diff --git a/patchday.yml b/patchday.yml
index db84644..ad154e8 100644
--- a/patchday.yml
+++ b/patchday.yml
@@ -188,7 +188,54 @@
       when:
         - not check_postgres.is_available
 
-- hosts: all,!elastic,!postgres,!k8s_cluster
+# due to bloody dependencies in SMA application startup, iam must be available during startup
+# => patching IAM service outsourced in separate part to make sure that is up and running
+- hosts: iam
+  serial: 10
+  become: yes
+  tasks:
+    - name: "Smardigo Patchday: update pkgs"
+      ansible.builtin.apt:
+        upgrade: yes
+        update_cache: yes
+        autoremove: yes
+        autoclean: yes
+
+    - name: "Smardigo Patchday: find docker_compose.yml files"
+      ansible.builtin.find:
+        paths: '{{ service_base_path }}'
+        pattern: 'docker*.yml'
+        recurse: yes
+      register: docker_compose_services
+
+    - name: "Smardigo Patchday: shutdown services"
+      community.docker.docker_compose:
+        project_src: '{{ item.path | dirname }}'
+        state: absent
+      loop: '{{ docker_compose_services.files }}'
+
+    - name: "Smardigo Patchday: rebooting <{{ inventory_hostname }}>"
+      ansible.builtin.reboot:
+        post_reboot_delay: 30
+        reboot_timeout: 300
+
+    - name: "Smardigo Patchday: wait_for host after reboot"
+      become: no
+      delegate_to: localhost
+      ansible.builtin.wait_for:
+        delay: 15
+        timeout: 180
+        port: 22
+        host: '{{ stage_server_ip }}'
+        search_regex: OpenSSH
+
+    - name: "Smardigo Patchday: start services"
+      community.docker.docker_compose:
+        project_src: '{{ item.path | dirname }}'
+        state: present
+      loop: '{{ docker_compose_services.files }}'
+
+- hosts: all,!elastic,!postgres,!k8s_cluster,!iam
   serial: 10
   become: yes
   tasks: