diff --git a/.env b/.env
index f9ed347..e14aa2f 100644
--- a/.env
+++ b/.env
@@ -38,7 +38,6 @@ MESSENGER_TRANSPORT_DSN=doctrine://default?auto_setup=0
 
 ###> symfony/mailer ###
 # MAILER_DSN=null://null
-MAILER_SENDER_EMAIL=notifications@example.com
 ###< symfony/mailer ###
 
 ###> nelmio/cors-bundle ###
@@ -57,6 +56,10 @@ JWT_PASSPHRASE=827c9f8cce8bb82e75b2aec4a14a61f572ac28c7a8531f08dcdf1652573a7049
 LOCK_DSN=flock
 ###< symfony/lock ###
 
+
+MAILER_SENDER_EMAIL=notifications@example.com
+LIMITED_FEATURES=false
+OAUTH_ENABLED=false
 OAUTH_CLIENT_ID=
 OAUTH_CLIENT_SECRET=
 OAUTH_AUTHORIZATION_URL=
diff --git a/README.md b/README.md
index 4815ced..f8ab531 100644
--- a/README.md
+++ b/README.md
@@ -54,4 +54,4 @@ Contributions are welcome as long as they do not contravene the Code of Conduct.
 
 [^1]: RFC 3912 : WHOIS Protocol Specification. (2004). IETF Datatracker. https://datatracker.ietf.org/doc/html/rfc3912
 [^2]: 2023 Global Amendments to the Base gTLD Registry Agreement (RA), Specification 13, and 2013 Registrar
-Accreditation Agreement (RAA) - ICANN. (s. d.). https://www.icann.org/resources/pages/global-amendment-2023-en
+Accreditation Agreement (RAA) - ICANN. (2023). https://www.icann.org/resources/pages/global-amendment-2023-en
diff --git a/assets/App.tsx b/assets/App.tsx
index a73e081..489d015 100644
--- a/assets/App.tsx
+++ b/assets/App.tsx
@@ -48,7 +48,7 @@ export default function App() {
             if (location.pathname === '/login') navigate('/home')
         }).catch(() => {
             setIsAuthenticated(false)
-            navigate('/home')
+            if (location.pathname !== '/login') navigate('/home')
         })
     }, []);
 
diff --git a/assets/pages/LoginPage.tsx b/assets/pages/LoginPage.tsx
index f65762e..e42ab79 100644
--- a/assets/pages/LoginPage.tsx
+++ b/assets/pages/LoginPage.tsx
@@ -1,6 +1,6 @@
 import React, {createContext, useContext, useEffect, useState} from "react";
 import {Alert, Button, Card, Flex, Form, Input} from "antd";
-import {getUser, login} from "../utils/api";
+import {getConfiguration, getUser, InstanceConfig, login} from "../utils/api";
 import {useNavigate} from "react-router-dom";
 import {t} from 'ttag'
 
@@ -13,7 +13,8 @@ export const AuthenticatedContext = createContext<any>(null)
 
 export default function LoginPage() {
 
-    const [error, setError] = useState()
+    const [error, setError] = useState<string>()
+    const [configuration, setConfiguration] = useState<InstanceConfig>()
     const navigate = useNavigate()
     const {setIsAuthenticated} = useContext(AuthenticatedContext)
 
@@ -32,6 +33,7 @@ export default function LoginPage() {
             setIsAuthenticated(true)
             navigate('/home')
         })
+        getConfiguration().then(setConfiguration)
     }, [])
 
     return <Flex gap="middle" align="center" justify="center" vertical><Card
@@ -75,11 +77,11 @@ export default function LoginPage() {
                     {t`Submit`}
                 </Button>
             </Form.Item>
-            <Form.Item wrapperCol={{offset: 8, span: 16}}>
+            {configuration?.ssoLogin && <Form.Item wrapperCol={{offset: 8, span: 16}}>
                 <Button type="primary" htmlType="button" href="/login/oauth">
                     {t`Log in with SSO`}
                 </Button>
-            </Form.Item>
+            </Form.Item>}
         </Form>
     </Card>
     </Flex>
diff --git a/assets/utils/api/index.ts b/assets/utils/api/index.ts
index 47f8bdb..468552f 100644
--- a/assets/utils/api/index.ts
+++ b/assets/utils/api/index.ts
@@ -71,6 +71,11 @@ export interface Watchlist {
     connector?: string
 }
 
