diff --git a/client-registry-jempi/docker-compose.api.yml b/client-registry-jempi/docker-compose.api.yml
index 9e33e217..aff0c2e0 100644
--- a/client-registry-jempi/docker-compose.api.yml
+++ b/client-registry-jempi/docker-compose.api.yml
@@ -3,6 +3,13 @@ version: '3.9'
 services:
   jempi-api:
     image: jembi/jempi-api:${JEMPI_API_IMAGE_TAG}
+    environment:
+      KC_REALM_NAME: ${KC_REALM_NAME}
+      KC_JEMPI_CLIENT_ID: ${KC_JEMPI_CLIENT_ID}
+      KC_JEMPI_CLIENT_SECRET: ${KC_JEMPI_CLIENT_SECRET}
+      KC_API_URL: ${KC_API_URL}
+      KC_JEMPI_ROOT_URL: ${KC_JEMPI_ROOT_URL}
+      JEMPI_SESSION_SECRET: ${JEMPI_SESSION_SECRET}
     deploy:
       replicas: 1
       resources:
diff --git a/client-registry-jempi/package-metadata.json b/client-registry-jempi/package-metadata.json
index 773ce910..cba32be5 100644
--- a/client-registry-jempi/package-metadata.json
+++ b/client-registry-jempi/package-metadata.json
@@ -49,6 +49,12 @@
     "JEMPI_EM_CALCULATOR_IMAGE_TAG": "0.1.1",
     "JEMPI_LINKER_IMAGE_TAG": "0.1.1",
     "JEMPI_API_IMAGE_TAG": "0.1.1",
-    "JEMPI_OPENHIM_PASSWORD": "instant101"
+    "JEMPI_OPENHIM_PASSWORD": "instant101",
+    "JEMPI_SESSION_SECRET": "c05ll3lesrinf39t7mc5h6un6r0c69lgfno69dsak3vabeqamouq4328cuaekros401ajdpkh60rrt",
+    "KC_REALM_NAME": "platform-realm",
+    "KC_API_URL": "http://identity-access-manager-keycloak:8080",
+    "KC_JEMPI_CLIENT_ID": "jempi-oauth",
+    "KC_JEMPI_CLIENT_SECRET": "Tbe3llP5OJIlqUjz7K1wPp8YDAdCOEMn",
+    "KC_JEMPI_ROOT_URL": "http://localhost:3000"
   }
 }
diff --git a/identity-access-manager-keycloak/config/realm.json b/identity-access-manager-keycloak/config/realm.json
index 443b0d2e..f4fc44b0 100644
--- a/identity-access-manager-keycloak/config/realm.json
+++ b/identity-access-manager-keycloak/config/realm.json
@@ -57,6 +57,61 @@
         "configure": true,
         "manage": true
       }
+    },
+    {
+      "clientId": "${KC_JEMPI_CLIENT_ID}",
+      "name": "JeMPI",
+      "description": "",
+      "rootUrl": "${KC_JEMPI_ROOT_URL}",
+      "adminUrl": "${KC_JEMPI_ROOT_URL}",
+      "baseUrl": "${KC_JEMPI_ROOT_URL}",
+      "surrogateAuthRequired": false,
+      "enabled": true,
+      "alwaysDisplayInConsole": false,
+      "clientAuthenticatorType": "client-secret",
+      "secret": "${KC_JEMPI_CLIENT_SECRET}",
+      "redirectUris": ["${KC_JEMPI_ROOT_URL}/login"],
+      "webOrigins": ["${KC_JEMPI_ROOT_URL}"],
+      "notBefore": 0,
+      "bearerOnly": false,
+      "consentRequired": false,
+      "standardFlowEnabled": true,
+      "implicitFlowEnabled": false,
+      "directAccessGrantsEnabled": true,
+      "serviceAccountsEnabled": false,
+      "publicClient": false,
+      "frontchannelLogout": true,
+      "protocol": "openid-connect",
+      "attributes": {
+        "oidc.ciba.grant.enabled": "false",
+        "client.secret.creation.time": "1674028783",
+        "backchannel.logout.session.required": "true",
+        "post.logout.redirect.uris": "${KC_JEMPI_ROOT_URL}",
+        "display.on.consent.screen": "false",
+        "oauth2.device.authorization.grant.enabled": "false",
+        "backchannel.logout.revoke.offline.tokens": "false"
+      },
+      "authenticationFlowBindingOverrides": {},
+      "fullScopeAllowed": true,
+      "nodeReRegistrationTimeout": -1,
+      "defaultClientScopes": [
+        "web-origins",
+        "acr",
+        "roles",
+        "profile",
+        "email"
+      ],
+      "optionalClientScopes": [
+        "address",
+        "phone",
+        "offline_access",
+        "microprofile-jwt"
+      ],
+      "access": {
+        "view": true,
+        "configure": true,
+        "manage": true
+      }
     }
   ],
   "users": [
@@ -73,7 +128,8 @@
       ],
       "realmRoles": ["default-roles-${KC_REALM_NAME}"],
       "clientRoles": {
-        "grafana-oauth": ["admin", "editor", "viewer"]
+        "${KC_GRAFANA_CLIENT_ID}": ["admin", "editor", "viewer"],
+        "${KC_JEMPI_CLIENT_ID}": ["admin"]
       }
     }
   ]
diff --git a/identity-access-manager-keycloak/docker-compose.yml b/identity-access-manager-keycloak/docker-compose.yml
index dfa3d6fd..b55d7497 100644
--- a/identity-access-manager-keycloak/docker-compose.yml
+++ b/identity-access-manager-keycloak/docker-compose.yml
@@ -27,6 +27,9 @@ services:
       KC_GRAFANA_CLIENT_ID: ${KC_GRAFANA_CLIENT_ID}
       KC_GRAFANA_CLIENT_SECRET: ${KC_GRAFANA_CLIENT_SECRET}
       KC_GRAFANA_ROOT_URL: ${KC_GRAFANA_ROOT_URL}
+      KC_JEMPI_CLIENT_ID: ${KC_JEMPI_CLIENT_ID}
+      KC_JEMPI_CLIENT_SECRET: ${KC_JEMPI_CLIENT_SECRET}
+      KC_JEMPI_ROOT_URL: ${KC_JEMPI_ROOT_URL}
     deploy:
       placement:
         max_replicas_per_node: 1
diff --git a/identity-access-manager-keycloak/package-metadata.json b/identity-access-manager-keycloak/package-metadata.json
index 77458fb3..5bbf9824 100644
--- a/identity-access-manager-keycloak/package-metadata.json
+++ b/identity-access-manager-keycloak/package-metadata.json
@@ -23,6 +23,9 @@
     "KC_POSTGRESQL_DATABASE": "keycloak",
     "KC_GRAFANA_CLIENT_ID": "grafana-oauth",
     "KC_GRAFANA_CLIENT_SECRET": "CV14QfwnpYFj1IH5dK5lScPNCYAIYP1c",
-    "KC_GRAFANA_ROOT_URL": "http://localhost:3000"
+    "KC_GRAFANA_ROOT_URL": "http://localhost:3000",
+    "KC_JEMPI_CLIENT_ID": "jempi-oauth",
+    "KC_JEMPI_CLIENT_SECRET": "Tbe3llP5OJIlqUjz7K1wPp8YDAdCOEMn",
+    "KC_JEMPI_ROOT_URL": "http://localhost:3000"
   }
 }