diff --git a/values/argo/values/argocd.yaml.gotmpl b/values/argo/values/argocd.yaml.gotmpl
index 724c0b68..45def3ab 100644
--- a/values/argo/values/argocd.yaml.gotmpl
+++ b/values/argo/values/argocd.yaml.gotmpl
@@ -43,7 +43,7 @@ configs:
       connectors:
       {{- with .Values.clusterConfig.oidc }}
       {{- range . }}
-      {{- if eq .provider "azuread" }}
+      {{- if eq .group "devel" }}
       - type: oidc
         id: {{ .name }}
         name: {{ .name }}
diff --git a/values/env-ekman.yaml b/values/env-ekman.yaml
index d10da337..da948a87 100644
--- a/values/env-ekman.yaml
+++ b/values/env-ekman.yaml
@@ -8,22 +8,15 @@ clusterConfig:
   initca: "/var/lib/kubernetes/secrets"
   apiserver: "ekman-manage"
   apiserverip: "10.255.241.99"
-  etcd_nodes: [ "10.255.241.80, 10.255.241.90, 10.255.241.99" ]
-  k8s_nodes: [ "10.255.241.80, 10.255.241.90, 10.255.241.99, 10.255.241.100, 10.255.241.101, 10.255.241.102, 10.255.241.103, 10.255.241.104, 10.255.241.105, 10.255.241.106, 10.255.241.107, 10.255.241.108, 10.255.241.109, 10.255.241.110, 10.255.241.111, 10.255.241.112, 10.255.241.113, 10.255.241.114, 10.255.241.116, 10.255.241.121, 10.255.241.122, 10.255.241.123, 10.255.241.124, 10.255.241.125, 10.255.241.126, 10.255.241.127, 10.255.241.128" ]
+  etcd_nodes: ["10.255.241.80, 10.255.241.90, 10.255.241.99"]
+  k8s_nodes:
+    [
+      "10.255.241.80, 10.255.241.90, 10.255.241.99, 10.255.241.100, 10.255.241.101, 10.255.241.102, 10.255.241.103, 10.255.241.104, 10.255.241.105, 10.255.241.106, 10.255.241.107, 10.255.241.108, 10.255.241.109, 10.255.241.110, 10.255.241.111, 10.255.241.112, 10.255.241.113, 10.255.241.114, 10.255.241.116, 10.255.241.121, 10.255.241.122, 10.255.241.123, 10.255.241.124, 10.255.241.125, 10.255.241.126, 10.255.241.127, 10.255.241.128",
+    ]
   cluster: "ekman"
-  ingress_nodes: ["ekman , ekman-manage" ]
+  ingress_nodes: ["ekman , ekman-manage"]
   ingress_replica_count: 2
   fileserver: "10.255.241.100"
-  acme:
-    email: "acme@oceanbox.io"
-    dns01: "namecheap-apikey"
-  oidc:
-  - name: oceanbox
-    provider: azuread
-    tenant: "3f737008-e9a0-4485-9d27-40329d288089"
-    secret_ref:
-      name: oceanbox-oidc
-    group_id: "eb17a659-4ce6-41bc-9153-d9b117c44479"
   nodes:
     - name: ekman-manage
       taints: []
diff --git a/values/env-oceanbox.yaml b/values/env-oceanbox.yaml
index c78b15b6..c914218c 100644
--- a/values/env-oceanbox.yaml
+++ b/values/env-oceanbox.yaml
@@ -6,22 +6,15 @@ clusterConfig:
   initca: ""
   apiserver: ""
   apiserverip: ""
-  etcd_nodes: [ "10.255.241.201, 10.255.241.202, 10.255.241.203" ]
-  k8s_nodes: [ "" ]
+  etcd_nodes: ["10.255.241.201, 10.255.241.202, 10.255.241.203"]
+  k8s_nodes: [""]
   cluster: "oceanbox"
-  ingress_nodes: ["oceanbox-controlplane-1, oceanbox-controlplane-2, oceanbox-controlplane-3" ]
+  ingress_nodes:
+    [
+      "oceanbox-controlplane-1, oceanbox-controlplane-2, oceanbox-controlplane-3",
+    ]
   ingress_replica_count: 3
   fileserver: "10.255.241.210"
-  acme:
-    email: "acme@oceanbox.io"
-    dns01: "namecheap-apikey"
-  oidc:
-  - name: oceanbox
-    provider: azuread
-    tenant: "3f737008-e9a0-4485-9d27-40329d288089"
-    secret_ref:
-      name: oceanbox-oidc
-    group_id: "eb17a659-4ce6-41bc-9153-d9b117c44479"
   s3:
     hosts: []
     patterns: []
diff --git a/values/env-rossby.yaml b/values/env-rossby.yaml
index 32a3d6e8..4cff020d 100644
--- a/values/env-rossby.yaml
+++ b/values/env-rossby.yaml
@@ -8,28 +8,21 @@ clusterConfig:
   initca: "/var/lib/kubernetes/secrets"
   apiserver: "rossby-manage"
   apiserverip: "172.16.239.221"
-  etcd_nodes: [ "172.16.239.221, 172.16.239.222, 172.16.239.210" ]
