diff --git a/charts/nmaas/Chart.yaml b/charts/nmaas/Chart.yaml
index c48d9296b9b0757b16d206ad8b48ccd528cad8b4..02d2fc44ccc9e55a2652c53c5a49b5d3d4221467 100644
--- a/charts/nmaas/Chart.yaml
+++ b/charts/nmaas/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 name: nmaas
 description: GÉANT Network Management as a Service Helm chart for Kubernetes
-version: 1.3.0-alpha.1
+version: 1.3.0-alpha.2
 appVersion: 1.7.0-alfa
 keywords:
   - Network Management
diff --git a/charts/nmaas/templates/nmaas-jwt-secret.yaml b/charts/nmaas/templates/nmaas-jwt-secret.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..8f273c7b2913172dec72cb45f77e87f21c8ed2f3
--- /dev/null
+++ b/charts/nmaas/templates/nmaas-jwt-secret.yaml
@@ -0,0 +1,10 @@
+{{- if and .Values.platform.properties.jwt.signingKey.literal .Values.platform.properties.jwt.resetKey.literal }}
+apiVersion: v1
+type: Opaque
+kind: Secret
+metadata:
+  name: {{ .Values.platform.properties.jwt.secretName | quote }}
+data:
+  {{ .Values.platform.properties.jwt.signingKey.secret.key | quote }}: {{ .Values.platform.properties.jwt.signingKey.literal | b64enc | quote }}
+  {{ .Values.platform.properties.jwt.resetKey.secret.key | quote }}: {{ .Values.platform.properties.jwt.resetKey.literal | b64enc | quote }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/nmaas/templates/nmaas-oidc-secret.yaml b/charts/nmaas/templates/nmaas-oidc-secret.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..e42b885a23e552d2beb1275fe9ae8ad989f689e0
--- /dev/null
+++ b/charts/nmaas/templates/nmaas-oidc-secret.yaml
@@ -0,0 +1,9 @@
+{{- if and .Values.platform.properties.oidc.enabled .Values.platform.properties.oidc.clientSecret.literal }}
+apiVersion: v1
+type: Opaque
+kind: Secret
+metadata:
+  name: {{ .Values.platform.properties.oidc.secretName | quote }}
+data:
+  {{ .Values.platform.properties.oidc.clientSecret.secret.key | quote }}: {{ .Values.platform.properties.oidc.clientSecret.literal | b64enc | quote }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/nmaas/templates/nmaas-platform-deployment.yaml b/charts/nmaas/templates/nmaas-platform-deployment.yaml
index dbbc702aec70272a849cce86e3aad43c30cc0ac0..46a6d347c5d26311bec97795674419d380d5a355 100644
--- a/charts/nmaas/templates/nmaas-platform-deployment.yaml
+++ b/charts/nmaas/templates/nmaas-platform-deployment.yaml
@@ -82,10 +82,6 @@ spec:
           - name: POSTGRESQL_PORT
             value: {{ .Values.platform.properties.postgresql.port | quote }}
           {{- end }}
-          - name: SSO_URL_LOGIN
-            value: {{ .Values.platform.properties.sso.urlLogin | default (printf "https://%s/sso" .Values.global.nmaasDomain) | quote }}
-          - name: SSO_URL_LOGOUT
-            value: {{ .Values.platform.properties.sso.urlLogout | default (printf "https://%s/Shibboleth.sso/Logout" .Values.global.nmaasDomain) | quote }}
           - name: ADMIN_EMAIL
             value: {{ .Values.platform.properties.adminEmail }}
           - name: ADMIN_PASSWORD
@@ -122,15 +118,6 @@ spec:
               secretKeyRef:
                 name: {{ .Values.platform.apiSecret.secret.name }}
                 key: {{ .Values.platform.apiSecret.secret.key }}
-          {{- if .Values.platform.properties.sso.enabled }}
-          - name: SSO_KEY
-            valueFrom:
-              secretKeyRef:
-                name: {{ .Values.platform.properties.sso.encryptionSecret.secret.name }}
-                key: {{ .Values.platform.properties.sso.encryptionSecret.secret.key }}
-          - name: SSO_TIMEOUT
-            value: "{{ .Values.platform.properties.sso.timeout }}"
-          {{- end }}
           - name: SMTP_LOGIN
             value: {{ .Values.platform.properties.smtp.login }}
           - name: SMTP_PASSWORD
@@ -209,8 +196,6 @@ spec:
