diff --git a/ui/main.ts b/ui/main.ts
index 669f952726..9e36531ebe 100644
--- a/ui/main.ts
+++ b/ui/main.ts
@@ -20,15 +20,15 @@ import * as ConnectionsMonitor from './modules/connections/connectionsMonitor.js
 
 import * as Authorization from './modules/environments/authorization.js';
 import * as Environments from './modules/environments/environments.js';
-import * as Operations from './modules/operations/servicesLogging.js';
 import * as Piggyback from './modules/operations/piggyback.js';
+import * as Operations from './modules/operations/servicesLogging.js';
 import * as Templates from './modules/operations/templates.js';
 import * as Policies from './modules/policies/policies.js';
-import * as PoliciesJSON from './modules/policies/policiesJSON.js';
 import * as PoliciesEntries from './modules/policies/policiesEntries.js';
 import * as PoliciesImports from './modules/policies/policiesImports.js';
-import * as PoliciesSubjects from './modules/policies/policiesSubjects';
+import * as PoliciesJSON from './modules/policies/policiesJSON.js';
 import * as PoliciesResources from './modules/policies/policiesResources';
+import * as PoliciesSubjects from './modules/policies/policiesSubjects';
 import * as Attributes from './modules/things/attributes.js';
 import * as FeatureMessages from './modules/things/featureMessages.js';
 import * as Features from './modules/things/features.js';
@@ -51,10 +51,10 @@ let mainNavbar;
 document.addEventListener('DOMContentLoaded', async function() {
   Utils.ready();
   await Things.ready();
-  ThingsSearch.ready();
-  ThingsCRUD.ready();
+  await ThingsSearch.ready();
+  await ThingsCRUD.ready();
   await ThingMessages.ready();
-  ThingsSSE.ready();
+  await ThingsSSE.ready();
   MessagesIncoming.ready();
   Attributes.ready();
   await Fields.ready();
@@ -70,25 +70,25 @@ document.addEventListener('DOMContentLoaded', async function() {
   Connections.ready();
   ConnectionsCRUD.ready();
   await ConnectionsMonitor.ready();
-  Operations.ready();
+  await Operations.ready();
   Authorization.ready();
   await Environments.ready();
-  Piggyback.ready();
-  Templates.ready();
+  await Piggyback.ready();
+  await Templates.ready();
 
   const thingDescription = WoTDescription({
     itemsId: 'tabItemsThing',
     contentId: 'tabContentThing',
   }, false);
   Things.addChangeListener(thingDescription.onReferenceChanged);
-  thingDescription.ready();
+  await thingDescription.ready();
 
   const featureDescription = WoTDescription({
     itemsId: 'tabItemsFeatures',
     contentId: 'tabContentFeatures',
   }, true);
   Features.addChangeListener(featureDescription.onReferenceChanged);
-  featureDescription.ready();
+  await featureDescription.ready();
 
   // make dropdowns not cutting off
   new Dropdown(document.querySelector('.dropdown-toggle'), {
diff --git a/ui/modules/api.ts b/ui/modules/api.ts
index a8428b344f..79116f0ca3 100644
--- a/ui/modules/api.ts
+++ b/ui/modules/api.ts
@@ -14,6 +14,7 @@
 
 import { EventSourcePolyfill } from 'event-source-polyfill';
 import * as Environments from './environments/environments.js';
+import { AuthMethod } from './environments/environments.js';
 import * as Utils from './utils.js';
 
 
@@ -278,31 +279,40 @@ let authHeaderValue;
  * Activates authorization header for api calls
  * @param {boolean} forDevOps if true, the credentials for the dev ops api will be used.
  */
-export function setAuthHeader(forDevOps) {
+export function setAuthHeader(forDevOps: boolean) {
+  let environment = Environments.current();
   if (forDevOps) {
-    if (Environments.current().devopsAuth === 'basic') {
+    let devopsAuthMethod = environment.authSettings?.devops?.method;
+    if (devopsAuthMethod === AuthMethod.basic) {
       authHeaderKey = 'Authorization';
-      authHeaderValue = 'Basic ' + window.btoa(Environments.current().usernamePasswordDevOps);
-    } else if (Environments.current().devopsAuth === 'bearer') {
+      authHeaderValue = 'Basic ' + window.btoa(environment.authSettings.devops.basic.usernamePassword);
+    } else if (devopsAuthMethod === AuthMethod.bearer) {
       authHeaderKey = 'Authorization';
-      authHeaderValue ='Bearer ' + Environments.current().bearerDevOps;
+      authHeaderValue = 'Bearer ' + environment.authSettings.devops.bearer.bearerToken;
+    } else if (devopsAuthMethod === AuthMethod.oidc) {
+      authHeaderKey = 'Authorization';
+      authHeaderValue = 'Bearer ' + environment.authSettings.devops.oidc.bearerToken;
     } else {
-      authHeaderKey = 'Basic';
-      authHeaderValue = '';
+      authHeaderKey = 'Authorization';
+      authHeaderValue = 'Basic';
     }
   } else {
-    if (Environments.current().mainAuth === 'basic') {
+    let mainAuthMethod = environment.authSettings?.main?.method;
+    if (mainAuthMethod === AuthMethod.basic) {
       authHeaderKey = 'Authorization';
-      authHeaderValue = 'Basic ' + window.btoa(Environments.current().usernamePassword);
-    } else if (Environments.current().mainAuth === 'pre') {
+      authHeaderValue = 'Basic ' + window.btoa(environment.authSettings.main.basic.usernamePassword);
+    } else if (mainAuthMethod === AuthMethod.pre) {
       authHeaderKey = 'x-ditto-pre-authenticated';
-      authHeaderValue = Environments.current().dittoPreAuthenticatedUsername;
-    } else if (Environments.current().mainAuth === 'bearer') {
+      authHeaderValue = environment.authSettings.main.pre.dittoPreAuthenticatedUsername;
+    } else if (mainAuthMethod === AuthMethod.bearer) {
       authHeaderKey = 'Authorization';
-      authHeaderValue ='Bearer ' + Environments.current().bearer;
+      authHeaderValue = 'Bearer ' + environment.authSettings.main.bearer.bearerToken;
+    } else if (mainAuthMethod === AuthMethod.oidc) {
+      authHeaderKey = 'Authorization';
+      authHeaderValue = 'Bearer ' + environment.authSettings.main.oidc.bearerToken;
     } else {
-      authHeaderKey = 'Basic';
-      authHeaderValue = '';
+      authHeaderKey = 'Authorization';
+      authHeaderValue = 'Basic';
     }
   }
 }
@@ -325,8 +335,8 @@ function showDittoError(dittoErr, response) {
 
 /**
  * Calls the Ditto api
- * @param {String} method 'POST', 'GET', 'DELETE', etc.
- * @param {String} path of the Ditto call (e.g. '/things')
+ * @param {string} method 'POST', 'GET', 'DELETE', etc.
+ * @param {string} path of the Ditto call (e.g. '/things')
  * @param {Object} body payload for the api call
  * @param {Object} additionalHeaders object with additional header fields
  * @param {boolean} returnHeaders request full response instead of json content
@@ -334,8 +344,8 @@ function showDittoError(dittoErr, response) {
  * @param {boolean} returnErrorJson default: false. Set true to return the response of a failed HTTP call as JSON
  * @return {Object} result as json object
  */
-export async function callDittoREST(method,
-                                    path,
+export async function callDittoREST(method: string,
+                                    path: string,
                                     body = null,
                                     additionalHeaders = null,
                                     returnHeaders = false,
@@ -409,7 +419,6 @@ export function getEventSource(thingIds, urlParams) {
  * @return {*} promise to the result
  */
 export async function callConnectionsAPI(operation, successCallback, connectionId = '', connectionJson = null, command = null) {
-  Utils.assert((env() !== 'things' || Environments.current().solutionId), 'No solutionId configured in environment');
   const params = config[env()][operation];
   let response;
   let body;
@@ -425,8 +434,8 @@ export async function callConnectionsAPI(operation, successCallback, connectionI
   }
 
   try {
-    response = await fetch(Environments.current().api_uri + params.path.replace('{{solutionId}}',
-        Environments.current().solutionId).replace('{{connectionId}}', connectionId), {
+    response = await fetch(Environments.current().api_uri + params.path
+      .replace('{{connectionId}}', connectionId), {
       method: params.method,
       headers: {
         'Content-Type': operation === 'connectionCommand' ? 'text/plain' : 'application/json',
@@ -479,9 +488,7 @@ export async function callConnectionsAPI(operation, successCallback, connectionI
 }
 