-  k8s_nodes: [ "172.16.239.221, 172.16.239.222, 172.16.239.210, 172.16.239.111, 172.16.239.112, 172.16.239.113, 172.16.239.114, 172.16.239.115, 172.16.239.116, 172.16.239.117, 172.16.239.118, 172.16.239.119, 172.16.239.120, 172.16.239.121, 172.16.239.122, 172.16.239.123, 172.16.239.124, 172.16.239.125, 172.16.239.126, 172.16.239.127, 172.16.239.128, 172.16.239.129, 172.16.239.130" ]
+  etcd_nodes: ["172.16.239.221, 172.16.239.222, 172.16.239.210"]
+  k8s_nodes:
+    [
+      "172.16.239.221, 172.16.239.222, 172.16.239.210, 172.16.239.111, 172.16.239.112, 172.16.239.113, 172.16.239.114, 172.16.239.115, 172.16.239.116, 172.16.239.117, 172.16.239.118, 172.16.239.119, 172.16.239.120, 172.16.239.121, 172.16.239.122, 172.16.239.123, 172.16.239.124, 172.16.239.125, 172.16.239.126, 172.16.239.127, 172.16.239.128, 172.16.239.129, 172.16.239.130",
+    ]
   cluster: "rossby"
-  ingress_nodes: ["rossby, rossby-manage" ]
+  ingress_nodes: ["rossby, rossby-manage"]
   ingress_replica_count: 2
   ingress_clusterissuer: ca-issuer
   ingress_whitelist:
-   - 0.0.0.0/0
+    - 0.0.0.0/0
   ingress_hostnetwork: true
   ingress_hostport: false
   ingress_nodeport: false
   fileserver: "172.16.239.222"
-  acme:
-    email: "acme@oceanbox.io"
-    dns01: "namecheap-apikey"
-  oidc:
-  - name: oceanbox
-    provider: azuread
-    tenant: "3f737008-e9a0-4485-9d27-40329d288089"
-    secret_ref:
-      name: oceanbox-oidc
-    group_id: "eb17a659-4ce6-41bc-9153-d9b117c44479"
   nodes:
     - name: rossby-manage
       taints: []
diff --git a/values/env.yaml b/values/env.yaml
index 9024d27f..450980ba 100644
--- a/values/env.yaml
+++ b/values/env.yaml
@@ -11,9 +11,6 @@ clusterConfig:
   ingress_nodes: []
   ingress_replica_count: 3
   fileserver: ""
-  acme:
-    email: "acme@oceanbox.io"
-    dns01: ""
   nodenames: []
   nodes: []
   ingress_clusterissuer: "letsencrypt-production"
@@ -26,19 +23,31 @@ clusterConfig:
   ingress_hostnetwork: false
   ingress_hostport: false
   ingress_nodeport: true
-  oidc: []
-    #- name: azure
-    #  provider: azuread
-    #  tenant: "https://login.microsoftonline.com/<tenant>/oauth2/v2.0"
-    #  secret_ref:
-    #    name: azure-oidc
-    #  group_id: "<group_id>"
-    #- name: github
-    #  provider: github
-    #  secret_ref:
-    #    name: github-oidc
-    #  allowed_organizations: <org>
-    #  allowed_teams: <team-id>
+  acme:
+    email: "acme@oceanbox.io"
+    dns01: "namecheap-apikey"
+  oidc:
+    - group: admin
+      name: oceanbox
+      provider: azuread
+      tenant: "3f737008-e9a0-4485-9d27-40329d288089"
+      secret_ref:
+        name: oceanbox-oidc
+      group_id: "eb17a659-4ce6-41bc-9153-d9b117c44479"
+    - group: devel
+      name: oceanbox
+      provider: azuread
+      tenant: "3f737008-e9a0-4485-9d27-40329d288089"
+      secret_ref:
+        name: oceanbox-oidc
+      group_id: ""
+    - group: analytics
+      name: oceanbox
+      provider: azuread
+      tenant: "3f737008-e9a0-4485-9d27-40329d288089"
+      secret_ref:
+        name: oceanbox-oidc
+      group_id: "52bb4c7e-549c-4aed-bd95-9dcedf716f9f"
   s3:
     hosts: []
     patterns: []
diff --git a/values/prometheus/values/prometheus.yaml.gotmpl b/values/prometheus/values/prometheus.yaml.gotmpl
index 76c90497..ca96cc55 100644
--- a/values/prometheus/values/prometheus.yaml.gotmpl
+++ b/values/prometheus/values/prometheus.yaml.gotmpl
@@ -122,7 +122,7 @@ grafana:
     users:
       auto_assign_org_role: "Admin"
     {{- range .Values.clusterConfig.oidc }}
-    {{- if eq .provider "azuread" }}
+    {{- if eq .group "analytics" }}
     auth.{{ .provider }}:
       enabled: true
       name: {{ .name }}