feat: show api error message when logging in fails

2024-11-13 14:46:21 +00:00
125 changed files with 18244 additions and 20183 deletions
--- a/.devcontainer/boot.sh
+++ b/.devcontainer/boot.sh
@@ -5,11 +5,8 @@ BACKEND_PORT=3000
 WEB_PORT=3001
 echo "Configuring backend environment variables..."
 cd packages/backend
 rm -rf .env
 echo "
 PORT=$BACKEND_PORT
 WEB_APP_URL=http://localhost:$WEB_PORT
@@ -24,34 +21,23 @@ WEBHOOK_SECRET_KEY=sample_webhook_secret_key
 APP_SECRET_KEY=sample_app_secret_key
 REDIS_HOST=redis
 SERVE_WEB_APP_SEPARATELY=true" >> .env
 echo "Installing backend dependencies..."
 yarn
 cd $CURRENT_DIR
 echo "Configuring web environment variables..."
 cd packages/web
 rm -rf .env
 echo "
 PORT=$WEB_PORT
 REACT_APP_BACKEND_URL=http://localhost:$BACKEND_PORT
 " >> .env
 echo "Installing web dependencies..."
 yarn
 cd $CURRENT_DIR
 echo "Installing and linking dependencies..."
 yarn
 yarn lerna bootstrap
 echo "Migrating database..."
 cd packages/backend
 yarn db:migrate
 yarn db:seed:user
--- a/.github/workflows/backend.yml
+++ b/.github/workflows/backend.yml
@@ -41,11 +41,8 @@ jobs:
        with:
          node-version: 18
      - name: Install dependencies
-        run: yarn
+        run: cd packages/backend && yarn
        working-directory: packages/backend
      - name: Copy .env-example.test file to .env.test
-        run: cp .env-example.test .env.test
+        run: cd packages/backend && cp .env-example.test .env.test
        working-directory: packages/backend
      - name: Run tests
-        run: yarn test:coverage
+        run: cd packages/backend && yarn test
        working-directory: packages/backend
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -18,13 +18,11 @@ jobs:
        with:
          node-version: '18'
          cache: 'yarn'
-          cache-dependency-path: packages/backend/yarn.lock
+          cache-dependency-path: yarn.lock
      - run: echo "💡 The ${{ github.repository }} repository has been cloned to the runner."
      - run: echo "🖥️ The workflow is now ready to test your code on the runner."
      - run: yarn --frozen-lockfile
-        working-directory: packages/backend
+      - run: cd packages/backend && yarn lint
      - run: yarn lint
        working-directory: packages/backend
      - run: echo "🍏 This job's status is ${{ job.status }}."
  start-backend-server:
    runs-on: ubuntu-latest
@@ -37,13 +35,11 @@ jobs:
        with:
          node-version: '18'
          cache: 'yarn'
-          cache-dependency-path: packages/backend/yarn.lock
+          cache-dependency-path: yarn.lock
      - run: echo "💡 The ${{ github.repository }} repository has been cloned to the runner."
      - run: echo "🖥️ The workflow is now ready to test your code on the runner."
-      - run: yarn --frozen-lockfile
+      - run: yarn --frozen-lockfile && yarn lerna bootstrap
-        working-directory: packages/backend
+      - run: cd packages/backend && yarn start
      - run: yarn start
        working-directory: packages/backend
        env:
          ENCRYPTION_KEY: sample_encryption_key
          WEBHOOK_SECRET_KEY: sample_webhook_secret_key
@@ -59,13 +55,11 @@ jobs:
        with:
          node-version: '18'
          cache: 'yarn'
-          cache-dependency-path: packages/backend/yarn.lock
+          cache-dependency-path: yarn.lock
      - run: echo "💡 The ${{ github.repository }} repository has been cloned to the runner."
      - run: echo "🖥️ The workflow is now ready to test your code on the runner."
-      - run: yarn --frozen-lockfile
+      - run: yarn --frozen-lockfile && yarn lerna bootstrap
-        working-directory: packages/backend
+      - run: cd packages/backend && yarn start:worker
      - run: yarn start:worker
        working-directory: packages/backend
        env:
          ENCRYPTION_KEY: sample_encryption_key
          WEBHOOK_SECRET_KEY: sample_webhook_secret_key
@@ -81,13 +75,11 @@ jobs:
        with:
          node-version: '18'
          cache: 'yarn'
-          cache-dependency-path: packages/web/yarn.lock
+          cache-dependency-path: yarn.lock
      - run: echo "💡 The ${{ github.repository }} repository has been cloned to the runner."