 export function env() {
-  if (Environments.current().api_uri.startsWith('https://things')) {
-    return 'things';
-  } else if (Environments.current().ditto_version === '2') {
+  if (Environments.current().ditto_version === 2) {
     return 'ditto_2';
   } else {
     return 'ditto_3';
diff --git a/ui/modules/environments/authorization.html b/ui/modules/environments/authorization.html
index d4bd12b602..71dc15e816 100644
--- a/ui/modules/environments/authorization.html
+++ b/ui/modules/environments/authorization.html
@@ -21,9 +21,23 @@
                 <div class="row">
                     <h5>Main authentication</h5>
                     <hr />
-                    <div class="row">
+                    <div class="row" id="mainOidcSection">
+                      <div class="col-md-5">
+                        <input type="radio" id="main-oidc" name="main-auth-method" value="oidc">
+                        <label for="main-oidc">Single-Sign-On</label>
+                      </div>
+                      <div class="col-md-7">
+                        <div class="input-group">
+                          <label for="oidcProvider" class="input-group-text"><small>SSO provider</small></label>
+                          <select class="form-select form-select-sm me-2" id="oidcProvider"></select>
+                          <button class="btn btn-outline-secondary btn-sm" id="main-oidc-login">Login</button>
+                          <button class="btn btn-outline-secondary btn-sm" id="main-oidc-logout">Logout</button>
+                        </div>
+                      </div>
+                    </div>
+                    <div class="row pt-2" id="mainBasicSection">
                         <div class="col-md-5">
-                            <input type="radio" id="main-userpass" name="main-auth" value="basic" />
+                            <input type="radio" id="main-userpass" name="main-auth-method" value="basic" />
                             <label for="main-userpass">Basic</label>
                         </div>
                         <div class="col-md-7">
@@ -37,9 +51,9 @@ <h5>Main authentication</h5>
                             </div>
                         </div>
                     </div>
-                    <div class="row pt-2">
+                    <div class="row pt-2" id="mainBearerSection">
                         <div class="col-md-5">
-                            <input type="radio" id="main-bearer" name="main-auth" value="bearer"></input>
+                            <input type="radio" id="main-bearer" name="main-auth-method" value="bearer">
                             <label for="main-bearer">Bearer<br /><small>(JWT OAuth2.0 Bearer token)</small></label>
                         </div>
                         <div class="col-md-7">
@@ -49,9 +63,9 @@ <h5>Main authentication</h5>
                             </div>
                         </div>
                     </div>
-                    <div class="row pt-2">
+                    <div class="row pt-2" id="mainPreAuthenticatedSection">
                         <div class="col-md-5">
-                            <input type="radio" id="main-pre" name="main-auth" value="pre" />
+                            <input type="radio" id="main-pre" name="main-auth-method" value="pre" />
                             <label for="main-pre">Pre authenticated<br />
                                 <small>(via HTTP header 'x-ditto-pre-authenticated', must take the form
                                     <code>prefix:suffix</code>)</small>
@@ -69,9 +83,23 @@ <h5>Main authentication</h5>
                     <h5>DevOps authentication</h5>
                     <small>(for Connections and administrative tasks, optional)</small>
                     <hr />
-                    <div class="row">
+                    <div class="row" id="devOpsOidcSection">
+                      <div class="col-md-5">
+                        <input type="radio" id="devops-oidc" name="devops-auth-method" value="oidc" />
+                        <label for="devops-oidc">Single-Sign-On</label>
+                      </div>
+                      <div class="col-md-7">
+                        <div class="input-group">
+                          <label for="devOpsOidcProvider" class="input-group-text"><small>SSO provider</small></label>
+                          <select class="form-select form-select-sm me-2" id="devOpsOidcProvider"></select>
+                          <button class="btn btn-outline-secondary btn-sm" id="devops-oidc-login">Login</button>
+                          <button class="btn btn-outline-secondary btn-sm" id="devops-oidc-logout">Logout</button>
+                        </div>
+                      </div>
+                    </div>
+                    <div class="row pt-2" id="devOpsBasicSection">
                         <div class="col-md-5">
-                            <input type="radio" id="devops-userpass" name="devops-auth" value="basic" />
+                            <input type="radio" id="devops-userpass" name="devops-auth-method" value="basic" />
                             <label for="devops-userpass">Basic<br /></label>
                         </div>
                         <div class="col-md-7">
@@ -85,9 +113,9 @@ <h5>DevOps authentication</h5>
                             </div>
                         </div>
                     </div>
-                    <div class="row pt-2">
+                    <div class="row pt-2" id="devOpsBearerSection">
                         <div class="col-md-5">
-                            <input type="radio" id="devops-bearer" name="devops-auth" value="bearer" />
+                            <input type="radio" id="devops-bearer" name="devops-auth-method" value="bearer" />
                             <label for="devops-bearer">Bearer<br /><small>(JWT OAuth2.0 Bearer token)</small></label>
                         </div>
                         <div class="col-md-7">
@@ -95,10 +123,8 @@ <h5>DevOps authentication</h5>
                                 <label for="bearerDevOps" class="input-group-text">DevOps Bearer</label>
                                 <input type="password" class="form-control form-control-sm" id="bearerDevOps" name="devops-bearer" />
                             </div>
-                            <div class="input-group input-group-sm mb-1">
                         </div>
                     </div>
-                    </div>
                 </div>
                 <div class="input-group input-group-sm" style="flex-direction: row-reverse;">
                     <button class="btn btn-outline-secondary btn-sm" data-bs-dismiss="modal"
diff --git a/ui/modules/environments/authorization.ts b/ui/modules/environments/authorization.ts
index 7f1e91fbb2..3c3a58772f 100644
--- a/ui/modules/environments/authorization.ts
+++ b/ui/modules/environments/authorization.ts
@@ -11,21 +11,32 @@
  * SPDX-License-Identifier: EPL-2.0
  */
 
+import { UserManager, UserManagerSettings } from 'oidc-client-ts';
 import * as API from '../api.js';
 import * as Utils from '../utils.js';
 import authorizationHTML from './authorization.html';
 /* eslint-disable prefer-const */
 /* eslint-disable require-jsdoc */
 import * as Environments from './environments.js';
+import { AuthMethod, OidcAuthSettings, URL_OIDC_PROVIDER } from './environments.js';
 
 let dom = {
+  mainBearerSection: null,
   bearer: null,
+  mainBasicSection: null,
   userName: null,
   password: null,
+  devOpsBearerSection: null,
   bearerDevOps: null,
+  devOpsBasicSection: null,
   devOpsUserName: null,
   devOpsPassword: null,
+  mainPreAuthenticatedSection: null,
   dittoPreAuthenticatedUsername: null,
+  mainOidcSection: null,
+  oidcProvider: null,
+  devOpsOidcSection: null,
+  devOpsOidcProvider: null,
   collapseConnections: null,
 };
 
@@ -33,7 +44,7 @@ let _forDevops = false;
 
 document.getElementById('authorizationHTML').innerHTML = authorizationHTML;
 
-export function setForDevops(forDevops) {
+export function setForDevops(forDevops: boolean) {
   _forDevops = forDevops;
   API.setAuthHeader(_forDevops);
 }
@@ -41,66 +52,195 @@ export function setForDevops(forDevops) {
 export function ready() {
   Utils.getAllElementsById(dom);
 
-  document.getElementById('authorize').onclick = (e) => {
-    let mainAuth = Environments.current().mainAuth;
-    let devopsAuth = Environments.current().devopsAuth;
+  document.getElementById('authorize').onclick = () => {
+    let environment = Environments.current();
+    let mainAuthMethod = environment.authSettings?.main?.method;
+    let devopsAuthMethod = environment.authSettings?.devops?.method;
 
-    if (!mainAuth) {
+    if (!mainAuthMethod) {
       if (dom.dittoPreAuthenticatedUsername.value && dom.dittoPreAuthenticatedUsername.value.length > 0) {
-        mainAuth = 'pre';
+        mainAuthMethod = AuthMethod.pre;
       } else if (dom.bearer.value && dom.bearer.value.length > 0) {
-        mainAuth = 'bearer';
+        mainAuthMethod = AuthMethod.bearer;
       } else if (dom.userName.value && dom.userName.value.length > 0) {
-        mainAuth = 'basic';
+        mainAuthMethod = AuthMethod.basic;
       }
     }
-    if (!devopsAuth) {
+    if (!devopsAuthMethod) {
       if (dom.bearerDevOps.value && dom.bearerDevOps.value.length > 0) {
-        devopsAuth = 'bearer';
+        devopsAuthMethod = AuthMethod.bearer;
       } else if (dom.devOpsUserName.value && dom.devOpsUserName.value.length > 0) {
-        devopsAuth = 'basic';
+        devopsAuthMethod = AuthMethod.basic;
       }
     }
 
-    Array.from(document.querySelectorAll('input[name="main-auth"]')).forEach((inputAuth: HTMLInputElement) => {
-      inputAuth.checked = inputAuth.value === mainAuth;
+    Array.from(document.querySelectorAll('input[name="main-auth-method"]')).forEach((inputAuth: HTMLInputElement) => {
+      inputAuth.checked = AuthMethod[inputAuth.value as keyof typeof AuthMethod] === mainAuthMethod;
     });
 
-    Array.from(document.querySelectorAll('input[name="devops-auth"]')).forEach((inputAuth: HTMLInputElement) => {
-      inputAuth.checked = inputAuth.value === devopsAuth;
+    Array.from(document.querySelectorAll('input[name="devops-auth-method"]')).forEach((inputAuth: HTMLInputElement) => {
+      inputAuth.checked = AuthMethod[inputAuth.value as keyof typeof AuthMethod] === devopsAuthMethod;
     });
   };
 
-  document.getElementById('authorizeSubmit').onclick = (e) => {
+  document.getElementById('authorizeSubmit').onclick = async (e) => {
     e.preventDefault();
-    const mainAuthSelector = document.querySelector('input[name="main-auth"]:checked') as HTMLInputElement;
-    const mainAuth = mainAuthSelector ? mainAuthSelector.value : undefined;
-    const devopsAuthSelector = document.querySelector('input[name="devops-auth"]:checked') as HTMLInputElement;
-    const devopsAuth = devopsAuthSelector ? devopsAuthSelector.value : undefined;
-    Environments.current().mainAuth = mainAuth;
-    Environments.current().devopsAuth = devopsAuth;
-    Environments.current().usernamePassword = dom.userName.value + ':' + dom.password.value;
-    Environments.current().usernamePasswordDevOps = dom.devOpsUserName.value + ':' + dom.devOpsPassword.value;
-    Environments.current().bearer = dom.bearer.value;
-    Environments.current().bearerDevOps = dom.bearerDevOps.value;
-    Environments.current().dittoPreAuthenticatedUsername = dom.dittoPreAuthenticatedUsername.value;
-    Environments.environmentsJsonChanged();
+    const mainAuthSelector = document.querySelector('input[name="main-auth-method"]:checked') as HTMLInputElement;
+    const mainAuthMethod = mainAuthSelector ? mainAuthSelector.value : undefined;
+    const devopsAuthSelector = document.querySelector('input[name="devops-auth-method"]:checked') as HTMLInputElement;
+    const devopsAuthMethod = devopsAuthSelector ? devopsAuthSelector.value : undefined;
+
+    let environment = Environments.current();
+    environment.authSettings.main.method = AuthMethod[mainAuthMethod as keyof typeof AuthMethod];
+    environment.authSettings.devops.method = AuthMethod[devopsAuthMethod as keyof typeof AuthMethod];
+    environment.authSettings.main.basic.usernamePassword = dom.userName.value + ':' + dom.password.value;
+    environment.authSettings.devops.basic.usernamePassword = dom.devOpsUserName.value + ':' + dom.devOpsPassword.value;
+    environment.authSettings.main.bearer.bearerToken = dom.bearer.value;
+    environment.authSettings.devops.bearer.bearerToken = dom.bearerDevOps.value;
+    environment.authSettings.main.pre.dittoPreAuthenticatedUsername = dom.dittoPreAuthenticatedUsername.value;
+    environment.authSettings.main.oidc.defaultProvider = dom.oidcProvider.value;
+    environment.authSettings.devops.oidc.defaultProvider = dom.devOpsOidcProvider.value;
+    await Environments.environmentsJsonChanged(false);
+  };
+
+  document.getElementById('main-oidc-login').onclick = async (e) => {
+    e.preventDefault();
+    let environment = Environments.current();
+    environment.authSettings.main.oidc.provider = dom.oidcProvider.value;
+    await performSingleSignOn(environment.authSettings.main.oidc)
   };
+  document.getElementById('main-oidc-logout').onclick = async (e) => {
+    e.preventDefault();
+    let environment = Environments.current();
+    environment.authSettings.main.oidc.provider = dom.oidcProvider.value;
+    await performSingleSignOut(environment.authSettings.main.oidc)
+  };
+
+  document.getElementById('devops-oidc-login').onclick = async (e) => {
+    e.preventDefault();
+    let environment = Environments.current();
+    environment.authSettings.devops.oidc.provider = dom.devOpsOidcProvider.value;
+    await performSingleSignOn(environment.authSettings.devops.oidc)
+  };
+  document.getElementById('devops-oidc-logout').onclick = async (e) => {
+    e.preventDefault();
+    let environment = Environments.current();
+    environment.authSettings.devops.oidc.provider = dom.devOpsOidcProvider.value;
+    await performSingleSignOut(environment.authSettings.devops.oidc)
+  };
+}
+
+function isSsoCallbackRequest(urlSearchParams?: URLSearchParams): boolean {
+  if (urlSearchParams === undefined) {
+    urlSearchParams = new URLSearchParams(window.location.search)
+  }
+  const requestContainedCode: boolean = urlSearchParams.get('code') !== null
+  const requestContainedState: boolean = urlSearchParams.get('state') !== null
+  return requestContainedCode && requestContainedState;
 }
 
-export function onEnvironmentChanged() {
-  let usernamePassword = Environments.current().usernamePassword ? Environments.current().usernamePassword : ':';
+async function handleSingleSignOnCallback(oidc: OidcAuthSettings) {
+  let environment = Environments.current();
+  const settings: UserManagerSettings = environment.authSettings.oidc.providers[oidc.provider];
+  if (settings !== undefined && settings !== null) {
+    const userManager = new UserManager(settings);
+    try {
+      let user = await userManager.signinCallback(window.location.href)
+      oidc.bearerToken = user.access_token
+      window.history.replaceState(null, null, `${settings.redirect_uri}?${user.url_state}`)
+    } catch (e) {
+      console.error(`Could not login due to: ${e}`)
+    }
+  }
+}
+
+async function performSingleSignOn(oidc: OidcAuthSettings) {
+  let environment = Environments.current();
+  const settings: UserManagerSettings = environment.authSettings.oidc.providers[oidc.provider];
+  if (settings !== undefined && settings !== null) {
+    const urlSearchParams: URLSearchParams = new URLSearchParams(window.location.search);
+    const userManager = new UserManager(settings);
+    if (isSsoCallbackRequest(urlSearchParams)) {
+      await handleSingleSignOnCallback(oidc)
+    } else {
+      urlSearchParams.set(URL_OIDC_PROVIDER, oidc.provider)
+      await userManager.signinRedirect({
+        url_state: urlSearchParams.toString()
+      });
+    }
+  }
+}
+
+async function performSingleSignOut(oidc: OidcAuthSettings) {
+  const urlSearchParams: URLSearchParams = new URLSearchParams(window.location.search);
+  let environment = Environments.current();
+  const settings: UserManagerSettings = environment.authSettings.oidc.providers[oidc.provider];
+  if (settings !== undefined && settings !== null) {
+    const userManager = new UserManager(settings);
+    urlSearchParams.set(URL_OIDC_PROVIDER, oidc.provider)
+    await userManager.signoutRedirect({
+      state: urlSearchParams.toString()
+    })
+  }
+}
+
+export async function onEnvironmentChanged(initialPageLoad: boolean) {
+  let environment = Environments.current();
+  let usernamePassword = environment.authSettings?.main?.basic?.usernamePassword ?
+    environment.authSettings?.main?.basic?.usernamePassword : ':';
   dom.userName.value = usernamePassword.split(':')[0];
   dom.password.value = usernamePassword.split(':')[1];
-  usernamePassword = Environments.current().usernamePasswordDevOps ?
-      Environments.current().usernamePasswordDevOps :
-      ':';
+  usernamePassword = environment.authSettings?.devops?.basic?.usernamePassword ?
+    environment.authSettings?.devops?.basic?.usernamePassword : ':';
   dom.devOpsUserName.value = usernamePassword.split(':')[0];
   dom.devOpsPassword.value = usernamePassword.split(':')[1];
-  dom.bearer.value = Environments.current().bearer ? Environments.current().bearer : '';
-  dom.bearerDevOps.value = Environments.current().bearerDevOps ? Environments.current().bearerDevOps : '';
-  dom.dittoPreAuthenticatedUsername.value = Environments.current().dittoPreAuthenticatedUsername ?
-                                            Environments.current().dittoPreAuthenticatedUsername :
-                                            '';
+  dom.bearer.value = environment.authSettings?.main?.bearer?.bearerToken ? environment.authSettings?.main?.bearer?.bearerToken : '';
+  dom.bearerDevOps.value = environment.authSettings?.devops?.bearer?.bearerToken ? environment.authSettings?.devops?.bearer?.bearerToken : '';
+  dom.dittoPreAuthenticatedUsername.value = environment.authSettings?.main?.pre?.dittoPreAuthenticatedUsername ?
+    environment.authSettings?.main?.pre?.dittoPreAuthenticatedUsername : '';
+  if (environment.authSettings?.oidc?.providers) {
+    let availableOidcProviders = Object.keys(environment.authSettings.oidc.providers)
+      .map(key => ({
+        key: key,
+        text: environment.authSettings.oidc.providers[key].displayName
+      }));
+    Utils.setOptionsWithText(dom.oidcProvider, availableOidcProviders);
+    Utils.setOptionsWithText(dom.devOpsOidcProvider, availableOidcProviders);
+    dom.oidcProvider.value = environment.authSettings.main.oidc.provider;
+    dom.devOpsOidcProvider.value = environment.authSettings.devops.oidc.provider;
+  }
+
+  if (!environment.authSettings.main.oidc.enabled && dom.mainOidcSection?.parentElement) {
+    dom.mainOidcSection.parentElement.removeChild(dom.mainOidcSection)
+  }
+  if (!environment.authSettings.main.basic.enabled && dom.mainBasicSection?.parentElement) {
+    dom.mainBasicSection.parentElement.removeChild(dom.mainBasicSection)
+  }
+  if (!environment.authSettings.main.bearer.enabled && dom.mainBearerSection?.parentElement) {
+    dom.mainBearerSection.parentElement.removeChild(dom.mainBearerSection)
+  }
+  if (!environment.authSettings.main.pre.enabled && dom.mainPreAuthenticatedSection?.parentElement) {
+    dom.mainPreAuthenticatedSection.parentElement.removeChild(dom.mainPreAuthenticatedSection)
+  }
+
+  if (!environment.authSettings.devops.oidc.enabled && dom.devOpsOidcSection?.parentElement) {
+    dom.devOpsOidcSection.parentElement.removeChild(dom.devOpsOidcSection)
+  }
+  if (!environment.authSettings.devops.basic.enabled && dom.devOpsBasicSection?.parentElement) {
+    dom.devOpsBasicSection.parentElement.removeChild(dom.devOpsBasicSection)
+  }
+  if (!environment.authSettings.devops.bearer.enabled && dom.devOpsBearerSection?.parentElement) {
+    dom.devOpsBearerSection.parentElement.removeChild(dom.devOpsBearerSection)
+  }
+
+  if (initialPageLoad &&
+    environment.authSettings?.main?.method === AuthMethod.oidc &&
+    environment.authSettings?.main?.oidc?.autoSso === true
+  ) {
+    await performSingleSignOn(environment.authSettings?.main?.oidc);
+  } else if (isSsoCallbackRequest()) {
+    await handleSingleSignOnCallback(environment.authSettings?.main?.oidc)
+  }
+
   API.setAuthHeader(_forDevops);
 }
diff --git a/ui/modules/environments/environmentTemplates.json b/ui/modules/environments/environmentTemplates.json
index 3621c71123..6cf5e3ae2c 100644
--- a/ui/modules/environments/environmentTemplates.json
+++ b/ui/modules/environments/environmentTemplates.json
@@ -2,36 +2,182 @@
   "local_ditto": {
     "api_uri": "http://localhost:8080",
     "ditto_version": 3,
-    "bearer": null,
-    "bearerDevOps": null,
-    "defaultUsernamePassword": "ditto:ditto",
-    "defaultDittoPreAuthenticatedUsername": null,
-    "defaultUsernamePasswordDevOps": "devops:foobar",
-    "mainAuth": "basic",
-    "devopsAuth": "basic"
+    "disablePolicies": false,
+    "disableConnections": false,
+    "disableOperations": false,
+    "authSettings": {
+      "main": {
+        "method": "basic",
+        "oidc": {
+          "enabled": false
+        },
+        "basic": {
+          "enabled": true,
+          "defaultUsernamePassword": "ditto:ditto"
+        },
+        "bearer": {
+          "enabled": true
+        },
+        "pre": {
+          "enabled": false,
+          "defaultDittoPreAuthenticatedUsername": null
+        }
+      },
+      "devops": {
+        "method": "basic",
+        "oidc": {
+          "enabled": false
+        },
+        "basic": {
+          "enabled": true,
+          "defaultUsernamePassword": "devops:foobar"
+        },
+        "bearer": {
+          "enabled": true
+        }
+      },
+      "oidc": {
+      }
+    }
   },
   "local_ditto_ide": {
     "api_uri": "http://localhost:8080",
     "ditto_version": 3,
-    "bearer": null,
-    "bearerDevOps": null,
-    "defaultUsernamePassword": null,
-    "defaultDittoPreAuthenticatedUsername": "pre:ditto",
-    "defaultUsernamePasswordDevOps": "devops:foobar",
-    "mainAuth": "pre",
-    "devopsAuth": "basic"
+    "disablePolicies": false,
+    "disableConnections": false,
+    "disableOperations": false,
+    "authSettings": {
+      "main": {
+        "method": "pre",
+        "oidc": {
+          "enabled": false
+        },
+        "basic": {
+          "enabled": true,
+          "defaultUsernamePassword": null
+        },
+        "bearer": {
+          "enabled": true
+        },
+        "pre": {
+          "enabled": false,
+          "defaultDittoPreAuthenticatedUsername": "pre:ditto"
+        }
+      },
+      "devops": {
+        "method": "basic",
+        "oidc": {
+          "enabled": false
+        },
+        "basic": {
+          "enabled": true,
+          "defaultUsernamePassword": "devops:foobar"
+        },
+        "bearer": {
+          "enabled": true
+        }
+      },
+      "oidc": {
+      }
+    }
   },
   "ditto_sandbox": {
     "api_uri": "https://ditto.eclipseprojects.io",
     "ditto_version": 3,
-    "bearer": null,
-    "bearerDevOps": null,
-    "defaultUsernamePassword": "ditto:ditto",
-    "defaultDittoPreAuthenticatedUsername": null,
-    "defaultUsernamePasswordDevOps": null,
-    "mainAuth": "basic",
-    "devopsAuth": null,
+    "disablePolicies": false,
     "disableConnections": true,
-    "disableOperations": true  
+    "disableOperations": true,
+    "authSettings": {
+      "main": {
+        "method": "basic",
+        "oidc": {
+          "enabled": true,
+          "defaultProvider": "fake"
+        },
+        "basic": {
+          "enabled": true,
+          "defaultUsernamePassword": "ditto:ditto"
+        },
+        "bearer": {
+          "enabled": true
+        },
+        "pre": {
+          "enabled": false,
+          "defaultDittoPreAuthenticatedUsername": null
+        }
+      },
+      "devops": {
+        "method": "basic",
+        "oidc": {
+          "enabled": false,
+          "defaultProvider": "fake"
+        },
+        "basic": {
+          "enabled": false,
+          "defaultUsernamePassword": null
+        },
+        "bearer": {
+          "enabled": false
+        }
+      },
+      "oidc": {
+      }
+    }
+  },
+  "oidc_example": {
+    "api_uri": "http://localhost:8080",
+    "ditto_version": 3,
+    "disablePolicies": false,
+    "disableConnections": false,
+    "disableOperations": false,
+    "authSettings": {
+      "main": {
+        "method": "oidc",
+        "oidc": {
+          "enabled": true,
+          "defaultProvider": "fake",
+          "autoSso": true
+        },
+        "basic": {
+          "enabled": false,
+          "defaultUsernamePassword": null
+        },
+        "bearer": {
+          "enabled": true
+        },
+        "pre": {
+          "enabled": false,
+          "defaultDittoPreAuthenticatedUsername": null
+        }
+      },
+      "devops": {
+        "method": "oidc",
+        "oidc": {
+          "enabled": true,
+          "defaultProvider": "fake",
+          "autoSso": true
+        },
+        "basic": {
+          "enabled": false,
+          "defaultUsernamePassword": null
+        },
+        "bearer": {
+          "enabled": true
+        }
+      },
+      "oidc": {
+        "providers": {
+          "fake": {
+            "displayName": "Fake IDP to test",
+            "authority": "http://localhost:9900/fake",
+            "client_id": "some-client-id",
+            "redirect_uri": "http://localhost:8000",
+            "post_logout_redirect_uri": "http://localhost:8000",
+            "response_type": "code",
+            "scope": "openid"
+          }
+        }
+      }
+    }
   }
 }
\ No newline at end of file
diff --git a/ui/modules/environments/environments.ts b/ui/modules/environments/environments.ts
index be8ac34d5d..16ac8f1b5c 100644
--- a/ui/modules/environments/environments.ts
+++ b/ui/modules/environments/environments.ts
@@ -11,6 +11,7 @@
  * SPDX-License-Identifier: EPL-2.0
  */
 
