_PROXY_PROXY_PREFIX=/oauth2-ovis
     labels:
diff --git a/ccp/modules/ovis-setup.sh b/ccp/modules/ovis-setup.sh
index 2ae23a7f..fdaf2345 100644
--- a/ccp/modules/ovis-setup.sh
+++ b/ccp/modules/ovis-setup.sh
@@ -3,4 +3,5 @@
 if [ -n "$ENABLE_OVIS" ]; then
   log INFO "OVIS setup detected -- will start OVIS services with local oauth2-proxy middleware."
   OVERRIDE+=" -f ./$PROJECT/modules/ovis-compose.yml"
+  add_private_oidc_redirect_url "/oauth2-ovis/callback"
 fi