diff --git a/host_vars/ext-bdev-mpmexec-02/plain.yml b/host_vars/ext-bdev-mpmexec-02/plain.yml
index 61db022..1e9449a 100644
--- a/host_vars/ext-bdev-mpmexec-02/plain.yml
+++ b/host_vars/ext-bdev-mpmexec-02/plain.yml
@@ -10,3 +10,6 @@ keycloak_external_domain: "ext-bdev-mpmexec-keycloak"
 traefik_dns_01_challenge: false
 
 sma_jwt_secret: "{{ sma_jwt_secret_vault }}"
+
+connect_email_username: "{{ connect_email_username_vault }}"
+connect_email_password: "{{ connect_email_password_vault }}"
diff --git a/host_vars/ext-bdev-mpmexec-02/vault.yml b/host_vars/ext-bdev-mpmexec-02/vault.yml
index a97de2a..7112ee0 100644
--- a/host_vars/ext-bdev-mpmexec-02/vault.yml
+++ b/host_vars/ext-bdev-mpmexec-02/vault.yml
@@ -1,22 +1,27 @@
 $ANSIBLE_VAULT;1.1;AES256
-62396561376535633331366135626166313361653939363663623337353163353932303265656338
-6133636136653233363037323831636662653238356132610a356535373932336439376132353139
-39343134613366623462313361326230316338613235306539306330313861393137386137353035
-3430643161656532310a363565656236306238306661663864396265343162333136313130333764
-32643366626630323466386330656232316261373130363035306633616566333638633234636634
-31373866616363306663313165346532646464313065326637656630363335663663663164626366
-31623133343637346338633162366136363661333339623761313132336437393836663564636137
-39346133643439376230346439356232616363613839346664353761306535386331333766313334
-37613030376339653130386264383831643539323866333666663338336366343266666231653761
-36316633356537363662656138626135343636666635613264663339393632643362343463643537
-62383931356630303863323039326664353235613635353164383530333066316430353638663263
-36353733393337626565373435306134353764363230656662653538626133303332633034323633
-38653238646562636265393862666432306235663862356238393539376563626438313335613933
-64343636623938356433306265346233643161623131356238386162353466333330343930376265
-36323537633566363364623164343938396165396265633763313434386438356533656430313931
-62313836326130343261346435383137653431356335383633326162646566333964643132383065
-63343030663938646531346638303433623435323662616333613861626133356531356135343334
-65393663306364346432636133376335343432363664343263363439363434643266356634393132
-37396565343430306534363238313561643032383062303833353732303739373030336362363234
-65373366636662313330613163326265333933356139663439666634393937356133623235663265
-3436
+31623731653564323539633934643263373538376137396231336534656138623931336531383565
+6131373964386665663538636563326136343535626632370a613639356538363135366138333062
+37636466353362633839313837616266666565656438663833323461326231313064366132316637
+3732613365653332360a303436303733393863313763313263383534653064306231333239366464
+30613663313334336635653830363235623433366539396263373165656261656134343239343233
+35656635356530313535373030653663353438636538623236373864616663316130323332313432
+63616564336131346336646561653138623832363762306537653065376566633133376130636165
+38383430626464643632326435613139643439333030303635643765373133653766393965313666
+31323930636637376334383763326264346562666135333061333164373035643366666436313664
+38356261316462363733356562323463303238343839326134343330616638336566343438653965
+30653032383436636434643763613162656136633366613837326462636162656463393066353835
+38333230336134636465373931383366626630343864643735616535303533363739393366343833
+34663430396363393735343164333866643166326636343035653435363539633561373837633535
+61326634396663396134366136636435316238323063386331653934393664383338333137323466
+64653761663636313062643036626632626436303637633538613330366464623564346131343638
+34313836326362643162343137323563363762666666646532336138353862343936383165613463
+61663036626137366666613361373262366564643335323666306633353836313134326435323538
+66316332303335363638323065663265366562363934613332303065356630633433666365363934
+66636465383761333861353664663161316633396235653263373261386632373065316435643635
+37633438643936363239616431353438323165663866333833356663356339323133666266353435
+37383938396430386136383964343064396663366262383332373533303637376634353938333337
+33316537376232613631366637386230316438323032343031326562326665383464623662393432
+31656139323962653164346639316439623836393031343831373131363163663966626337396661
+38363461393731303337366138346361303361313462366237626565663232623463343930303064
+32313535643965303535393538396632376363393437343932316136383439643339306234643136
+3264396433623638313265366239363530386433653535376539
diff --git a/roles/connect_compact/defaults/main.yml b/roles/connect_compact/defaults/main.yml
index 100c451..0ad162e 100644
--- a/roles/connect_compact/defaults/main.yml
+++ b/roles/connect_compact/defaults/main.yml
@@ -14,6 +14,5 @@ keycloak_postgres_username: "keycloak_postgres"
 keycloak_postgres_password: "{{ keycloak_postgres_password_vault }}"
 keycloak_image_name: "{{ shared_service_harbor_hostname }}/smardigo/keycloak"
 
