diff --git a/roles/myconext/templates/application.yml.j2 b/roles/myconext/templates/application.yml.j2
index 6af4e6ae9..afe99006b 100644
--- a/roles/myconext/templates/application.yml.j2
+++ b/roles/myconext/templates/application.yml.j2
@@ -89,24 +89,27 @@ mongodb_db: {{ myconext.mongo_database }}
 base_domain: {{ myconext_base_domain }}
 saml_metadata_base_path: https://login.{{ myconext_base_domain }}
 base_path: https://mijn.{{ myconext_base_domain }}
+base_path_service_desk: https://servicedesk.{{ myconext_base_domain }}
 continue_after_login_url: https://login.{{ myconext_base_domain }}/saml/guest-idp/continue
 idp_redirect_url: https://login.{{ myconext_base_domain }}
 rp_id: login.{{ myconext_base_domain }}
 rp_origin: https://login.{{ myconext_base_domain }}
 sp_redirect_url: https://mijn.{{ myconext_base_domain }}
+sp_servicedesk_redirect_url: https://servicedesk.{{ myconext_base_domain }}
 sp_entity_id: {{ myconext.sp_entity_id }}
 sp_entity_metadata_url: {{ myconext.sp_entity_metadata_url }}
 guest_idp_entity_id: https://engine.{{ base_domain }}/authentication/idp/metadata
 my_conext_url: https://mijn.{{ myconext_base_domain }}
 domain: {{ myconext_base_domain }}
 mijn_eduid_entity_id: https://mijn.{{ myconext_base_domain }}/shibboleth
+mijn_eduid_service_name: "Mijn eduID"
 mobile_app_redirect: eduid:///client/mobile
 # For this RP we nudge the user to use the magic link
 mobile_app_rp_entity_id: {{ myconext.mobile_app_rp_entity_id }}
 
 create-from-institution:
   return-url-allowed-domains:
-  {% for url in create_from_institution_return_url_allowed_domains %}
+  {% for url in myconext.create_from_institution_return_url_allowed_domains %}
     - "{{ url }}"
   {% endfor %}
 
@@ -254,6 +257,10 @@ account_linking_context_class_ref:
   validate_names_external: https://eduid.nl/trust/validate-names-external
   affiliation_student: https://eduid.nl/trust/affiliation-student
   profile_mfa: https://refeds.org/profile/mfa
+  linked_institution_mfa: https://eduid.nl/trust/linked-institution/mfa
+  validate_names_mfa: https://eduid.nl/trust/validate-names/mfa
+  validate_names_external_mfa: https://eduid.nl/trust/validate-names-external/mfa
+  affiliation_student_mfa: https://eduid.nl/trust/affiliation-student/mfa
 
 account_linking:
   myconext_sp_entity_id: https://mijn.{{ myconext_base_domain }}/shibboleth
@@ -292,6 +299,32 @@ spring:
     port: 25
   main:
     banner-mode: "off"
+  security:
+    oauth2:
+      client:
+        registration:
+          mijn_eduid:
+            client-id: "{{ myconext.mijn_eduid_oidc_client_id }}"
+            client-secret: "{{ myconext.mijn_eduid_oidc_secret }}"
+            redirect-uri: "https://mijn.{{ myconext_base_domain }}/login/oauth2/code/{registrationId}"
+            authorization-grant-type: "authorization_code"
+            scope: openid
+            provider: oidcng
+          service_desk:
+            client-id: "{{ myconext.service_desk_oidc_client_id }}"
+            client-secret: "{{ myconext.service_desk_oidc_secret }}"
+            redirect-uri: "https://servicedesk.{{ myconext_base_domain }}/login/oauth2/code/{registrationId}"
+            authorization-grant-type: "authorization_code"
+            scope: openid
+            provider: oidcng
+        provider:
+          oidcng:
+            authorization-uri: "https://connect.{{ base_domain }}/oidc/authorize"
+            token-uri: "https://connect.{{ base_domain }}/oidc/token"
+            user-info-uri: "https://connect.{{ base_domain }}/oidc/userinfo"
+            jwk-set-uri: "https://connect.{{ base_domain }}/oidc/certs"
+            user-name-attribute: sub
+            user-info-authentication-method: client_secret_basic
 
 service_desk_role_auto_provisioning: False
 service_desk_roles: {{ myconext.service_desk_roles | join(",") }}