diff --git a/group_vars/connect/plain.yml b/group_vars/connect/plain.yml
index 7f35772..cb6667b 100644
--- a/group_vars/connect/plain.yml
+++ b/group_vars/connect/plain.yml
@@ -31,12 +31,6 @@ connect_oidc_issuer_uri: "https://{{ shared_service_keycloak_hostname }}/auth/re
 connect_password_change_url: "{{ http_s }}://{{ shared_service_keycloak_hostname }}/auth/realms/{{ current_realm_name }}/account/password"
 connect_iam_user_management_url: "{{ http_s }}://{{ shared_service_keycloak_hostname }}/auth/admin/{{ current_realm_name }}/console"
 
-connect_jwt_enabled: true
-connect_jwt_secret: 908ae14462d049d3be84964ef379c7c6
-
-# TODO shouldn't be here at all -> currently the connect service needs knowlegde of the webdav secret -> smells like hell!
-webdav_jwt_secret: "5646aee6dadc4c19b15f4b65f1e6549f"
-
 #connect_csrf_token_name: "< see vault >"
 #connect_csrf_token_value: "< see vault >"
 
diff --git a/group_vars/stage_dev/plain.yml b/group_vars/stage_dev/plain.yml
index d21ef32..b53d7a6 100644
--- a/group_vars/stage_dev/plain.yml
+++ b/group_vars/stage_dev/plain.yml
@@ -97,7 +97,8 @@ docker_registry_oidc_client_id: "docker-registry"
 
 postgres_listen_addresses: "listen_addresses = 'localhost,{{ stage_server_ip }},{{ stage_private_server_ip }}'"
 
-connect_image_version: "8.3.7"
+connect_image_version: "8.4.0"
+iam_image_version: "8.3.1"
 
 smardigo_management_oidc_realm: "smardigo"
 smardigo_management_oidc_client_id: "management-smardigo"
@@ -107,6 +108,13 @@ smardigo_management_token: "eyJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiYWxnIjoiZGlyIn0..rCR
 
 connect_external_task_script_worker_enabled: "true"
 
+connect_jwt_enabled: true
+connect_jwt_secret: "908ae14462d049d3be84964ef379c7c6"
+iam_jwt_enabled: true
+webdav_jwt_secret: "5646aee6dadc4c19b15f4b65f1e6549f"
+iam_jwt_enabled: true
+iam_jwt_secret: "456ae14462d049d3be76439ef379c7c6"
+
 #awx_admin_username: "< see vault >"
 #awx_admin_password: "< see vault >"
 
diff --git a/group_vars/stage_qa/plain.yml b/group_vars/stage_qa/plain.yml
index 51f5ea3..31e9f3a 100644
--- a/group_vars/stage_qa/plain.yml
+++ b/group_vars/stage_qa/plain.yml
@@ -142,7 +142,8 @@ docker_registry_oidc_client_id: "docker-registry"
 
 postgres_listen_addresses: "listen_addresses = 'localhost,{{ stage_server_ip }},{{ stage_private_server_ip }}'"
 
-connect_image_version: "8.3.7"
+connect_image_version: "8.4.0"
+iam_image_version: "8.3.1"
 
 smardigo_management_oidc_realm: "smardigo"
 smardigo_management_oidc_client_id: "management-smardigo"
@@ -152,6 +153,13 @@ smardigo_management_token: "eyJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiYWxnIjoiZGlyIn0..rCR
 
 connect_external_task_script_worker_enabled: "true"
 
+connect_jwt_enabled: true
+connect_jwt_secret: "908ae14462d049d3be84964ef379c7c6"
+iam_jwt_enabled: true
+webdav_jwt_secret: "5646aee6dadc4c19b15f4b65f1e6549f"
+iam_jwt_enabled: true
+iam_jwt_secret: "456ae14462d049d3be76439ef379c7c6"
+
 #awx_admin_username: "< see vault >"
 #awx_admin_password: "< see vault >"
 
diff --git a/group_vars/webdav/plain.yml b/group_vars/webdav/plain.yml
index 1df5c3c..8dc1e0a 100644
--- a/group_vars/webdav/plain.yml
+++ b/group_vars/webdav/plain.yml
@@ -3,8 +3,6 @@
 hetzner_server_type: cpx11
 hetzner_server_labels: "stage={{ stage }} service=webdav"
 
-webdav_jwt_secret: "5646aee6dadc4c19b15f4b65f1e6549f"
-
 webdav_postgres_host: "{{ shared_service_postgres_01_hostname }}"
 webdav_postgres_database: "{{ stage }}_webdav"
 webdav_postgres_username: "{{ webdav_postgres_database }}"
diff --git a/roles/connect/vars/main.yml b/roles/connect/vars/main.yml
index e3ce247..8c2a722 100644
--- a/roles/connect/vars/main.yml
+++ b/roles/connect/vars/main.yml
@@ -80,6 +80,9 @@ connect_environment: [
   "SMA_WEBDAV_FRONTEND_URL: \"{{ http_s }}://{{ shared_service_webdav_hostname }}/\"",
   "SMA_WEBDAV_JWT_SECRET: \"{{ webdav_jwt_secret }}\"",
 