+import { UserManagerSettings } from 'oidc-client-ts';
 import * as Utils from '../utils.js';
 /* eslint-disable arrow-parens */
 /* eslint-disable prefer-const */
@@ -19,14 +20,89 @@ import * as Authorization from './authorization.js';
 import environmentsHTML from './environments.html';
 import defaultTemplates from './environmentTemplates.json';
 
-
+const OIDC_CALLBACK_STATE = 'state';
 const URL_PRIMARY_ENVIRONMENT_NAME = 'primaryEnvironmentName';
+export const URL_OIDC_PROVIDER = 'oidcProvider';
 const URL_ENVIRONMENTS = 'environmentsURL';
 const STORAGE_KEY = 'ditto-ui-env';
 
-let urlSearchParams;
-let environments;
-let selectedEnvName;
+export enum AuthMethod {
+  oidc='oidc',
+  basic='basic',
+  bearer='bearer',
+  pre='pre'
+}
+
+export type OidcAuthSettings = {
+  enabled: boolean,
+  defaultProvider: string | null,
+  autoSso: boolean,
+  provider?: string,
+  bearerToken?: string
+}
+
+type BasicAuthSettings = {
+  enabled: boolean,
+  defaultUsernamePassword: string | null,
+  usernamePassword?: string
+}
+
+type BearerAuthSettings = {
+  enabled: boolean,
+  bearerToken?: string
+}
+
+type PreAuthSettings = {
+  enabled: boolean,
+  defaultDittoPreAuthenticatedUsername: string | null,
+  dittoPreAuthenticatedUsername?: string
+}
+
+type CommonAuthSettings = {
+  method: AuthMethod,
+  oidc: OidcAuthSettings,
+  basic: BasicAuthSettings,
+  bearer: BearerAuthSettings
+}
+
+type MainAuthSettings = CommonAuthSettings & {
+  pre: PreAuthSettings
+}
+
+type OidcProviderConfiguration = UserManagerSettings & {
+  displayName: string
+}
+
+type AuthSettings = {
+  main: MainAuthSettings,
+  devops: CommonAuthSettings,
+  oidc: Record<string, OidcProviderConfiguration>
+}
+
+type FieldListItem = {
+  active: boolean,
+  path: string,
+  label: string
+}
+
+type Environment = {
+  api_uri: string,
+  ditto_version: number,
+  disablePolicies?: boolean,
+  disableConnections?: boolean,
+  disableOperations?: boolean,
+  authSettings?: AuthSettings,
+  searchNamespaces?: string | null,
+  messageTemplates?: any,
+  fieldList?: FieldListItem[],
+  filterList?: string[],
+  pinnedThings?: string[],
+  recentPolicyIds?: string[],
+}
+
+let urlSearchParams: URLSearchParams;
+let environments: Record<string, Environment>;
+let selectedEnvName: string;
 
 let settingsEditor;
 
@@ -48,33 +124,13 @@ let observers = [];
 
 document.getElementById('environmentsHTML').innerHTML = environmentsHTML;
 
-function Environment(env) {
+function Environment(env: Environment): void {
   Object.assign(this, env);
-  Object.defineProperties(this, {
-    bearer: {
-      enumerable: false,
-      writable: true,
-    },
-    bearerDevOps: {
-      enumerable: false,
-      writable: true,
-    },
-    usernamePassword: {
-      value: this.defaultUsernamePassword,
-      enumerable: false,
-      writable: true,
-    },
-    usernamePasswordDevOps: {
-      value: this.defaultUsernamePasswordDevOps,
-      enumerable: false,
-      writable: true,
-    },
-    dittoPreAuthenticatedUsername: {
-      value: this.defaultDittoPreAuthenticatedUsername,
-      enumerable: false,
-      writable: true,
-    },
-  });
+  this.authSettings.main.oidc.provider = env.authSettings?.main?.oidc?.defaultProvider
+  this.authSettings.main.basic.usernamePassword = env.authSettings?.main?.basic?.defaultUsernamePassword
+  this.authSettings.main.pre.dittoPreAuthenticatedUsername = env.authSettings?.main?.pre?.defaultDittoPreAuthenticatedUsername
+  this.authSettings.devops.oidc.provider = env.authSettings?.devops?.oidc?.defaultProvider
+  this.authSettings.devops.basic.usernamePassword = env.authSettings?.devops?.basic?.defaultUsernamePassword
 }
 
 export function current() {
@@ -85,9 +141,9 @@ export function addChangeListener(observer) {
   observers.push(observer);
 }
 
-function notifyAll(modifiedField = null) {
+async function notifyAll(initialPageLoad: boolean, modifiedField = null) {
   // Notify Authorization first to set right auth header
-  Authorization.onEnvironmentChanged();
+  await Authorization.onEnvironmentChanged(initialPageLoad);
   // Notify others
   observers.forEach(observer => observer.call(null, modifiedField));
 }
@@ -121,26 +177,25 @@ export async function ready() {
     settingsEditor.renderer.updateFull();
   });
 
-
-  environmentsJsonChanged();
+  await environmentsJsonChanged(true);
 }
 
-function onEnvironmentSelectorChange() {
+async function onEnvironmentSelectorChange() {
   urlSearchParams.set(URL_PRIMARY_ENVIRONMENT_NAME, dom.environmentSelector.value);
   window.history.replaceState({}, '', `${window.location.pathname}?${urlSearchParams}`);
-  notifyAll();
+  await notifyAll(false);
 }
 
