diff --git a/Dockerfile b/Dockerfile
index 866c01bf47a4cff2589e9298b166d5b374fbe62b..de7bf4c86c857cb6d739b8036c3be39a7aa9f35f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -14,6 +14,7 @@ RUN cp /usr/share/maven/ref/settings-docker.xml /root/.m2/settings.xml \
 
 FROM hbpmip/java-base:11.0.1-1
 
+RUN apt-get update && apt-get install -y --no-install-recommends curl jq
 RUN rm -rf /var/lib/apt/lists/* /tmp/*
 
 COPY docker/config/application.tmpl /opt/portal/config/application.tmpl
@@ -42,10 +43,9 @@ ENV APP_NAME="Portal backend" \
 WORKDIR /home/portal
 ENTRYPOINT ["/run.sh"]
 
-# 8080: Web service API, health checks on http://host:8080$CONTEXT_PATH/health
 EXPOSE 8080
 
-HEALTHCHECK --start-period=60s CMD curl -v --silent http://localhost:8080$CONTEXT_PATH/health 2>&1 | grep UP
+HEALTHCHECK --start-period=60s CMD curl -v --silent http://localhost:8080/services/actuator/health 2>&1 | grep UP
 
 LABEL org.label-schema.build-date=$BUILD_DATE \
       org.label-schema.name="hbpmip/portal-backend" \
diff --git a/build.sh b/build.sh
index 6a18d98ecec05885651675049490ca44c990ec7f..ef4f10565705b3eb3d0fae54b60de23671f356bf 100755
--- a/build.sh
+++ b/build.sh
@@ -26,7 +26,7 @@ else
   DOCKER="sudo docker"
 fi
 
-IMAGE="kfilippopolitis/portal-backend"
+IMAGE="hbpmip/portal-backend"
 VCS_REF=$(git describe --tags --dirty)
 VERSION=$(git describe --tags --dirty)
 
diff --git a/docker/config/application.tmpl b/docker/config/application.tmpl
index 6c155eeb6e4e0e7d7fff6db9c82cdb83fbdf3acc..e6af51b24f0c74934e7c83c63fe518387d14a959 100644
--- a/docker/config/application.tmpl
+++ b/docker/config/application.tmpl
@@ -55,6 +55,7 @@ keycloak:
   auth-server-url: {{ .Env.KEYCLOAK_AUTH_URL }}
   realm: {{ .Env.KEYCLOAK_REALM }}
   resource: {{ .Env.KEYCLOAK_CLIENT_ID }}
+  use-resource-role-mappings: true
   enable-basic-auth: true
   credentials:
     secret: {{ .Env.KEYCLOAK_CLIENT_SECRET }}
diff --git a/src/main/java/eu/hbp/mip/configurations/SecurityConfiguration.java b/src/main/java/eu/hbp/mip/configurations/SecurityConfiguration.java
index 9f583da4ef31205007e7467c63cfaf95645a5f28..3526335dbfca2c8ffa12f299798c2fee4ea82a33 100644
--- a/src/main/java/eu/hbp/mip/configurations/SecurityConfiguration.java
+++ b/src/main/java/eu/hbp/mip/configurations/SecurityConfiguration.java
@@ -53,7 +53,7 @@ public class SecurityConfiguration extends KeycloakWebSecurityConfigurerAdapter
         if (authenticationEnabled) {
             http.authorizeRequests()
                     .antMatchers(
-                            "/sso/login",
+                            "/sso/login", "/actuator/**", 
                             "/v2/api-docs", "/swagger-ui/**", "/swagger-resources/**"  // Swagger URLs
                     ).permitAll()
                     .antMatchers("/galaxy*", "/galaxy/*").hasRole("WORKFLOW_ADMIN")
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
index d8d542b6bb2d78a46f0f52d87057ab71acca04cd..32ed7ce849a5ad568c572289fb8cf0cf823b7e66 100644
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@@ -53,6 +53,7 @@ keycloak:
   auth-server-url: "https://iam.humanbrainproject.eu/auth"
   realm: "MIP"
   resource: "mipfedqa"
+  use-resource-role-mappings: true
   enable-basic-auth: true
   credentials:
     secret: "dae83a6b-c769-4186-8383-f0984c6edf05"
@@ -72,12 +73,3 @@ server:
     contextPath: "/services"
   port: 8080
   forward-headers-strategy: native
-
-
-### ENDPOINTS ###
-endpoints:
-  enabled: true
-  health:
-    enabled: true
-    endpoint: "/health"
-    sensitive: false
\ No newline at end of file