             value: {{ .Values.platform.properties.k8s.deployment.defaultStorageClass }}
           - name: PORTAL_MAINTENANCE_FLAG
             value: {{ .Values.platform.properties.maintenance | quote }}
-          - name: PORTAL_SSO_ALLOWED_FLAG
-            value: {{ .Values.platform.properties.sso.enabled | quote }}
           - name: PORTAL_TEST_INSTANCE_FLAG
             value: {{ .Values.platform.properties.testInstance | quote }}
           - name: PORTAL_SEND_FAILURE_NOTIF_FLAG
@@ -229,6 +214,27 @@ spec:
             value: {{ .Values.platform.properties.showDomainRegistrationSelector | quote }}
           - name: NAMESPACE_CREATION_ENABLED
             value: {{ .Values.platform.properties.autoNamespaceCreationForDomains | quote }}
+          - name: PORTAL_SSO_ALLOWED_FLAG
+            value: {{ .Values.platform.properties.oidc.enabled | quote }}
+          - name: OIDC_CLIENT_ID
+            value: {{ .Values.platform.properties.oidc.clientId | quote }}
+          - name: OIDC_ISSUER_URI
+            value: {{ .Values.platform.properties.oidc.issuerUri | quote }}
+          - name: OIDC_CLIENT_SECRET
+            valueFrom:
+              secretKeyRef:
+                name: {{ .Values.platform.properties.oidc.secretName }}
+                key: {{ .Values.platform.properties.oidc.clientSecret.secret.key }}
+          - name: JWT_SIGNING_KEY
+            valueFrom:
+              secretKeyRef:
+                name: {{ .Values.platform.properties.jwt.secretName }}
+                key: {{ .Values.platform.properties.jwt.signingKey.secret.key }}
+          - name: JWT_RESET_KEY
+            valueFrom:
+              secretKeyRef:
+                name: {{ .Values.platform.properties.jwt.secretName }}
+                key: {{ .Values.platform.properties.jwt.resetKey.secret.key }}
       imagePullSecrets:
       - name: {{ .Values.global.registrysecret }}
 {{- end -}}
diff --git a/charts/nmaas/templates/nmaas-sp-deployment.yaml b/charts/nmaas/templates/nmaas-sp-deployment.yaml
deleted file mode 100644
index 674b3ce73e1a9fdd50468f9d50cf361997b19b09..0000000000000000000000000000000000000000
--- a/charts/nmaas/templates/nmaas-sp-deployment.yaml
+++ /dev/null
@@ -1,60 +0,0 @@
-{{- if .Values.sp.enabled -}}
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ .Values.sp.name }}
-  labels:
-    app: {{ .Values.sp.name }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version }}
-    heritage: {{ .Release.Service }}
-    release: {{ .Release.Name }}
-spec:
-  selector:
-    matchLabels:
-      app: {{ .Values.sp.name }}
-  strategy: 
-    type: Recreate
-  replicas: {{ .Values.replicaCount }}
-  template:
-    metadata:
-      labels:
-        app: {{ .Values.sp.name }}
-    spec:
-      containers:
-      - name: {{ .Chart.Name }}
-        image: "{{ .Values.sp.image.repository }}:{{ .Values.sp.image.tag }}"
-        imagePullPolicy: {{ .Values.sp.image.pullPolicy }}
-        ports:
-        - containerPort: {{ .Values.sp.port }}
-          protocol: TCP
-        env:
-          - name: SP_SECRET
-            valueFrom:
-              secretKeyRef:
-                name: {{ .Values.platform.properties.sso.encryptionSecret.secret.name }}
-                key: {{ .Values.platform.properties.sso.encryptionSecret.secret.key }}
-          - name: SP_URL
-            {{- if .Values.sp.tls }}
-            value: {{ .Values.sp.host | default (printf "https://%s/" .Values.global.nmaasDomain) | quote}}
-            {{- else }}
-            value: {{ .Values.sp.host | default (printf "http://%s/" .Values.global.nmaasDomain) | quote}}
-            {{- end }}
-          - name: PORTAL_URL
-            value: {{ .Values.sp.properties.portalUrl | default .Values.global.nmaasDomain }}
-          - name: IDP_NAME