-function onDeleteEnvironmentClick() {
+async function onDeleteEnvironmentClick() {
   Utils.assert(selectedEnvName, 'No environment selected', dom.tableValidationEnvironments);
   Utils.assert(Object.keys(environments).length >= 2, 'At least one environment is required',
       dom.tableValidationEnvironments);
   delete environments[selectedEnvName];
   selectedEnvName = null;
-  environmentsJsonChanged();
+  await environmentsJsonChanged(false);
 }
 
-function onCreateEnvironmentClick(event) {
+async function onCreateEnvironmentClick(event) {
   Utils.assert(event.target.idValue,
       'Environment name must not be empty',
       event.target.validationElement);
@@ -160,7 +215,7 @@ function onCreateEnvironmentClick(event) {
 
   selectedEnvName = event.target.idValue;
   event.target.toggleEdit();
-  environmentsJsonChanged();
+  await environmentsJsonChanged(false);
 }
 
 function onEnvironmentsTableClick(event) {
@@ -174,14 +229,14 @@ function onEnvironmentsTableClick(event) {
   }
 }
 
-function onUpdateEnvironmentClick(event) {
+async function onUpdateEnvironmentClick(event) {
   if (selectedEnvName !== event.target.idValue) {
     changeEnvironmentName();
   }
   if (event.target === dom.crudEnvironmentFields) {
     environments[selectedEnvName].api_uri = dom.inputApiUri.value;
-    environments[selectedEnvName].searchNamespaces = dom.inputSearchNamespaces.value;
     environments[selectedEnvName].ditto_version = dom.selectDittoVersion.value;
+    environments[selectedEnvName].searchNamespaces = dom.inputSearchNamespaces.value;
     environments[selectedEnvName].disablePolicies = !dom.inputTabPolicies.checked;
     environments[selectedEnvName].disableConnections = !dom.inputTabConnections.checked;
     environments[selectedEnvName].disableOperations = !dom.inputTabOperations.checked;
@@ -189,7 +244,7 @@ function onUpdateEnvironmentClick(event) {
     environments[selectedEnvName] = JSON.parse(settingsEditor.getValue());
   }
   event.target.toggleEdit();
-  environmentsJsonChanged();
+  await environmentsJsonChanged(false);
 
   function changeEnvironmentName() {
     environments[event.target.idValue] = environments[selectedEnvName];
@@ -198,20 +253,34 @@ function onUpdateEnvironmentClick(event) {
   }
 }
 
-export function environmentsJsonChanged(modifiedField = null) {
+export async function environmentsJsonChanged(initialPageLoad: boolean, modifiedField = null) {
   environments && localStorage.setItem(STORAGE_KEY, JSON.stringify(environments));
 
   updateEnvSelector();
   updateEnvEditors();
   updateEnvTable();
 
-  notifyAll(modifiedField);
+  await notifyAll(initialPageLoad, modifiedField);
 
   function updateEnvSelector() {
     let activeEnvironment = dom.environmentSelector.value;
     if (!activeEnvironment) {
       activeEnvironment = urlSearchParams.get(URL_PRIMARY_ENVIRONMENT_NAME);
     }
+    let oidcState = urlSearchParams.get(OIDC_CALLBACK_STATE);
+    if (!activeEnvironment && oidcState !== null) {
+      let stateAndUrlState = oidcState.split(";");
+      if (stateAndUrlState.length > 1) {
+        const urlState = stateAndUrlState[1];
+        const preservedQueryParams = new URLSearchParams(urlState)
+        const primaryEnvironmentName = preservedQueryParams.get(URL_PRIMARY_ENVIRONMENT_NAME);
+        const oidcProvider = preservedQueryParams.get(URL_OIDC_PROVIDER);
+        activeEnvironment = primaryEnvironmentName;
+        if (oidcProvider) {
+          environments[activeEnvironment].authSettings.main.oidc.provider = oidcProvider
+        }
+      }
+    }
     if (!activeEnvironment || !environments[activeEnvironment]) {
       activeEnvironment = Object.keys(environments)[0];
     }
@@ -306,7 +375,7 @@ async function loadEnvironmentTemplates() {
         throw new SyntaxError('Environments json invalid');
       }
     });
-  };
+  }
 
   function merge(remote, local) {
     let merged = {};
diff --git a/ui/modules/policies/policies.ts b/ui/modules/policies/policies.ts
index 0f0fd04582..d4dd9048c4 100644
--- a/ui/modules/policies/policies.ts
+++ b/ui/modules/policies/policies.ts
@@ -121,37 +121,37 @@ function refreshWhoAmI() {
       })
       .catch((error) => {
       });
-};
+}
 
 export function refreshPolicy(policyId) {
   API.callDittoREST('GET', '/policies/' + policyId)
       .then((policy) => setThePolicy(policy))
       .catch(() => setThePolicy(null));
-};
+}
 
-export function setThePolicy(policy: Policy) {
+export async function setThePolicy(policy: Policy) {
   thePolicy = policy;
   
   if (thePolicy) {
-    updateRecentPolicies(thePolicy.policyId);
+    await updateRecentPolicies(thePolicy.policyId);
   } else {
     dom.inputPolicyId.value = null;
   }
   observable.notifyAll(thePolicy);
-};
+}
 
 
-function refreshAll(otherEnvironment: boolean) {
+async function refreshAll(otherEnvironment: boolean) {
   refreshWhoAmI();
   if (otherEnvironment) {
-    setThePolicy(null);
+    await setThePolicy(null);
   }
   if (dom.inputPolicyId.value) {
     refreshPolicy(dom.inputPolicyId.value);
   }
 }
 
-export function updateRecentPolicies(policyId: String) {
+export async function updateRecentPolicies(policyId: string) {
   const oldIndex = Environments.current().recentPolicyIds.indexOf(policyId);
   if (oldIndex >= 0) {
     Environments.current().recentPolicyIds.splice(oldIndex,1);
@@ -161,11 +161,11 @@ export function updateRecentPolicies(policyId: String) {
     Environments.current().recentPolicyIds.pop();
   }
 
-  Environments.environmentsJsonChanged('recentPolicyIds');
+  await Environments.environmentsJsonChanged(false, 'recentPolicyIds');
 }
 
-function onEnvironmentChanged(modifiedField: String) {
-  Environments.current()['recentPolicyIds'] = Environments.current()['recentPolicyIds'] || [];
+function onEnvironmentChanged(modifiedField: string) {
+  Environments.current().recentPolicyIds = Environments.current().recentPolicyIds || [];
   dom.tbodyRecentPolicies.textContent = '';
   Environments.current().recentPolicyIds.forEach(entry => {
     Utils.addTableRow(dom.tbodyRecentPolicies, entry, thePolicy && thePolicy.policyId === entry, entry);
diff --git a/ui/modules/policies/policiesImports.ts b/ui/modules/policies/policiesImports.ts
index 739ecea1cf..3fc581c0f1 100644
--- a/ui/modules/policies/policiesImports.ts
+++ b/ui/modules/policies/policiesImports.ts
@@ -108,33 +108,33 @@ function setExplicitCheckboxesDisabledState(disabled: boolean) {
     .forEach((e: HTMLInputElement) => e.disabled = disabled);
 }
 
-function onPolicyChanged(policy: Policies.Policy) {
+async function onPolicyChanged(policy: Policies.Policy) {
   dom.tbodyPolicyImports.textContent = '';
   dom.crudImport.idValue = null;
   dom.crudImport.editDisabled = (policy === null);
   
   if (policy) {
     let policyHasImport = false;
-    Object.keys(policy.imports).forEach((key) => {
+    for (const key of Object.keys(policy.imports)) {
       const row = Utils.addTableRow(dom.tbodyPolicyImports, key, key === selectedImport);
       Utils.addActionToRow(row, 'bi-arrow-up-right-square', getNavigatePolicyAction(key), 'Open policy');
       if (key === selectedImport) {
-        setImport(key);
+        await setImport(key);
         policyHasImport = true;
       }
-    });
+    }
     if (!policyHasImport) {
       selectedImport = null;
-      setImport(null);
+      await setImport(null);
     }
   } else {
-    setImport(null);
+    await setImport(null);
   }
 
-  function getNavigatePolicyAction(policyId: String) {
+  function getNavigatePolicyAction(policyId: string) {
     return (evt: Event) => {
-      API.callDittoREST('GET', '/policies/' + policyId).then((targetPolicy: Policies.Policy) => {
-        Policies.setThePolicy(targetPolicy);
+      API.callDittoREST('GET', '/policies/' + policyId).then(async (targetPolicy: Policies.Policy) => {
+        await Policies.setThePolicy(targetPolicy);
       })
     }
   }
@@ -162,7 +162,7 @@ async function setImport(importedPolicyId: string) {
     const isImplicit = importedPolicy.entries[entry].importable === 'implicit';
     return isImported || isImplicit;
   }
-};
+}
 
 
 
diff --git a/ui/modules/policies/policiesJSON.ts b/ui/modules/policies/policiesJSON.ts
index 63ff5f8988..abd4ac2df5 100644
--- a/ui/modules/policies/policiesJSON.ts
+++ b/ui/modules/policies/policiesJSON.ts
@@ -11,10 +11,10 @@
  * SPDX-License-Identifier: EPL-2.0
  */
 
-import * as Utils from '../utils.js';
+import * as ace from 'ace-builds/src-noconflict/ace';
 import * as API from '../api.js';
 import * as Environments from '../environments/environments.js'
-import * as ace from 'ace-builds/src-noconflict/ace';
+import * as Utils from '../utils.js';
 import { CrudOperation, CrudToolbar } from '../utils/crudToolbar.js';
 import * as Policies from './policies.js';
 import policyTemplates from './policyTemplates.json';
@@ -87,7 +87,7 @@ function onUpdatePolicyClick() {
   );
 }
 