-elasticsearch_id: "{{ inventory_hostname }}-elastic"
 elasticsearch_username: "elastic"
 elasticsearch_password: "{{ elasticsearch_password_vault }}"
diff --git a/templates/connect-compact/config/elasticsearch/elasticsearch.yml.j2 b/templates/connect-compact/config/elasticsearch/elasticsearch.yml.j2
index 4830c34..4bf1121 100644
--- a/templates/connect-compact/config/elasticsearch/elasticsearch.yml.j2
+++ b/templates/connect-compact/config/elasticsearch/elasticsearch.yml.j2
@@ -1,6 +1,6 @@
 ---
 
-cluster.name: "{{ elasticsearch_id }}"
+cluster.name: "{{ connect_id }}-elastic"
 network.host: 0.0.0.0
 
 discovery.type: single-node
diff --git a/templates/connect-compact/docker-compose.yml.j2 b/templates/connect-compact/docker-compose.yml.j2
index 10d6b2f..abc4064 100644
--- a/templates/connect-compact/docker-compose.yml.j2
+++ b/templates/connect-compact/docker-compose.yml.j2
@@ -8,7 +8,7 @@ networks:
 
 volumes:
   {{ connect_id }}-postgres-data: {}
-  {{ elasticsearch_id }}-data: {}
+  {{ connect_id }}-elastic-data: {}
 
 services:
   {{ connect_id }}:
@@ -47,8 +47,8 @@ services:
       MAIL_PROTOCOL: "smtp"
       MAIL_HOST: "smtp.web.de"
       MAIL_PORT: "587"
-      MAIL_USER: "smardigo.email@web.de"
-      MAIL_PASSWORD: "MUqzILYtspSYGmw0k34F"
+      MAIL_USER: "{{ connect_email_username }}"
+      MAIL_PASSWORD: "{{ connect_email_password }}"
       MAIL_PROPERTIES_SIMULATION: "false"
       MAIL_PROPERTIES_BASE_URL: "https://{{ connect_id }}.{{ domain }}"
       MAIL_PROPERTIES_BASE_URL_EXTERN: "https://{{ connect_id }}.{{ domain }}"
@@ -66,11 +66,12 @@ services:
       PASSWORD_CHANGE_URL: "https://{{ keycloak_external_domain }}.{{ domain }}/auth/realms/connect/account/password"
       USER_MANAGEMENT_URL: "https://{{ keycloak_external_domain }}.{{ domain }}/auth/admin/connect/console"
 
-      IAM_MODULE: "embedded"
-      IAM_CLIENT_ENABLED: "false"
+      IAM_MODULE: "external"
+      IAM_CLIENT_ENABLED: "true"
+      EXTERNAL_IAM_SERVER_URL: "http://{{ connect_id }}-iam:8080"
 
       PROCESS_SEARCH_MODULE: "embedded"
-      ELASTIC_HOST: "{{ elasticsearch_id }}"
+      ELASTIC_HOST: "{{ connect_id }}-elastic"
       ELASTIC_PREFIX: "{{ connect_id }}"
       ELASTIC_USERNAME: "{{ elasticsearch_username }}"
       ELASTIC_PASSWORD:  "{{ elasticsearch_password }}"
@@ -121,15 +122,31 @@ services:
       - "{{ connect_id }}-postgres-data:/var/lib/postgresql/data"
     networks:
       - "back-tier"
-  {{ elasticsearch_id }}:
+  {{ connect_id }}-elastic:
     image: "docker.elastic.co/elasticsearch/elasticsearch:7.16.3"
-    container_name: "{{ elasticsearch_id }}"
+    container_name: "{{ connect_id }}-elastic"
     restart: always
     environment:
       ES_JAVA_OPTS: "-Xmx2G -Xms2G"
       ELASTIC_PASSWORD: "{{ elasticsearch_password }}"
     volumes:
       - "./config/elasticsearch/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro"
-      - "{{ elasticsearch_id }}-data:/usr/share/elasticsearch/data"
+      - "{{ connect_id }}-elastic-data:/usr/share/elasticsearch/data"
+    networks:
+      - "back-tier"
+  {{ connect_id }}-iam:
+    image: "{{ iam_image_name }}:{{ iam_version }}"
+    container_name: "{{ connect_id }}-iam"
+    restart: always
+    environment:
+      SERVER_ERROR_INCLUDE_MESSAGE: "always"
+      IAM_KEYCLOAK_AUTH_SERVER_URL: "https://{{ keycloak_external_domain }}.{{ domain }}/auth"
+      IAM_KEYCLOAK_ADMIN_USER: "{{ keycloak_admin_username }}"
+      IAM_KEYCLOAK_ADMIN_PASSWORD: "{{ keycloak_admin_password }}"
+      IAM_JWT_CONFIG_READ_TIMEOUT: 3000
+      IAM_CACHE_TENANTS_TTL: "3600"
+      IAM_CACHE_ROLES_TTL: "60"
+      IAM_CACHE_USERS_TTL: "60"
+      IAM_CACHE_JWKS_TTL: "3600"
     networks:
       - "back-tier"