      - run: echo "🖥️ The workflow is now ready to test your code on the runner."
-      - run: yarn --frozen-lockfile
+      - run: yarn --frozen-lockfile && yarn lerna bootstrap
-        working-directory: packages/web
+      - run: cd packages/web && yarn build
      - run: yarn build
        working-directory: packages/web
        env:
          CI: false
      - run: echo "🍏 This job's status is ${{ job.status }}."
--- a/.github/workflows/playwright.yml
+++ b/.github/workflows/playwright.yml
@@ -3,7 +3,6 @@ on:
  push:
    branches:
      - main
  # TODO: Add pull request after optimizing the total excecution time of the test suite.
  pull_request:
    paths:
      - 'packages/backend/**'
@@ -59,21 +58,13 @@ jobs:
      - uses: actions/setup-node@v3
        with:
          node-version: 18
-      - name: Install web dependencies
+      - name: Install dependencies
-        run: yarn
+        run: yarn && yarn lerna bootstrap
        working-directory: ./packages/web
      - name: Install backend dependencies
        run: yarn
        working-directory: ./packages/backend
      - name: Install e2e-tests dependencies
        run: yarn
        working-directory: ./packages/e2e-tests
      - name: Install Playwright Browsers
        run: yarn playwright install --with-deps
        working-directory: ./packages/e2e-tests
      - name: Build Automatisch web
        run: yarn build
        working-directory: ./packages/web
        run: yarn build
        env:
          # Keep this until we clean up warnings in build processes
          CI: false
--- a/.gitignore
+++ b/.gitignore
@@ -4,6 +4,7 @@ logs
 npm-debug.log*
 yarn-debug.log*
 yarn-error.log*
 lerna-debug.log*
 .pnpm-debug.log*
 # Diagnostic reports (https://nodejs.org/api/report.html)
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -11,12 +11,10 @@ WORKDIR /automatisch
 # copy the app, note .dockerignore
 COPY . /automatisch
-RUN cd packages/web && yarn
+RUN yarn
 RUN cd packages/web && yarn build
 RUN cd packages/backend && yarn --production
 RUN \
  rm -rf /usr/local/share/.cache/ && \
  apk del build-dependencies
--- a/lerna.json
+++ b/lerna.json
@@ -0,0 +1,13 @@
 {
  "packages": [
    "packages/*"
  ],
  "version": "0.10.0",
  "npmClient": "yarn",
  "useWorkspaces": true,
  "command": {
    "add": {
      "exact": true
    }
  }
 }
--- a/package.json
+++ b/package.json
@@ -0,0 +1,32 @@
 {
  "name": "@automatisch/root",
  "license": "See LICENSE file",
  "private": true,
  "scripts": {
    "start": "lerna run --stream --parallel --scope=@*/{web,backend} dev",
    "start:web": "lerna run --stream --scope=@*/web dev",
    "start:backend": "lerna run --stream --scope=@*/backend dev",
    "build:docs": "cd ./packages/docs && yarn install && yarn build"
  },
  "workspaces": {
    "packages": [
      "packages/*"
    ],
    "nohoist": [
      "**/babel-loader",
      "**/webpack",
      "**/@automatisch/web",
      "**/ajv"
    ]
  },
  "devDependencies": {
    "eslint": "^8.13.0",
    "eslint-config-prettier": "^8.3.0",
    "eslint-plugin-prettier": "^4.0.0",
    "lerna": "^4.0.0",
    "prettier": "^2.5.1"
  },
  "publishConfig": {
    "access": "public"
  }
 }
--- a/packages/backend/package.json
+++ b/packages/backend/package.json
@@ -12,7 +12,6 @@
    "pretest": "APP_ENV=test node ./test/setup/prepare-test-env.js",
    "test": "APP_ENV=test vitest run",
    "test:watch": "APP_ENV=test vitest watch",
    "test:coverage": "yarn test --coverage",
    "lint": "eslint .",
    "db:create": "node ./bin/database/create.js",
    "db:seed:user": "node ./bin/database/seed-user.js",
@@ -24,7 +23,6 @@
  "dependencies": {
    "@bull-board/express": "^3.10.1",
    "@casl/ability": "^6.5.0",
    "@faker-js/faker": "^9.2.0",
    "@node-saml/passport-saml": "^4.0.4",
    "@rudderstack/rudder-sdk-node": "^1.1.2",
    "@sentry/node": "^7.42.0",
@@ -38,9 +36,6 @@
    "crypto-js": "^4.1.1",