+  "SPRINGDOC_SERVER_URL: \"{{ connect_base_url }}\"",
+  "SMA_CORS_ORIGINS: \"{{ stage_server_domain }}:{{ monitor_port_service }}\"",
+
   "LOG_LEVEL_MESSAGE_QUEUE: \"{{ connect_loglevel_message_queue | default('INFO') }}\"",
   "LOG_LEVEL_DOCUMENT_INDEX: \"{{ connect_loglevel_document_index | default('INFO') }}\"",
   "LOG_LEVEL_WORKFLOW_INDEX: \"{{ connect_loglevel_workflow_index | default('INFO') }}\"",
diff --git a/roles/iam/defaults/main.yml b/roles/iam/defaults/main.yml
index 32ed6ca..3a566e2 100644
--- a/roles/iam/defaults/main.yml
+++ b/roles/iam/defaults/main.yml
@@ -1,4 +1,4 @@
 ---
 
 iam_image_name: '{{ shared_service_docker_registry_hostname }}/smardigo/iam-app'
-iam_image_version: '8.2.0'
+iam_image_version: 'latest'
diff --git a/roles/iam/vars/main.yml b/roles/iam/vars/main.yml
index fa07d75..fbbc913 100644
--- a/roles/iam/vars/main.yml
+++ b/roles/iam/vars/main.yml
@@ -51,7 +51,13 @@ iam_docker: {
         "SERVER_ERROR_INCLUDE_MESSAGE: \"always\"",
         "IAM_KEYCLOAK_AUTH_SERVER_URL: \"{{ iam_keycloak_auth_server_url }}\"",
         "IAM_KEYCLOAK_ADMIN_USER: \"{{ iam_keycloak_admin_user }}\"",
-        "IAM_KEYCLOAK_ADMIN_PASSWORD: \"{{ iam_keycloak_admin_password }}\""
+        "IAM_KEYCLOAK_ADMIN_PASSWORD: \"{{ iam_keycloak_admin_password }}\"",
+
+        "SMA_JWT_ENABLED: \"{{ iam_jwt_enabled | default('false') }}\"",
+        "SMA_JWT_SECRET: \"{{ iam_jwt_secret | default('') }}\"",
+
+        "SPRINGDOC_SERVER_URL: \"{{ stage_server_domain }}\"",
+        "SMA_CORS_ORIGINS: \"{{ stage_server_domain }}:{{ monitor_port_service }}\"",
       ],
       networks: [
         '"back-tier"',
diff --git a/roles/webdav/vars/main.yml b/roles/webdav/vars/main.yml
index c0d4e30..0b1f731 100644
--- a/roles/webdav/vars/main.yml
+++ b/roles/webdav/vars/main.yml
@@ -43,7 +43,8 @@ webdav_docker: {
         "DATASOURCE_URL: \"jdbc:postgresql://{{ webdav_postgres_host }}:{{ service_port_postgres }}/{{ webdav_postgres_database }}\"",
         "DATASOURCE_USERNAME: \"{{ webdav_postgres_username }}\"",
         "DATASOURCE_PASSWORD: \"{{ webdav_postgres_password }}\"",
-        "SMA_JWT_SECRET: \"{{ webdav_jwt_secret }}\""
+
+        "SMA_JWT_SECRET: \"{{ webdav_jwt_secret }}\"",
       ],
       networks: [
         '"front-tier"',
diff --git a/smardigo/provisioning/user-management/user-management.json b/smardigo/provisioning/user-management/user-management.json
index dcc5b6a..9b84976 100644
--- a/smardigo/provisioning/user-management/user-management.json
+++ b/smardigo/provisioning/user-management/user-management.json
@@ -1,18 +1,15 @@
 {
   "groups" : [ {
-    "id" : "administrator",
-    "name" : "Administrator"
+    "id" : "user",
+    "name" : "User"
+  }, {
+    "id" : "head",
+    "name" : "Head"
   }, {
     "id" : "maintainer",
     "name" : "Maintainer"
   }, {
-    "id" : "process-delete-approver",
-    "name" : "Aussonderungsliste anzeigen und bearbeiten"
-  }, {
-    "id" : "process-deleter",
-    "name" : "Löschen von Vorgängen"
-  }, {
-    "id" : "user",
-    "name" : "User"
+    "id" : "administrator",
+    "name" : "Administrator"
   } ]
 }
\ No newline at end of file