+export interface InstanceConfig {
+    ssoLogin: boolean
+    limtedFeatures: boolean
+}
+
 export async function request<T = any, R = AxiosResponse<T>, D = any>(config: AxiosRequestConfig): Promise<R> {
     const axiosConfig: AxiosRequestConfig = {
         ...config,
@@ -84,6 +89,7 @@ export async function request<T = any, R = AxiosResponse<T>, D = any>(config: Ax
     return await axios.request<T, R, D>(axiosConfig)
 }
 
+
 export * from './domain'
 export * from './tld'
 export * from './user'
diff --git a/assets/utils/api/user.ts b/assets/utils/api/user.ts
index 1de9380..b3b170d 100644
--- a/assets/utils/api/user.ts
+++ b/assets/utils/api/user.ts
@@ -1,4 +1,4 @@
-import {request, User} from "./index";
+import {InstanceConfig, request, User} from "./index";
 
 
 export async function login(email: string, password: string): Promise<boolean> {
@@ -16,3 +16,10 @@ export async function getUser(): Promise<User> {
     })
     return response.data
 }
+
+export async function getConfiguration(): Promise<InstanceConfig> {
+    const response = await request<InstanceConfig>({
+        url: 'config'
+    })
+    return response.data
+}
\ No newline at end of file
diff --git a/config/packages/security.yaml b/config/packages/security.yaml
index b187afe..50f1eb3 100644
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@@ -70,6 +70,7 @@ security:
         - { path: ^/api$, roles: PUBLIC_ACCESS }
         - { path: ^/api/docs, roles: PUBLIC_ACCESS }
         - { path: "^/api/watchlists/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/calendar$", roles: PUBLIC_ACCESS }
+        - { path: "^/api/config$", roles: PUBLIC_ACCESS }
         - { path: ^/api, roles: IS_AUTHENTICATED_FULLY }
 
 when@test:
diff --git a/config/services.yaml b/config/services.yaml
index b11a78a..98de89d 100644
--- a/config/services.yaml
+++ b/config/services.yaml
@@ -4,7 +4,9 @@
 # Put parameters here that don't need to change on each machine where the app is deployed
 # https://symfony.com/doc/current/best_practices.html#use-parameters-for-application-configuration
 parameters:
-    mailer_sender_email: '%env(MAILER_SENDER_EMAIL)%'
+    mailer_sender_email: '%env(string:MAILER_SENDER_EMAIL)%'
+    oauth_enabled: '%env(bool:OAUTH_ENABLED)%'
+    limited_features: '%env(bool:LIMITED_FEATURES)%'
 
 services:
     # default configuration for services in *this* file
diff --git a/src/Controller/InstanceController.php b/src/Controller/InstanceController.php
new file mode 100644
index 0000000..568760d
--- /dev/null
+++ b/src/Controller/InstanceController.php
@@ -0,0 +1,20 @@
+<?php
+
+namespace App\Controller;
+
+use App\Entity\Instance;
+use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+
+class InstanceController extends AbstractController
+{
+    public function __invoke(): Instance
+    {
+        $instance = new Instance();
+
+        $instance
+            ->setLimitedFeatures($this->getParameter('limited_features') ?? false)
+            ->setOauthEnabled($this->getParameter('oauth_enabled'));
+
+        return $instance;
+    }
+}
diff --git a/src/Entity/Connector.php b/src/Entity/Connector.php
index b60fbfe..a4e1d60 100644
--- a/src/Entity/Connector.php
+++ b/src/Entity/Connector.php
@@ -24,11 +24,13 @@ use Symfony\Component\Uid\Uuid;
             name: 'get_all_mine',
         ),
         new Get(
-            normalizationContext: ['groups' => 'connector:list']
+            normalizationContext: ['groups' => 'connector:list'],
+            security: 'object.user == user'
         ),
         new Post(
-            routeName: 'connector_create', normalizationContext: ['groups' => ['connector:create', 'connector:list']],
-            denormalizationContext: ['groups' => 'connector:create'],
+            routeName: 'connector_create',
+            normalizationContext: ['groups' => ['connector:create', 'connector:list']], denormalizationContext: ['groups' => 'connector:create'],
+            security: 'object.user == user',
             name: 'create'
         ),
         new Delete(),
@@ -44,7 +46,7 @@ class Connector
 
     #[ORM\ManyToOne(inversedBy: 'connectors')]
     #[ORM\JoinColumn(nullable: false)]
-    private ?User $user = null;
+    public ?User $user = null;
 