-            value: {{ .Values.sp.properties.idp.name }}
-          - name: IDP_URI
-            value: {{ .Values.sp.properties.idp.uri | quote}}
-          - name: SP_HOST
-            value: {{ .Values.sp.host | default .Values.global.nmaasDomain | quote }}
-          - name: SP_USED_ID
-            value: {{ .Values.sp.properties.idp.userId | quote }}
-          - name: SP_REMOTE_USER
-            value: {{ .Values.sp.properties.idp.remoteUser | quote }}
-          - name: SP_SSO_ENTITY_ID
-            value: {{ .Values.sp.properties.idp.entityId | quote }}
-          - name: SP_METADATA_URL
-            value: {{ .Values.sp.properties.idp.metadataUrl | quote }}
-      imagePullSecrets:
-      - name: {{ .Values.global.registrysecret }}
-{{- end -}}
diff --git a/charts/nmaas/templates/nmaas-sp-ingress.yaml b/charts/nmaas/templates/nmaas-sp-ingress.yaml
deleted file mode 100644
index 0994cd2be84fe04608d02e6faa6a2075833d977a..0000000000000000000000000000000000000000
--- a/charts/nmaas/templates/nmaas-sp-ingress.yaml
+++ /dev/null
@@ -1,66 +0,0 @@
-{{- if .Values.sp.enabled -}}
-{{- if .Values.global.createIngressResources -}}
-{{- $kubeVersion := .Capabilities.KubeVersion.GitVersion -}}
-{{- if semverCompare ">=1.19-0" $kubeVersion -}}
-apiVersion: networking.k8s.io/v1
-{{- else -}}
-apiVersion: networking.k8s.io/v1beta1
-{{- end }}
-kind: Ingress
-metadata:
-  name: {{ .Values.global.ingressName }}-sp
-  annotations:
-    {{- if not (semverCompare ">=1.19-0" $kubeVersion) }}
-    kubernetes.io/ingress.class: {{ .Values.sp.ingress.className | default .Values.platform.properties.k8s.ingress.controller.ingressClass }}
-    {{- end }}
-    nginx.org/mergeable-ingress-type: minion
-    {{- if and .Values.platform.tls .Values.global.acmeIssuer }}
-    kubernetes.io/tls-acme: "true"
-    certmanager.k8s.io/cluster-issuer: {{ .Values.global.issuerName }}
-    {{- end }}
-spec:
-  {{- if $.Values.sp.tls }}
-  tls:
-  - hosts:
-    - {{ .Values.sp.host | default .Values.global.nmaasDomain | quote }}
-    {{- if .Values.global.acmeIssuer }}
-    secretName: {{ .Values.sp.certName | default "nmaas-sp-tls" | quote }}
-    {{- else }}
-    secretName: {{ .Values.sp.certName | default .Values.global.wildcardCertificateName | quote }}
-    {{- end }}
-  {{- end }}
-  {{- if semverCompare ">=1.19-0" $kubeVersion }}
-  ingressClassName: {{ .Values.sp.ingress.className | default .Values.platform.properties.k8s.ingress.controller.ingressClass }}
-  {{- end }}
-  rules:
-  - host: {{ .Values.sp.host | default .Values.global.nmaasDomain | quote }}
-    http:
-      paths:
-      - path: /sso
-        {{- if semverCompare ">=1.19-0" $kubeVersion }}
-        pathType: Prefix
-        backend:
-          service:
-            name: {{ .Values.sp.name }}
-            port:
-              number: {{ .Values.sp.targetPort }}
-        {{- else }}      
-        backend:
-          serviceName: {{ .Values.sp.name }}
-          servicePort: {{ .Values.sp.targetPort }}
-        {{- end }}
-      - path: /Shibboleth.sso
-        {{- if semverCompare ">=1.19-0" $kubeVersion }}
-        pathType: Prefix
-        backend:
-          service:
-            name: {{ .Values.sp.name }}
-            port:
-              number: {{ .Values.sp.targetPort }}
-        {{- else }}      
-        backend:
-          serviceName: {{ .Values.sp.name }}
-          servicePort: {{ .Values.sp.targetPort }}
-        {{- end }}
-{{- end -}}
-{{- end -}}
diff --git a/charts/nmaas/templates/nmaas-sp-secret.yaml b/charts/nmaas/templates/nmaas-sp-secret.yaml
deleted file mode 100644
index 66528a5de33cc50c7116b15d41db9d12536cc03b..0000000000000000000000000000000000000000
--- a/charts/nmaas/templates/nmaas-sp-secret.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