-function onDeletePolicyClick() {
+async function onDeletePolicyClick() {
   Utils.confirm(`Are you sure you want to delete policy<br>'${dom.crudPolicyJson.idValue}'?`, 'Delete', () => {
     modifyPolicy(dom.crudPolicyJson.idValue, null, () => {
       deleteFromRecentPolicies(dom.crudPolicyJson.idValue);
@@ -95,12 +95,12 @@ function onDeletePolicyClick() {
     });
   });
   
-  function deleteFromRecentPolicies(policyId: string) {
+  async function deleteFromRecentPolicies(policyId: string) {
     const index = Environments.current().recentPolicyIds.indexOf(policyId);
     if (index >= 0) {
       Environments.current().recentPolicyIds.splice(index, 1);
     }
-    Environments.environmentsJsonChanged('recentPolicyIds');
+    await Environments.environmentsJsonChanged(false, 'recentPolicyIds');
   }
 }
 
@@ -109,7 +109,7 @@ function modifyPolicy(policyId, value, onSuccess) {
       `/policies/${policyId}`,
       value
   ).then(onSuccess);
-};
+}
 
 function onPolicyChanged(policy: Policies.Policy) {
   dom.crudPolicyJson.idValue = policy && policy.policyId;
diff --git a/ui/modules/things/attributes.ts b/ui/modules/things/attributes.ts
index 68f3747f70..1ae9308960 100644
--- a/ui/modules/things/attributes.ts
+++ b/ui/modules/things/attributes.ts
@@ -79,10 +79,10 @@ function onAttributeTableClick(event) {
 
 /**
  * Creates a onclick handler function
- * @param {String} method PUT or DELETE
+ * @param {string} method PUT or DELETE
  * @param {boolean} isNewAttribute if a new attribute is created. default = false
  */
-function updateAttribute(method, isNewAttribute = false) {
+function updateAttribute(method: string, isNewAttribute = false) {
   const attributeValue = JSON.parse(attributeEditor.getValue());
   API.callDittoREST(
       method,
@@ -110,7 +110,9 @@ function refreshAttribute(thing, attributePath = null) {
 
   if (thing) {
     dom.crudAttribute.idValue = attributePath;
-    attributeEditor.setValue(Utils.stringifyPretty(thing.attributes[attributePath]), -1);
+    if (thing.attributes) {
+      attributeEditor.setValue(Utils.stringifyPretty(thing.attributes[attributePath]), -1);
+    }
   } else {
     dom.crudAttribute.idValue = null;
     attributeEditor.setValue('');
@@ -143,9 +145,9 @@ function onThingChanged(thing) {
 /**
  * checks if the attribute is an array or json and returns a parsed string
  * @param {object} attribute
- * @return {String} parsed json for objects or toString for json values
+ * @return {string} parsed json for objects or toString for json values
  */
-function attributeToString(attribute) {
+function attributeToString(attribute): string {
   return typeof attribute === 'object' ?
       JSON.stringify(attribute) :
       attribute.toString();
@@ -153,10 +155,10 @@ function attributeToString(attribute) {
 
 /**
  * Converts a String into a json value for a Ditto attribute
- * @param {String} attribute Ditto attribute as a String
+ * @param {string} attribute Ditto attribute as a String
  * @return {Object} object in case it could be parsed, else the orignal String
  */
-function attributeFromString(attribute) {
+function attributeFromString(attribute: string) {
   try {
     return JSON.parse(attribute);
   } catch (err) {
@@ -180,8 +182,10 @@ function onEditToggle(event) {
   } else {
     enableDisableEditor();
     refreshAttribute(Things.theThing, dom.crudAttribute.idValue)
-    attributeEditor.setValue(
-      Utils.stringifyPretty(Things.theThing.attributes[dom.crudAttribute.idValue]), -1);
+    if (Things.theThing.attributes) {
+      attributeEditor.setValue(
+        Utils.stringifyPretty(Things.theThing.attributes[dom.crudAttribute.idValue]), -1);
+    }
   }
 
   function enableDisableEditor() {
diff --git a/ui/modules/things/featureMessages.ts b/ui/modules/things/featureMessages.ts
index 684010f25c..00094a1ecd 100644
--- a/ui/modules/things/featureMessages.ts
+++ b/ui/modules/things/featureMessages.ts
@@ -64,7 +64,7 @@ export async function ready() {
     messageFeature();
   };
 
-  dom.buttonMessageFavorite.onclick = () => {
+  dom.buttonMessageFavorite.onclick = async () => {
     const templateName = dom.inputMessageTemplate.value;
     const featureId = theFeatureId;
     const payload = acePayload.getValue();
@@ -84,7 +84,7 @@ export async function ready() {
       };
       acePayload.session.getUndoManager().markClean();
     }
-    Environments.environmentsJsonChanged('messageTemplates');
+    await Environments.environmentsJsonChanged(false, 'messageTemplates');
   };
 
   dom.ulMessageTemplates.addEventListener('click', (event) => {
diff --git a/ui/modules/things/features.ts b/ui/modules/things/features.ts
index 5ad609b8bd..c5a17697af 100644
--- a/ui/modules/things/features.ts
+++ b/ui/modules/things/features.ts
@@ -125,10 +125,10 @@ function onFeaturesTableClick(event) {
 
 /**
  * Triggers a feature update in Ditto according to UI contents
- * @param {String} method Either PUT to update the feature or DELETE to delete the feature
+ * @param {string} method Either PUT to update the feature or DELETE to delete the feature
  * @param {boolean} isNewFeature indicates if a new feature should be created. (default: false)
  */
-function updateFeature(method, isNewFeature = false) {
+function updateFeature(method: string, isNewFeature = false) {
   Utils.assert(Things.theThing, 'No Thing selected');
   Utils.assert(dom.crudFeature.idValue, 'No Feature selected');
 
@@ -197,9 +197,9 @@ function updateFeatureEditors(featureJson) {
 /**
  * Initializes all UI components for the given single feature of the given thing, if no thing is given the UI is cleared
  * @param {Object} thing thing the feature values are taken from
- * @param {String} featureId FeatureId to be refreshed
+ * @param {string} featureId FeatureId to be refreshed
  */
-function refreshFeature(thing, featureId = null) {
+function refreshFeature(thing, featureId: string = null) {
   if (!dom.crudFeature.isEditing) {
     if (thing && thing['features'] && featureId) {
       dom.crudFeature.idValue = featureId;
diff --git a/ui/modules/things/fields.ts b/ui/modules/things/fields.ts
index c62c309f9b..28cadcd408 100644
--- a/ui/modules/things/fields.ts
+++ b/ui/modules/things/fields.ts
@@ -29,9 +29,9 @@ document.getElementById('fieldsHTML').innerHTML = fieldsHTML;
 
 /**
  * Create a Ditto search query parameter from the active fields
- * @return {String} The fields query parameter for Ditto search
+ * @return {string} The fields query parameter for Ditto search
  */
-export function getQueryParameter() {
+export function getQueryParameter(): string {
   if (!Environments.current().fieldList) {
     Environments.current().fieldList = [];
   }
@@ -43,9 +43,9 @@ export function getQueryParameter() {
 let bsFieldsModal = null;
 /**
  * Set the fieldpath value
- * @param {String} fieldPath new value for the fieldpath
+ * @param {string} fieldPath new value for the fieldpath
  */
-export function proposeNewField(fieldPath) {
+export function proposeNewField(fieldPath: string) {
   dom.fieldPath.value = fieldPath;
   dom.fieldLabel.value = null;
   if (!bsFieldsModal) {
@@ -68,8 +68,8 @@ export async function ready() {
     }
   });
 
-  dom.fieldsModal.addEventListener('hide.bs.modal', () => {
-    Environments.environmentsJsonChanged();
+  dom.fieldsModal.addEventListener('hide.bs.modal', async() => {
+    await Environments.environmentsJsonChanged(false);
   });
 
   document.getElementById('fieldUpdate').onclick = () => {
@@ -78,7 +78,7 @@ export async function ready() {
     const otherFields = Environments.current().fieldList.filter((elem, i) => i != theFieldIndex);
     const mapped = otherFields.map((field) => field.path);
     const cond = mapped.includes(selectedField.path);
-    console.log(cond);
+    // console.log(cond);
     Utils.assert(!Environments.current().fieldList
         .filter((elem, i) => i != theFieldIndex)
         .map((field) => field.path)
@@ -136,9 +136,9 @@ export async function ready() {
 
 /**
  * Selects or de-selects the field for editing
- * @param {integer} fieldIndex index in fieldlist of field to toggle
+ * @param {number} fieldIndex index in fieldlist of field to toggle
  */
-function toggleFieldSelection(fieldIndex) {
+function toggleFieldSelection(fieldIndex: number) {
   if (theFieldIndex === fieldIndex) {
     theFieldIndex = -1;
     dom.fieldPath.value = null;
@@ -170,7 +170,7 @@ function updateFieldList() {
   Environments.current().fieldList.forEach((field, i) => {
     const fieldSelected = dom.fieldPath.value === field.path;
     const row = dom.fieldList.insertRow();
-    Utils.addCheckboxToRow(row, i, field.active, false, toggleFieldActiveEventHandler);
+    Utils.addCheckboxToRow(row, String(i), field.active, false, toggleFieldActiveEventHandler);
     row.insertCell(-1).textContent = field.path;
     row.insertCell(-1).textContent = field['label'] ? field.label : null;
     if (fieldSelected) {
diff --git a/ui/modules/things/searchFilter.ts b/ui/modules/things/searchFilter.ts
index df725266f6..dd30260c64 100644
--- a/ui/modules/things/searchFilter.ts
+++ b/ui/modules/things/searchFilter.ts
@@ -91,15 +91,15 @@ export async function ready() {
  * Callback to initialize searchFilters if the environment changed
  */
 function onEnvironmentChanged() {
-  if (!Environments.current()['filterList']) {
+  if (!Environments.current().filterList) {
     Environments.current().filterList = [];
   }
-  if (!Environments.current()['pinnedThings']) {
+  if (!Environments.current().pinnedThings) {
     Environments.current().pinnedThings = [];
   }
 }
 