    "debug": "~2.6.9",
    "dotenv": "^10.0.0",
    "eslint": "^8.13.0",
    "eslint-config-prettier": "^8.3.0",
    "eslint-plugin-prettier": "^4.0.0",
    "express": "~4.18.2",
    "express-async-errors": "^3.1.1",
    "express-basic-auth": "^1.2.1",
@@ -66,7 +61,6 @@
    "pg": "^8.7.1",
    "php-serialize": "^4.0.2",
    "pluralize": "^8.0.0",
    "prettier": "^2.5.1",
    "raw-body": "^2.5.2",
    "showdown": "^2.1.0",
    "uuid": "^9.0.1",
@@ -98,11 +92,10 @@
    "url": "https://github.com/automatisch/automatisch/issues"
  },
  "devDependencies": {
    "@vitest/coverage-v8": "^2.1.5",
    "node-gyp": "^10.1.0",
    "nodemon": "^2.0.13",
    "supertest": "^6.3.3",
-    "vitest": "^2.1.5"
+    "vitest": "^1.1.3"
  },
  "publishConfig": {
    "access": "public"
--- a/packages/backend/src/apps/wordpress/auth/index.js
+++ b/packages/backend/src/apps/wordpress/auth/index.js
@@ -8,7 +8,7 @@ export default {
      key: 'instanceUrl',
      label: 'WordPress instance URL',
      type: 'string',
-      required: true,
+      required: false,
      readOnly: false,
      value: null,
      placeholder: null,
--- a/packages/backend/src/config/app.js
+++ b/packages/backend/src/config/app.js
@@ -52,7 +52,7 @@ const appConfig = {
  isDev: appEnv === 'development',
  isTest: appEnv === 'test',
  isProd: appEnv === 'production',
-  version: '0.14.0',
+  version: '0.13.1',
  postgresDatabase: process.env.POSTGRES_DATABASE || 'automatisch_development',
  postgresSchema: process.env.POSTGRES_SCHEMA || 'public',
  postgresPort: parseInt(process.env.POSTGRES_PORT || '5432'),
--- a/packages/backend/src/controllers/api/v1/admin/apps/create-config.ee.js
+++ b/packages/backend/src/controllers/api/v1/admin/apps/create-config.ee.js
@@ -10,11 +10,12 @@ export default async (request, response) => {
 };
 const appConfigParams = (request) => {
-  const { useOnlyPredefinedAuthClients, disabled } = request.body;
+  const { customConnectionAllowed, shared, disabled } = request.body;
  return {
    key: request.params.appKey,
-    useOnlyPredefinedAuthClients,
+    customConnectionAllowed,
    shared,
    disabled,
  };
 };
--- a/packages/backend/src/controllers/api/v1/admin/apps/create-config.ee.test.js
+++ b/packages/backend/src/controllers/api/v1/admin/apps/create-config.ee.test.js
@@ -23,7 +23,8 @@ describe('POST /api/v1/admin/apps/:appKey/config', () => {
  it('should return created app config', async () => {
    const appConfig = {
-      useOnlyPredefinedAuthClients: false,
+      customConnectionAllowed: true,
      shared: true,
      disabled: false,
    };
@@ -37,14 +38,14 @@ describe('POST /api/v1/admin/apps/:appKey/config', () => {
      ...appConfig,
      key: 'gitlab',
    });
    expect(response.body).toMatchObject(expectedPayload);
  });
  it('should return HTTP 422 for already existing app config', async () => {
    const appConfig = {
      key: 'gitlab',
-      useOnlyPredefinedAuthClients: false,
+      customConnectionAllowed: true,
      shared: true,
      disabled: false,
    };
--- a/packages/backend/src/controllers/api/v1/admin/apps/update-config.ee.js
+++ b/packages/backend/src/controllers/api/v1/admin/apps/update-config.ee.js
@@ -17,10 +17,11 @@ export default async (request, response) => {
 };
 const appConfigParams = (request) => {
-  const { useOnlyPredefinedAuthClients, disabled } = request.body;
+  const { customConnectionAllowed, shared, disabled } = request.body;
  return {
-    useOnlyPredefinedAuthClients,
+    customConnectionAllowed,
    shared,
    disabled,
  };
 };
--- a/packages/backend/src/controllers/api/v1/admin/apps/update-config.ee.test.js
+++ b/packages/backend/src/controllers/api/v1/admin/apps/update-config.ee.test.js
@@ -24,15 +24,17 @@ describe('PATCH /api/v1/admin/apps/:appKey/config', () => {
  it('should return updated app config', async () => {
    const appConfig = {
      key: 'gitlab',