     #[Groups(['connector:list', 'connector:create', 'watchlist:list'])]
     #[ORM\Column(enumType: ConnectorProvider::class)]
diff --git a/src/Entity/Instance.php b/src/Entity/Instance.php
new file mode 100644
index 0000000..9812b31
--- /dev/null
+++ b/src/Entity/Instance.php
@@ -0,0 +1,48 @@
+<?php
+
+namespace App\Entity;
+
+use ApiPlatform\Metadata\ApiResource;
+use ApiPlatform\Metadata\Get;
+use App\Controller\InstanceController;
+
+#[ApiResource(
+    operations: [
+        new Get(
+            uriTemplate: '/config',
+            controller: InstanceController::class,
+            shortName: 'Configuration',
+            read: false,
+        ),
+    ]
+)]
+class Instance
+{
+    private ?bool $oauthEnabled = null;
+
+    private ?bool $limitedFeatures = null;
+
+    public function isSsoLogin(): ?bool
+    {
+        return $this->oauthEnabled;
+    }
+
+    public function setOauthEnabled(bool $oauthEnabled): static
+    {
+        $this->oauthEnabled = $oauthEnabled;
+
+        return $this;
+    }
+
+    public function isLimitedFeatures(): ?bool
+    {
+        return $this->limitedFeatures;
+    }
+
+    public function setLimitedFeatures(bool $limitedFeatures): static
+    {
+        $this->limitedFeatures = $limitedFeatures;
+
+        return $this;
+    }
+}
diff --git a/src/Entity/WatchList.php b/src/Entity/WatchList.php
index b4b1037..8cd8911 100644
--- a/src/Entity/WatchList.php
+++ b/src/Entity/WatchList.php
@@ -27,7 +27,8 @@ use Symfony\Component\Uid\Uuid;
             name: 'get_all_mine',
         ),
         new Get(
-            normalizationContext: ['groups' => 'watchlist:item']
+            normalizationContext: ['groups' => 'watchlist:item'],
+            security: 'object.user == user'
         ),
         new Get(
             routeName: 'watchlist_calendar',
@@ -73,7 +74,7 @@ class WatchList
 
     #[ORM\ManyToOne(targetEntity: User::class, inversedBy: 'watchLists')]
     #[ORM\JoinColumn(nullable: false)]
-    private ?User $user = null;
+    public ?User $user = null;
 
     /**
      * @var Collection<int, Domain>
diff --git a/translations/translations.pot b/translations/translations.pot
index 0c8f2b0..edad6df 100644
--- a/translations/translations.pot
+++ b/translations/translations.pot
@@ -57,8 +57,8 @@ msgstr ""
 #: assets/components/tracking/ConnectorForm.tsx:110
 #: assets/components/tracking/ConnectorForm.tsx:119
 #: assets/components/tracking/WatchlistForm.tsx:102
-#: assets/pages/LoginPage.tsx:60
-#: assets/pages/LoginPage.tsx:68
+#: assets/pages/LoginPage.tsx:62
+#: assets/pages/LoginPage.tsx:70
 msgid "Required"
 msgstr ""
 
@@ -319,7 +319,7 @@ msgid "Log out"
 msgstr ""
 
 #: assets/components/Sider.tsx:120
-#: assets/pages/LoginPage.tsx:38
+#: assets/pages/LoginPage.tsx:40
 msgid "Log in"
 msgstr ""
 
@@ -427,7 +427,7 @@ msgid ""
 "their country of origin."
 msgstr ""
 
-#: assets/pages/LoginPage.tsx:58
+#: assets/pages/LoginPage.tsx:60
 #: assets/pages/watchdog/UserPage.tsx:18
 msgid "Username"
 msgstr ""
@@ -456,19 +456,19 @@ msgstr ""
 msgid "Sorry, the page you visited does not exist."
 msgstr ""
 
-#: assets/pages/LoginPage.tsx:43
+#: assets/pages/LoginPage.tsx:45
 msgid "Error"
 msgstr ""
 
-#: assets/pages/LoginPage.tsx:66
+#: assets/pages/LoginPage.tsx:68
 msgid "Password"
 msgstr ""
 
-#: assets/pages/LoginPage.tsx:75
+#: assets/pages/LoginPage.tsx:77
 msgid "Submit"
 msgstr ""
 
-#: assets/pages/LoginPage.tsx:80
+#: assets/pages/LoginPage.tsx:82
 msgid "Log in with SSO"
 msgstr ""