-function fillSearchFilterEdit(fillString) {
+function fillSearchFilterEdit(fillString: string) {
   dom.searchFilterEdit.value = fillString;
 
   checkIfFavorite();
@@ -176,10 +176,10 @@ async function createFilterList(query) {
 
 /**
  * Adds or removes the given filter from the list of search filters
- * @param {String} filter filter
+ * @param {string} filter filter
  * @return {boolean} true if the filter was toggled
  */
-function toggleFilterFavorite(filter) {
+async function toggleFilterFavorite(filter: string) {
   if (!filter || filter === '') {
     return false;
   }
@@ -189,7 +189,7 @@ function toggleFilterFavorite(filter) {
   } else {
     Environments.current().filterList.push(filter);
   }
-  Environments.environmentsJsonChanged('filterList');
+  await Environments.environmentsJsonChanged(false, 'filterList');
   return true;
 }
 
diff --git a/ui/modules/things/thingMessages.ts b/ui/modules/things/thingMessages.ts
index e54b7f98c1..ccbf74a51e 100644
--- a/ui/modules/things/thingMessages.ts
+++ b/ui/modules/things/thingMessages.ts
@@ -59,7 +59,7 @@ export async function ready() {
     messageThing();
   };
 
-  dom.buttonThingMessageFavorite.onclick = () => {
+  dom.buttonThingMessageFavorite.onclick = async () => {
     const templateName = dom.inputThingMessageTemplate.value;
     const payload = acePayload.getValue();
     Utils.assert(templateName, 'Please give a name for the template', dom.inputThingMessageTemplate);
@@ -77,7 +77,7 @@ export async function ready() {
       };
       acePayload.session.getUndoManager().markClean();
     }
-    Environments.environmentsJsonChanged('messageTemplates');
+    await Environments.environmentsJsonChanged(false, 'messageTemplates');
   };
 
   dom.ulThingMessageTemplates.addEventListener('click', (event) => {
diff --git a/ui/modules/things/things.ts b/ui/modules/things/things.ts
index 0531836f54..1837fb5280 100644
--- a/ui/modules/things/things.ts
+++ b/ui/modules/things/things.ts
@@ -50,10 +50,10 @@ export async function ready() {
 
 /**
  * Load thing from Ditto and update all UI components
- * @param {String} thingId ThingId
+ * @param {string} thingId ThingId
  * @param {function} successCallback callback function that is called after refresh is finished
  */
-export function refreshThing(thingId, successCallback = null) {
+export function refreshThing(thingId: string, successCallback = null) {
   console.assert(thingId && thingId !== '', 'thingId expected');
   API.callDittoREST('GET',
       `/things/${thingId}?` +
diff --git a/ui/modules/things/thingsSSE.ts b/ui/modules/things/thingsSSE.ts
index b2ee8ed086..37f32b8469 100644
--- a/ui/modules/things/thingsSSE.ts
+++ b/ui/modules/things/thingsSSE.ts
@@ -43,7 +43,7 @@ function notifyAll(thingJson) {
 function onThingsTableChanged(thingIds, fieldsQueryParameter) {
   stopSSE(thingsTableEventSource);
   if (thingIds && thingIds.length > 0) {
-    console.log('SSE Start: THINGS TABLE');
+    // console.log('SSE Start: THINGS TABLE');
     thingsTableEventSource = API.getEventSource(thingIds, fieldsQueryParameter);
     thingsTableEventSource.onmessage = onMessageThingsTable;
   }
@@ -54,7 +54,7 @@ function onSelectedThingChanged(newThingJson, isNewThingId) {
     stopSSE(selectedThingEventSource);
   } else if (isNewThingId) {
     selectedThingEventSource && selectedThingEventSource.close();
-    console.log('SSE Start: SELECTED THING : ' + newThingJson.thingId);
+    // console.log('SSE Start: SELECTED THING : ' + newThingJson.thingId);
     selectedThingEventSource = API.getEventSource(newThingJson.thingId,
         'fields=thingId,policyId,definition,attributes,features,_revision,_created,_modified,_metadata,_context/topic,_context/path,_context/value' +
       '&extraFields=thingId,policyId,definition,attributes,features,_revision,_created,_modified,_metadata');
@@ -65,7 +65,7 @@ function onSelectedThingChanged(newThingJson, isNewThingId) {
 function stopSSE(eventSource) {
   if (eventSource) {
     eventSource.close();
-    console.log('SSE Stopped: ' + (eventSource === selectedThingEventSource ? 'SELECTED THING' : 'THINGS TABLE'));
+    // console.log('SSE Stopped: ' + (eventSource === selectedThingEventSource ? 'SELECTED THING' : 'THINGS TABLE'));
   }
 }
 
diff --git a/ui/modules/things/thingsSearch.ts b/ui/modules/things/thingsSearch.ts
index 64855c332e..e57c689244 100644
--- a/ui/modules/things/thingsSearch.ts
+++ b/ui/modules/things/thingsSearch.ts
@@ -75,7 +75,7 @@ function onThingsTableClicked(event) {
 
 /**
  * Tests if the search filter is an RQL. If yes, things search is called otherwise just things get
- * @param {String} filter search filter string containing an RQL or a thingId
+ * @param {string} filter search filter string containing an RQL or a thingId
  * @param rqlFilterCallback a callback to invoke when the passed `filter` was a valid RQL statement
  */
 export function searchTriggered(filter: string, rqlFilterCallback: () => void) {
@@ -149,7 +149,7 @@ function resetAndClearViews(retainThing = false) {
 
 /**
  * Calls Ditto search API to perform a count and adds the count to the UI.
- * @param {String} filter Ditto search filter (rql)
+ * @param {string} filter Ditto search filter (rql)
  */
 function countThings(filter: string) {
   dom.searchFilterCount.textContent = '';
@@ -167,7 +167,7 @@ function countThings(filter: string) {
 
 /**
  * Calls Ditto search api and fills UI with the result
- * @param {String} filter Ditto search filter (rql)
+ * @param {string} filter Ditto search filter (rql)
  * @param {boolean} isMore (optional) use cursor from previous search for additional pages
  */
 function searchThings(filter: string, isMore = false) {
@@ -299,7 +299,7 @@ function fillThingsTable(thingsList: any[]) {
   }
 }
 
-function togglePinnedThing(evt) {
+async function togglePinnedThing(evt) {
   if (evt.target.checked) {
     Environments.current().pinnedThings.push(this.id);
   } else {
@@ -308,7 +308,7 @@ function togglePinnedThing(evt) {
       Environments.current().pinnedThings.splice(index, 1);
     }
   }
-  Environments.environmentsJsonChanged('pinnedThings');
+  await Environments.environmentsJsonChanged(false, 'pinnedThings');
 }
 
 function onThingChanged(thingJson) {
diff --git a/ui/modules/utils.ts b/ui/modules/utils.ts
index db859c38f5..0fde531fb7 100644
--- a/ui/modules/utils.ts
+++ b/ui/modules/utils.ts
@@ -34,7 +34,7 @@ export function ready() {
 /**
  * Adds a table to a table element
  * @param {HTMLTableElement} table tbody element the row is added to
- * @param {String} key first column text of the row. Acts as id of the row
+ * @param {string} key first column text of the row. Acts as id of the row
  * @param {boolean} selected if true, the new row will be marked as selected
  * @param {boolean} clipBoardValue add a clipboard button at the last column of the row
  * @param {array} columnValues texts for additional columns of the row
@@ -61,7 +61,7 @@ export const addTableRow = function(table: HTMLTableElement, key: string, select
 /**
  * Adds a checkbox as a firs column of a row
  * @param {HTMLTableRowElement} row target row
- * @param {String} id an id for the checkbox element
+ * @param {string} id an id for the checkbox element
  * @param {boolean} checked check the checkbox
  * @param {boolean} disabled callback for the onchange event of the checkbox
  * @param {function} onToggle callback for the onchange event of the checkbox
@@ -84,12 +84,12 @@ export function addCheckboxToRow(row: HTMLTableRowElement, id: string, checked:
 /**
  * Adds a cell to the row including a tooltip
  * @param {HTMLTableRowElement} row target row
- * @param {String} cellContent content of new cell
- * @param {String} cellTooltip tooltip for new cell
+ * @param {string} cellContent content of new cell
+ * @param {string} cellTooltip tooltip for new cell
  * @param {Number} position optional, default -1 (add to the end)
  * @return {HTMLElement} created cell element
  */
-export function addCellToRow(row, cellContent, cellTooltip = null, position = -1) {
+export function addCellToRow(row, cellContent, cellTooltip: string = null, position = -1) {
   const cell = row.insertCell(position);
   cell.textContent = cellContent;
   cell.setAttribute('data-bs-toggle', 'tooltip');
@@ -127,9 +127,9 @@ export function getRowClipboardAction(iconClassMain: string, iconClassFeedback:
 /**
  * Adds a header cell to the given table row
  * @param {HTMLTableRowElement} row target row
- * @param {String} label label for the header cell
+ * @param {string} label label for the header cell
  */
-export function insertHeaderCell(row, label) {
+export function insertHeaderCell(row, label: string) {
   const th = document.createElement('th');
   th.textContent = label;
   row.appendChild(th);
@@ -149,7 +149,22 @@ export function setOptions(target: HTMLSelectElement, options: string[]) {
   });
 }
 