-      useOnlyPredefinedAuthClients: true,
+      customConnectionAllowed: true,
      shared: true,
      disabled: false,
    };
    await createAppConfig(appConfig);
    const newAppConfigValues = {
      shared: false,
      disabled: true,
-      useOnlyPredefinedAuthClients: false,
+      customConnectionAllowed: false,
    };
    const response = await request(app)
@@ -51,8 +53,9 @@ describe('PATCH /api/v1/admin/apps/:appKey/config', () => {
  it('should return not found response for unexisting app config', async () => {
    const appConfig = {
      shared: false,
      disabled: true,
-      useOnlyPredefinedAuthClients: false,
+      customConnectionAllowed: false,
    };
    await request(app)
@@ -65,7 +68,8 @@ describe('PATCH /api/v1/admin/apps/:appKey/config', () => {
  it('should return HTTP 422 for invalid app config data', async () => {
    const appConfig = {
      key: 'gitlab',
-      useOnlyPredefinedAuthClients: true,
+      customConnectionAllowed: true,
      shared: true,
      disabled: false,
    };
--- a/packages/backend/src/controllers/api/v1/admin/saml-auth-providers/get-role-mappings.ee.js
+++ b/packages/backend/src/controllers/api/v1/admin/saml-auth-providers/get-role-mappings.ee.js
@@ -7,7 +7,7 @@ export default async (request, response) => {
    .throwIfNotFound();
  const roleMappings = await samlAuthProvider
-    .$relatedQuery('roleMappings')
+    .$relatedQuery('samlAuthProvidersRoleMappings')
    .orderBy('remote_role_name', 'asc');
  renderObject(response, roleMappings);
--- a/packages/backend/src/controllers/api/v1/admin/saml-auth-providers/update-role-mappings.ee.js
+++ b/packages/backend/src/controllers/api/v1/admin/saml-auth-providers/update-role-mappings.ee.js
@@ -8,14 +8,15 @@ export default async (request, response) => {
    .findById(samlAuthProviderId)
    .throwIfNotFound();
-  const roleMappings = await samlAuthProvider.updateRoleMappings(
+  const samlAuthProvidersRoleMappings =
-    roleMappingsParams(request)
+    await samlAuthProvider.updateRoleMappings(
-  );
+      samlAuthProvidersRoleMappingsParams(request)
    );
-  renderObject(response, roleMappings);
+  renderObject(response, samlAuthProvidersRoleMappings);
 };
-const roleMappingsParams = (request) => {
+const samlAuthProvidersRoleMappingsParams = (request) => {
  const roleMappings = request.body;
  return roleMappings.map(({ roleId, remoteRoleName }) => ({
--- a/packages/backend/src/controllers/api/v1/admin/saml-auth-providers/update-role-mappings.ee.test.js
+++ b/packages/backend/src/controllers/api/v1/admin/saml-auth-providers/update-role-mappings.ee.test.js
@@ -6,7 +6,7 @@ import createAuthTokenByUserId from '../../../../../helpers/create-auth-token-by
 import { createRole } from '../../../../../../test/factories/role.js';
 import { createUser } from '../../../../../../test/factories/user.js';
 import { createSamlAuthProvider } from '../../../../../../test/factories/saml-auth-provider.ee.js';
-import { createRoleMapping } from '../../../../../../test/factories/role-mapping.js';
+import { createSamlAuthProvidersRoleMapping } from '../../../../../../test/factories/saml-auth-providers-role-mapping.js';
 import createRoleMappingsMock from '../../../../../../test/mocks/rest/api/v1/admin/saml-auth-providers/update-role-mappings.ee.js';
 import * as license from '../../../../../helpers/license.ee.js';
@@ -21,12 +21,12 @@ describe('PATCH /api/v1/admin/saml-auth-providers/:samlAuthProviderId/role-mappi
    samlAuthProvider = await createSamlAuthProvider();
-    await createRoleMapping({
+    await createSamlAuthProvidersRoleMapping({
      samlAuthProviderId: samlAuthProvider.id,
      remoteRoleName: 'Viewer',
    });
-    await createRoleMapping({
+    await createSamlAuthProvidersRoleMapping({
      samlAuthProviderId: samlAuthProvider.id,
      remoteRoleName: 'Editor',
    });
