diff --git a/global/overlay/etc/puppet/modules/soc/manifests/intelmq.pp b/global/overlay/etc/puppet/modules/soc/manifests/intelmq.pp
index 1b19e46..fdade8b 100644
--- a/global/overlay/etc/puppet/modules/soc/manifests/intelmq.pp
+++ b/global/overlay/etc/puppet/modules/soc/manifests/intelmq.pp
@@ -4,6 +4,7 @@ class soc::intelmq(
   Optional[String]    $tls_key    = undef,
   String              $servername = $facts['networking']['fqdn'],
   Boolean             $use_snakeoil = false,
+  String              $apache_group = 'sunet-cert',
 ) {
   include sunet::systemd_reload
 
diff --git a/global/overlay/etc/puppet/modules/soc/manifests/sso.pp b/global/overlay/etc/puppet/modules/soc/manifests/sso.pp
index c4c4d24..8d6094c 100644
--- a/global/overlay/etc/puppet/modules/soc/manifests/sso.pp
+++ b/global/overlay/etc/puppet/modules/soc/manifests/sso.pp
@@ -31,9 +31,9 @@
 #   Default set to value of proxy.
 
 class soc::sso(
-  String            $ssotype          = "docker",
-  Optional[String]  $hostname         = undef,
-  String            $email            = "cert@cert.sunet.se",
+  String            $ssotype          = 'docker',
+  String            $hostname         = $facts['networking']['fqdn'],
+  String            $email            = 'cert@cert.sunet.se',
   Optional[String]  $service_endpoint = undef,
   Array             $groups           = ['PLACEHOLDER'],
   Array             $passthrough      = [],
diff --git a/global/overlay/etc/puppet/modules/soc/templates/intelmq/intelmq-vhost.conf.erb b/global/overlay/etc/puppet/modules/soc/templates/intelmq/intelmq-vhost.conf.erb
index 1d5d8bd..1a27a9b 100644
--- a/global/overlay/etc/puppet/modules/soc/templates/intelmq/intelmq-vhost.conf.erb
+++ b/global/overlay/etc/puppet/modules/soc/templates/intelmq/intelmq-vhost.conf.erb
@@ -33,6 +33,17 @@
         SSLSessionTickets       off
         Header                  always set Strict-Transport-Security "max-age=63072000"
 
+        <IfModule mod_shib.c>
+          <Location />
+            AuthType shibboleth
+            ShibRequestSetting requireSession On
+            ShibUseHeaders On
+
+            AuthGroupFile /etc/apache2/groups.txt
+            Require group <%= @apache_group %>
+          </Location>
+        </IfModule>
+
         <IfModule mod_proxy.c>
                 ProxyRequests   Off
                 <Location "/api">
@@ -58,13 +69,6 @@
 
         Alias /intelmq-manager /opt/intelmq/www/intelmq-manager
         <Directory /opt/intelmq/www/intelmq-manager> 
-#                AuthType                Basic
-#                AuthName                "IntelMQ"
-#                AuthBasicProvider       file
-#                AuthUserFile            /etc/apache2/htpasswd
-#                Require                 user sunetcert
-            Require all granted
-
             <IfModule mod_headers.c>
                     Header set Content-Security-Policy "script-src 'self'"
                     Header set X-Content-Security-Policy "script-src 'self'"
