diff --git a/ccp/modules/id-management-compose.yml b/ccp/modules/id-management-compose.yml
index 9a42b53..4bb594b 100644
--- a/ccp/modules/id-management-compose.yml
+++ b/ccp/modules/id-management-compose.yml
@@ -77,6 +77,9 @@ services:
       - OAUTH2_PROXY_COOKIE_SECRET=${IDMANAGER_AUTH_COOKIE_SECRET}
       - OAUTH2_PROXY_COOKIE_NAME=_BRIDGEHEAD_oauth2_idm
       - OAUTH2_PROXY_COOKIE_DOMAINS=.${HOST}
+      - OAUTH2_PROXY_COOKIE_EXPIRE=12h
+      - OAUTH2_PROXY_COOKIE_SECURE=true
+      - OAUTH2_PROXY_COOKIE_HTTPONLY=true
       - OAUTH2_PROXY_HTTP_ADDRESS=:4180
       - OAUTH2_PROXY_REVERSE_PROXY=true
       - OAUTH2_PROXY_WHITELIST_DOMAINS=.${HOST}
@@ -89,7 +92,15 @@ services:
       # Keycloak has an expiration time of 60s therefore oauth2-proxy needs to refresh after that
       - OAUTH2_PROXY_COOKIE_REFRESH=60s
       - OAUTH2_PROXY_ALLOWED_GROUPS=app-dktk-ccp-ppsn
+      - OAUTH2_PROXY_OIDC_GROUPS_CLAIM=${OIDC_GROUP_CLAIM}
       - OAUTH2_PROXY_PROXY_PREFIX=/oauth2-idm
+      - OAUTH2_PROXY_AUTH_LOGGING=true
+      - OAUTH2_PROXY_CHALLENGE_METHOD=S256
+      - OAUTH2_PROXY_SKIP_PROVIDER_BUTTON=true
+      - OAUTH2_PROXY_PASS_BASIC_AUTH=true
+      - OAUTH2_PROXY_USER_HEADERS=false
+      - OAUTH2_PASS_ACCESS_TOKEN=false
+      - OAUTH2_PROVIDER_DISPLAY_NAME="VerbIS Login"
     labels:
       - "traefik.enable=true"
       - "traefik.http.services.traefik-forward-auth.loadbalancer.server.port=4180"