@@ -64,7 +64,7 @@ describe('PATCH /api/v1/admin/saml-auth-providers/:samlAuthProviderId/role-mappi
  it('should delete role mappings when given empty role mappings', async () => {
    const existingRoleMappings = await samlAuthProvider.$relatedQuery(
-      'roleMappings'
+      'samlAuthProvidersRoleMappings'
    );
    expect(existingRoleMappings.length).toBe(2);
@@ -149,4 +149,34 @@ describe('PATCH /api/v1/admin/saml-auth-providers/:samlAuthProviderId/role-mappi
      .send(roleMappings)
      .expect(404);
  });
  it('should not delete existing role mapping when error thrown', async () => {
    const roleMappings = [
      {
        roleId: userRole.id,
        remoteRoleName: {
          invalid: 'data',
        },
      },
    ];
    const roleMappingsBeforeRequest = await samlAuthProvider.$relatedQuery(
      'samlAuthProvidersRoleMappings'
    );
    await request(app)
      .patch(
        `/api/v1/admin/saml-auth-providers/${samlAuthProvider.id}/role-mappings`
      )
      .set('Authorization', token)
      .send(roleMappings)
      .expect(422);
    const roleMappingsAfterRequest = await samlAuthProvider.$relatedQuery(
      'samlAuthProvidersRoleMappings'
    );
    expect(roleMappingsBeforeRequest).toStrictEqual(roleMappingsAfterRequest);
    expect(roleMappingsAfterRequest.length).toBe(2);
  });
 });
--- a/packages/backend/src/controllers/api/v1/apps/create-connection.test.js
+++ b/packages/backend/src/controllers/api/v1/apps/create-connection.test.js
@@ -155,7 +155,7 @@ describe('POST /api/v1/apps/:appKey/connections', () => {
      await createAppConfig({
        key: 'gitlab',
        disabled: false,
-        useOnlyPredefinedAuthClients: false,
+        customConnectionAllowed: true,
      });
    });
@@ -218,7 +218,7 @@ describe('POST /api/v1/apps/:appKey/connections', () => {
      await createAppConfig({
        key: 'gitlab',
        disabled: false,
-        useOnlyPredefinedAuthClients: true,
+        customConnectionAllowed: false,
      });
    });
@@ -266,14 +266,14 @@ describe('POST /api/v1/apps/:appKey/connections', () => {
    });
  });
-  describe('with auth client enabled', async () => {
+  describe('with auth clients enabled', async () => {
    let appAuthClient;
    beforeEach(async () => {
      await createAppConfig({
        key: 'gitlab',
        disabled: false,
-        useOnlyPredefinedAuthClients: false,
+        shared: true,
      });
      appAuthClient = await createAppAuthClient({
@@ -310,6 +310,19 @@ describe('POST /api/v1/apps/:appKey/connections', () => {
      expect(response.body).toStrictEqual(expectedPayload);
    });
    it('should return not authorized response for appAuthClientId and formattedData together', async () => {
      const connectionData = {
        appAuthClientId: appAuthClient.id,
        formattedData: {},
      };
      await request(app)
        .post('/api/v1/apps/gitlab/connections')
        .set('Authorization', token)
        .send(connectionData)
        .expect(403);
    });
    it('should return not found response for invalid app key', async () => {
      await request(app)
        .post('/api/v1/apps/invalid-app-key/connections')
@@ -336,20 +349,18 @@ describe('POST /api/v1/apps/:appKey/connections', () => {
      });
    });
  });
-
+  describe('with auth clients disabled', async () => {
  describe('with auth client disabled', async () => {
    let appAuthClient;
    beforeEach(async () => {
      await createAppConfig({
        key: 'gitlab',
        disabled: false,
-        useOnlyPredefinedAuthClients: false,
+        shared: false,
      });
      appAuthClient = await createAppAuthClient({
        appKey: 'gitlab',
        active: false,
      });
    });
@@ -362,7 +373,7 @@ describe('POST /api/v1/apps/:appKey/connections', () => {
        .post('/api/v1/apps/gitlab/connections')
        .set('Authorization', token)
        .send(connectionData)