-{{- if .Values.platform.properties.sso.encryptionSecret.literal }}
-apiVersion: v1
-type: Opaque
-kind: Secret
-metadata:
-  name: {{ .Values.platform.properties.sso.encryptionSecret.secret.name | quote }}
-data:
-  {{ .Values.platform.properties.sso.encryptionSecret.secret.key | quote }}: {{ .Values.platform.properties.sso.encryptionSecret.literal | b64enc | quote }}
-{{- end }}
\ No newline at end of file
diff --git a/charts/nmaas/templates/nmaas-sp-service.yaml b/charts/nmaas/templates/nmaas-sp-service.yaml
deleted file mode 100644
index c5de651a6e3ddaeb7db7ad8ae9bdfeed4a07c3c4..0000000000000000000000000000000000000000
--- a/charts/nmaas/templates/nmaas-sp-service.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-{{- if .Values.sp.enabled -}}
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ .Values.sp.name }}
-  labels:
-    app: {{ .Values.sp.name }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version }}
-    heritage: {{ .Release.Service }}
-    release: {{ .Release.Name }}
-spec:
-  type: {{ .Values.sp.type }}
-  ports:
-  - port: {{ .Values.sp.port }}
-    targetPort: {{ .Values.sp.targetPort }}
-    protocol: TCP
-  selector:
-    app: {{ .Values.sp.name }}
-{{- end -}}
diff --git a/charts/nmaas/values.yaml b/charts/nmaas/values.yaml
index e4e5106e40efbf0dcb5aeb76e05fcc45c4b7822a..76f493cadb88ae6d3fcb0ad5fb94c7e1fd5d4605 100644
--- a/charts/nmaas/values.yaml
+++ b/charts/nmaas/values.yaml
@@ -101,18 +101,6 @@ platform:
     showDomainRegistrationSelector: true
     # -- if true nmaas will automatically create the corresponding Kubernetes namespace for each new domain
     autoNamespaceCreationForDomains: false
-    sso:
-      enabled: false
-      urlLogin: ""
-      urlLogout: ""
-      encryptionSecret:
-        # -- leave empty to use existing secret specified below
-        literal: ""
-        secret:
-          # -- must be created manually if literal is empty
-          name: nmaas-sp-secret
-          key: secret
-      timeout: 15
     adminEmail: admin@example.com
     # -- only required if an external postgresql instance is used (when postgresql.install is false)
     postgresql:
@@ -126,7 +114,6 @@ platform:
         secret:
           name: nmaas-postgresql-secret
           key: secret
-
     helm:
       address: nmaas-helm
       username: helm
@@ -180,6 +167,28 @@ platform:
         key: secret
     # -- expose Prometheus metrics
     nmaasMetricsEnabled: true
+    jwt:
+      secretName: nmaas-jwt
+      signingKey:
+        secret:
+          key:
+        # -- leave empty to use existing secret
+        literal: ""
+      resetKey:
+        secret:
+          key:
+        # -- leave empty to use existing secret
+        literal: ""
+    oidc:
+      enabled: false
+      secretName: nmaas-oidc
+      clientId: ""
+      issuerUri: "https://auth.example.com/realms/master"
+      clientSecret:
+        secret:
+          key: oidcClientSecret
+        # -- leave empty to use existing secret
+        literal: ""
 
 portal:
   enabled: true
@@ -240,29 +249,6 @@ postfix:
         secret:
           key: smtpPassword
 
-sp:
-  enabled: false
-  name: nmaas-sp
-  image:
-    repository: artifactory.software.geant.org/nmaas-docker-local/nmaas-sp
-    tag: "1.6.3"
-    pullPolicy: Always
-  ingress:
-    # -- defaults to .Values.platform.properties.k8s.ingress.controller.ingressClass if not set
-    className: ''
-  port: 443
-  targetPort: 80
-  type: ClusterIP
-  tls: true
-  properties:
-    idp:
-      name: edugain
-      uri: https://login.terena.org/wayf/saml2/idp/metadata.php
-      userId: uid
-      remoteUser: email
-      entityId: https://keycloak.example.com/realms/master
-      metadataUrl: https://keycloak.example.com/realms/master/protocol/saml/descriptor
-
 helm:
   enabled: true
   name: nmaas-helm