-export function addDropDownEntries(target: HTMLUListElement, labels: Array<String>) {
+/**
+ * Create a list of option elements for select element
+ * @param {HTMLSelectElement} target target element (select)
+ * @param {array} options Array of strings to be filled as options
+ */
+export function setOptionsWithText(target: HTMLSelectElement, options: any[]) {
+  target.textContent = '';
+  options.forEach((o) => {
+    const option = document.createElement('option');
+    option.value = o.key;
+    option.text = o.text;
+    target.appendChild(option);
+  });
+}
+
+export function addDropDownEntries(target: HTMLUListElement, labels: Array<string>) {
   labels.forEach((label) => {
     addDropDownEntry(target, label);
   })
@@ -158,11 +173,11 @@ export function addDropDownEntries(target: HTMLUListElement, labels: Array<Strin
 /**
  * Add a drop down items or header to Bootstrap dropdown
  * @param {HTMLElement} target target element
- * @param {String} label label of items for the drop down
- * @param {String} value (optional) additional data tag for the drop down item
+ * @param {string} label label of items for the drop down
+ * @param {string} value (optional) additional data tag for the drop down item
  * @param {boolean} isHeader (optional) true to add a header line
  */
-export function addDropDownEntry(target: HTMLUListElement, label: String, isHeader: boolean = false, value?: String) {
+export function addDropDownEntry(target: HTMLUListElement, label: string, isHeader: boolean = false, value?: string) {
   const li = document.createElement('li');
   li.innerHTML = isHeader ?
     `<h6 class="dropdown-header" data-value='${value}'>${sanitizeHTML(label)}</h6>` :
@@ -174,12 +189,11 @@ export function addDropDownEntry(target: HTMLUListElement, label: String, isHead
  * Add a tab pane in the UI. tab header and tab contens are added
  * @param {HTMLElement} tabItemsNode root node for the tabs
  * @param {HTMLElement} tabContentsNode root node for the tab contents
- * @param {String} title name of the new tab
+ * @param {string} title name of the new tab
  * @param {String} contentHTML tab content for the new tab
- * @param {String} toolTip (optional) toolip on the tab item
- * @return {String} id of the tabpane content node
+ * @param {string} toolTip (optional) toolip on the tab item
  */
-export function addTab(tabItemsNode, tabContentsNode, title, contentHTML, toolTip = null) {
+export function addTab(tabItemsNode, tabContentsNode, title: string, contentHTML, toolTip: string = null) {
   const id = 'tab' + Math.random().toString(36).replace('0.', '');
 
   const li = document.createElement('li');
@@ -218,17 +232,17 @@ export function getAllElementsById(domObjects: object, searchRoot: DocumentFragm
 
  * @param unsafeString the string to sanitize.
  */
-export function sanitizeHTML(unsafeString: String) {
+export function sanitizeHTML(unsafeString: string) {
   return DOMPurify.sanitize(unsafeString);
 }
 
 /**
  * Show an error toast
- * @param {String} message Message for toast
- * @param {String} header Header for toast
- * @param {String} status Status text for toas
+ * @param {string} message Message for toast
+ * @param {string} header Header for toast
+ * @param {string} status Status text for toas
  */
-export function showError(message, header = 'Error', status = '') {
+export function showError(message: string, header: string = 'Error', status: string = '') {
   const domToast = document.createElement('div');
   domToast.classList.add('toast');
   domToast.innerHTML = `<div class="toast-header alert-danger">
@@ -249,9 +263,9 @@ export function showError(message, header = 'Error', status = '') {
 
 /**
  * Error object for user errors
- * @param {String} message Message that was displayed to the user in an error toast
+ * @param {string} message Message that was displayed to the user in an error toast
  */
-function UserException(message) {
+function UserException(message: string) {
   this.message = message;
   this.name = 'UserException';
 }
@@ -260,10 +274,10 @@ function UserException(message) {
  * User assertion. If the condition is false, a message is displayed to the user and execution breaks by throwing
  * an error.
  * @param {boolean} condition If false, an error is shown to the user
- * @param {String} message Message to be shown to the user
+ * @param {string} message Message to be shown to the user
  * @param {HTMLElement} validatedElement Optional element that was validated
  */
-export function assert(condition, message, validatedElement = null) {
+export function assert(condition, message: string, validatedElement = null) {
   if (validatedElement) {
     validatedElement.classList.remove('is-invalid');
   }
@@ -280,11 +294,11 @@ export function assert(condition, message, validatedElement = null) {
 
 /**
  * Simple Date format that makes ISO string more readable and cuts off the milliseconds
- * @param {String} dateISOString to format
+ * @param {string} dateISOString to format
  * @param {boolean} withMilliseconds don t cut off milliseconds if true
- * @return {String} formatted date
+ * @return {string} formatted date
  */
-export function formatDate(dateISOString, withMilliseconds = false) {
+export function formatDate(dateISOString: string, withMilliseconds = false): string {
   if (withMilliseconds) {
     return dateISOString.replace('T', ' ').replace('Z', '').replace('.', ' ');
   } else {
@@ -296,11 +310,11 @@ let modalConfirm;
 
 /**
  * Like from bootbox or bootprompt
- * @param {String} message confirm message
- * @param {String} action button text
+ * @param {string} message confirm message
+ * @param {string} action button text
  * @param {function} callback true if confirmed
  */
-export function confirm(message, action, callback) {
+export function confirm(message: string, action: string, callback) {
   modalConfirm = modalConfirm ?? new Modal('#modalConfirm');
   dom.modalBodyConfirm.textContent = message;
   dom.buttonConfirmed.innerText = action;
@@ -310,13 +324,13 @@ export function confirm(message, action, callback) {
 
 /**
  * Creates and configures an ace editor
- * @param {String} domId id of the dom element for the ace editor
+ * @param {string} domId id of the dom element for the ace editor
  * @param {*} sessionMode session mode of the ace editor
  * @param {*} readOnly sets the editor to read only and removes the line numbers
  * @param {*} wrap sets the editor wrap option.
  * @return {*} created ace editor
  */
-export function createAceEditor(domId, sessionMode, readOnly = false, wrap = false) {
+export function createAceEditor(domId: string, sessionMode, readOnly = false, wrap = false) {
   const result = ace.edit(domId);
   result.setOption('wrap', wrap);
   result.setOption('useWorker', false);
@@ -331,12 +345,12 @@ export function createAceEditor(domId, sessionMode, readOnly = false, wrap = fal
 
 /**
  * Creates a autocomplete input field
- * @param {String} selector selector for the input field
+ * @param {string} selector selector for the input field
  * @param {function} src src
- * @param {String} placeHolder placeholder for input field
+ * @param {string} placeHolder placeholder for input field
  * @return {Object} autocomplete instance
  */
-export function createAutoComplete(selector, src, placeHolder) {
+export function createAutoComplete(selector: string, src, placeHolder: string) {
   // eslint-disable-next-line new-cap
   return new autoComplete({
     selector: selector,
diff --git a/ui/package-lock.json b/ui/package-lock.json
index 952d4b0620..522b746e19 100644
--- a/ui/package-lock.json
+++ b/ui/package-lock.json
@@ -16,7 +16,8 @@
         "bootstrap-icons": "^1.11.3",
         "dompurify": "^3.1.6",
         "event-source-polyfill": "^1.0.31",
-        "jsonpath-plus": "^7.2.0"
+        "jsonpath-plus": "^7.2.0",
+        "oidc-client-ts": "^3.0.1"
       },
       "devDependencies": {
         "@types/ace": "^0.0.52",
@@ -4102,6 +4103,14 @@
         "node": ">=12.0.0"
       }
     },
+    "node_modules/jwt-decode": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/jwt-decode/-/jwt-decode-4.0.0.tgz",
+      "integrity": "sha512-+KJGIyHgkGuIq3IEBNftfhW/LfWhXUIY6OmyVWjliu5KH1y0fw7VQ8YndE2O4qZdMSd9SqbnC8GOcZEy0Om7sA==",
+      "engines": {
+        "node": ">=18"
+      }
+    },
     "node_modules/keyv": {
       "version": "4.5.4",
       "resolved": "https://registry.npmjs.org/keyv/-/keyv-4.5.4.tgz",
@@ -4299,6 +4308,17 @@
         "node": ">=8"
       }
     },
+    "node_modules/oidc-client-ts": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/oidc-client-ts/-/oidc-client-ts-3.0.1.tgz",
+      "integrity": "sha512-xX8unZNtmtw3sOz4FPSqDhkLFnxCDsdo2qhFEH2opgWnF/iXMFoYdBQzkwCxAZVgt3FT3DnuBY3k80EZHT0RYg==",
+      "dependencies": {
+        "jwt-decode": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=18"
+      }
+    },
     "node_modules/once": {
       "version": "1.4.0",
       "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz",
diff --git a/ui/package.json b/ui/package.json
index 33ca6820d4..fd8901874a 100644
--- a/ui/package.json
+++ b/ui/package.json
@@ -27,11 +27,12 @@
   "dependencies": {
     "@popperjs/core": "^2.11.8",
     "@tarekraafat/autocomplete.js": "^10.2.7",
-    "dompurify": "^3.1.6",
     "ace-builds": "^1.35.4",
     "bootstrap": "^5.3.3",
     "bootstrap-icons": "^1.11.3",
+    "dompurify": "^3.1.6",
     "event-source-polyfill": "^1.0.31",
-    "jsonpath-plus": "^7.2.0"
+    "jsonpath-plus": "^7.2.0",
+    "oidc-client-ts": "^3.0.1"
   }
 }
diff --git a/ui/readme.md b/ui/readme.md
index a26763161b..6dac549e8e 100644
--- a/ui/readme.md
+++ b/ui/readme.md
@@ -1,4 +1,18 @@
-# Getting started
+# Ditto UI Documentation
+
+## Configuration options
+
+TODO TJ describe possible configuration options
+
+### OpenID Connect configuration
+
+The Ditto UI makes use of the [oidc-client-ts](https://authts.github.io/oidc-client-ts/) library and simply delegates
+all configuration options to the [UserManager's constructor `settings`](https://authts.github.io/oidc-client-ts/classes/UserManager.html#constructor)'s 
+being of type [UserManagerSettings](https://authts.github.io/oidc-client-ts/interfaces/UserManagerSettings.html), 
+extending [OidcClientSettings](https://authts.github.io/oidc-client-ts/interfaces/OidcClientSettings.html).
+
+Please refer to the [oidc-client-ts](https://authts.github.io/oidc-client-ts/) documentation in order to configure your
+OIDC client accordingly.
 
 ## Development
 
@@ -16,4 +30,4 @@ Browse to the UI
 
 ## Build for production
 
-`npm run build`
\ No newline at end of file
+`npm run build`