-        .expect(404);
+        .expect(403);
    });
    it('should return not found response for invalid app key', async () => {
--- a/packages/backend/src/controllers/api/v1/apps/get-config.ee.test.js
+++ b/packages/backend/src/controllers/api/v1/apps/get-config.ee.test.js
@@ -17,7 +17,8 @@ describe('GET /api/v1/apps/:appKey/config', () => {
    appConfig = await createAppConfig({
      key: 'deepl',
-      useOnlyPredefinedAuthClients: false,
+      customConnectionAllowed: true,
      shared: true,
      disabled: false,
    });
--- a/packages/backend/src/controllers/api/v1/apps/get-connections.test.js
+++ b/packages/backend/src/controllers/api/v1/apps/get-connections.test.js
@@ -87,14 +87,14 @@ describe('GET /api/v1/apps/:appKey/connections', () => {
  it('should return not found response for invalid connection UUID', async () => {
    await createPermission({
-      action: 'read',
+      action: 'update',
      subject: 'Connection',
      roleId: currentUserRole.id,
      conditions: ['isCreator'],
    });
    await request(app)
-      .get('/api/v1/apps/invalid-connection-id/connections')
+      .get('/api/v1/connections/invalid-connection-id/connections')
      .set('Authorization', token)
      .expect(404);
  });
--- a/packages/backend/src/controllers/api/v1/automatisch/version.test.js
+++ b/packages/backend/src/controllers/api/v1/automatisch/version.test.js
@@ -10,7 +10,7 @@ describe('GET /api/v1/automatisch/version', () => {
    const expectedPayload = {
      data: {
-        version: '0.14.0',
+        version: '0.13.1',
      },
      meta: {
        count: 1,
--- a/packages/backend/src/controllers/api/v1/connections/reset-connection.test.js
+++ b/packages/backend/src/controllers/api/v1/connections/reset-connection.test.js
@@ -47,6 +47,7 @@ describe('POST /api/v1/connections/:connectionId/reset', () => {
    const expectedPayload = resetConnectionMock({
      ...refetchedCurrentUserConnection,
      reconnectable: refetchedCurrentUserConnection.reconnectable,
      formattedData: {
        screenName: 'Connection name',
      },
--- a/packages/backend/src/controllers/api/v1/connections/update-connection.test.js
+++ b/packages/backend/src/controllers/api/v1/connections/update-connection.test.js
@@ -55,9 +55,10 @@ describe('PATCH /api/v1/connections/:connectionId', () => {
    const refetchedCurrentUserConnection = await currentUserConnection.$query();
-    const expectedPayload = updateConnectionMock(
+    const expectedPayload = updateConnectionMock({
-      refetchedCurrentUserConnection
+      ...refetchedCurrentUserConnection,
-    );
+      reconnectable: refetchedCurrentUserConnection.reconnectable,
    });
    expect(response.body).toStrictEqual(expectedPayload);
  });
--- a/packages/backend/src/controllers/api/v1/steps/create-dynamic-data.test.js
+++ b/packages/backend/src/controllers/api/v1/steps/create-dynamic-data.test.js
@@ -193,7 +193,7 @@ describe('POST /api/v1/steps/:stepId/dynamic-data', () => {
    const notExistingStepUUID = Crypto.randomUUID();
    await request(app)
-      .post(`/api/v1/steps/${notExistingStepUUID}/dynamic-data`)
+      .get(`/api/v1/steps/${notExistingStepUUID}/dynamic-data`)
      .set('Authorization', token)
      .expect(404);
  });
@@ -216,7 +216,7 @@ describe('POST /api/v1/steps/:stepId/dynamic-data', () => {
    const step = await createStep({ appKey: null });
    await request(app)
-      .post(`/api/v1/steps/${step.id}/dynamic-data`)
+      .get(`/api/v1/steps/${step.id}/dynamic-data`)
      .set('Authorization', token)
      .expect(404);
  });
--- a/packages/backend/src/controllers/api/v1/steps/create-dynamic-fields.test.js
+++ b/packages/backend/src/controllers/api/v1/steps/create-dynamic-fields.test.js
@@ -118,7 +118,7 @@ describe('POST /api/v1/steps/:stepId/dynamic-fields', () => {
    const notExistingStepUUID = Crypto.randomUUID();
    await request(app)
-      .post(`/api/v1/steps/${notExistingStepUUID}/dynamic-fields`)
+      .get(`/api/v1/steps/${notExistingStepUUID}/dynamic-fields`)
      .set('Authorization', token)
      .expect(404);
  });
@@ -138,11 +138,10 @@ describe('POST /api/v1/steps/:stepId/dynamic-fields', () => {
      conditions: [],
    });
-    const step = await createStep();
+    const step = await createStep({ appKey: null });
    await step.$query().patch({ appKey: null });
    await request(app)
-      .post(`/api/v1/steps/${step.id}/dynamic-fields`)
+      .get(`/api/v1/steps/${step.id}/dynamic-fields`)
      .set('Authorization', token)
      .expect(404);
  });
--- a/packages/backend/src/db/migrations/20241125141647_rename_saml_auth_providers_role_mappings_as_role_mappings.js
+++ b/packages/backend/src/db/migrations/20241125141647_rename_saml_auth_providers_role_mappings_as_role_mappings.js
@@ -1,52 +0,0 @@
 export async function up(knex) {
  await knex.schema.createTable('role_mappings', (table) => {
    table.uuid('id').primary().defaultTo(knex.raw('gen_random_uuid()'));
    table
      .uuid('saml_auth_provider_id')
      .references('id')
      .inTable('saml_auth_providers');
    table.uuid('role_id').references('id').inTable('roles');
    table.string('remote_role_name').notNullable();
    table.unique(['saml_auth_provider_id', 'remote_role_name']);
    table.timestamps(true, true);
  });
  const existingRoleMappings = await knex('saml_auth_providers_role_mappings');
  if (existingRoleMappings.length) {
    await knex('role_mappings').insert(existingRoleMappings);
  }
  return await knex.schema.dropTable('saml_auth_providers_role_mappings');
 }
 export async function down(knex) {
  await knex.schema.createTable(
    'saml_auth_providers_role_mappings',
    (table) => {
      table.uuid('id').primary().defaultTo(knex.raw('gen_random_uuid()'));
      table
        .uuid('saml_auth_provider_id')
        .references('id')
        .inTable('saml_auth_providers');
      table.uuid('role_id').references('id').inTable('roles');
      table.string('remote_role_name').notNullable();
      table.unique(['saml_auth_provider_id', 'remote_role_name']);
      table.timestamps(true, true);
    }
  );
  const existingRoleMappings = await knex('role_mappings');
  if (existingRoleMappings.length) {
    await knex('saml_auth_providers_role_mappings').insert(
      existingRoleMappings
    );
  }
  return await knex.schema.dropTable('role_mappings');
 }
--- a/packages/backend/src/db/migrations/20241204103153_add_use_only_predefined_auth_clients_in_app_config.js
+++ b/packages/backend/src/db/migrations/20241204103153_add_use_only_predefined_auth_clients_in_app_config.js
@@ -1,11 +0,0 @@
 export async function up(knex) {
  return await knex.schema.alterTable('app_configs', (table) => {
    table.boolean('use_only_predefined_auth_clients').defaultTo(false);
  });
 }
 export async function down(knex) {
  return await knex.schema.alterTable('app_configs', (table) => {
    table.dropColumn('use_only_predefined_auth_clients');
  });
 }
--- a/packages/backend/src/db/migrations/20241204103355_remove_obsolete_fields_in_app_config.js
+++ b/packages/backend/src/db/migrations/20241204103355_remove_obsolete_fields_in_app_config.js
@@ -1,15 +0,0 @@
 export async function up(knex) {
  return await knex.schema.alterTable('app_configs', (table) => {
    table.dropColumn('shared');
    table.dropColumn('connection_allowed');
    table.dropColumn('custom_connection_allowed');
  });
 }
 export async function down(knex) {
  return await knex.schema.alterTable('app_configs', (table) => {
    table.boolean('shared').defaultTo(false);
    table.boolean('connection_allowed').defaultTo(false);
    table.boolean('custom_connection_allowed').defaultTo(false);
  });
 }
--- a/packages/backend/src/helpers/find-or-create-user-by-saml-identity.ee.js
+++ b/packages/backend/src/helpers/find-or-create-user-by-saml-identity.ee.js
@@ -30,7 +30,7 @@ const findOrCreateUserBySamlIdentity = async (
    : [mappedUser.role];
  const samlAuthProviderRoleMapping = await samlAuthProvider
-    .$relatedQuery('roleMappings')
+    .$relatedQuery('samlAuthProvidersRoleMappings')
    .whereIn('remote_role_name', mappedRoles)
    .limit(1)
    .first();
--- a/packages/backend/src/helpers/user-ability.test.js
+++ b/packages/backend/src/helpers/user-ability.test.js
@@ -1,46 +0,0 @@
 import { describe, expect, it } from 'vitest';
 import userAbility from './user-ability.js';
 describe('userAbility', () => {
  it('should return PureAbility instantiated with user permissions', () => {
    const user = {
      permissions: [
        {
          subject: 'Flow',
          action: 'read',
          conditions: ['isCreator'],
        },
      ],
      role: {
        name: 'User',
      },
    };
    const ability = userAbility(user);
    expect(ability.rules).toStrictEqual(user.permissions);
  });
  it('should return permission-less PureAbility for user with no role', () => {
    const user = {
      permissions: [
        {
          subject: 'Flow',
          action: 'read',
          conditions: ['isCreator'],
        },
      ],
      role: null,
    };
    const ability = userAbility(user);
    expect(ability.rules).toStrictEqual([]);
  });
  it('should return permission-less PureAbility for user with no permissions', () => {
    const user = { permissions: null, role: { name: 'User' } };
    const ability = userAbility(user);
    expect(ability.rules).toStrictEqual([]);
  });
 });
--- a/packages/backend/src/models/snapshots/app-config.test.js.snap
+++ b/packages/backend/src/models/snapshots/app-config.test.js.snap
@@ -3,9 +3,17 @@
 exports[`AppConfig model > jsonSchema should have correct validations 1`] = `
 {
  "properties": {
    "connectionAllowed": {
      "default": false,
      "type": "boolean",
    },
    "createdAt": {
      "type": "string",
    },
    "customConnectionAllowed": {
      "default": false,
      "type": "boolean",
    },
    "disabled": {
      "default": false,
      "type": "boolean",
@@ -17,13 +25,13 @@ exports[`AppConfig model > jsonSchema should have correct validations 1`] = `
    "key": {
      "type": "string",
    },
-    "updatedAt": {
+    "shared": {
      "type": "string",
    },
    "useOnlyPredefinedAuthClients": {
      "default": false,
      "type": "boolean",
    },
    "updatedAt": {
      "type": "string",
    },
  },
  "required": [
    "key",
--- a/packages/backend/src/models/snapshots/role-mapping.ee.test.js.snap
+++ b/packages/backend/src/models/snapshots/role-mapping.ee.test.js.snap
@@ -1,30 +0,0 @@
 // Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html
 exports[`RoleMapping model > jsonSchema should have the correct schema 1`] = `
 {
  "properties": {
    "id": {
      "format": "uuid",
      "type": "string",
    },
    "remoteRoleName": {
      "minLength": 1,
      "type": "string",
    },
    "roleId": {
      "format": "uuid",
      "type": "string",
    },
    "samlAuthProviderId": {
      "format": "uuid",
      "type": "string",
    },
  },
  "required": [
    "samlAuthProviderId",
    "roleId",
    "remoteRoleName",
  ],
  "type": "object",
 }
 `;
--- a/packages/backend/src/models/snapshots/saml-auth-providers-role-mapping.ee.test.js.snap
+++ b/packages/backend/src/models/snapshots/saml-auth-providers-role-mapping.ee.test.js.snap
@@ -1,6 +1,6 @@
 // Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html
-exports[`RoleMapping model > jsonSchema should have the correct schema 1`] = `
+exports[`SamlAuthProvidersRoleMapping model > jsonSchema should have the correct schema 1`] = `
 {
  "properties": {
    "id": {
--- a/packages/backend/src/models/app-auth-client.js
+++ b/packages/backend/src/models/app-auth-client.js
@@ -60,26 +60,39 @@ class AppAuthClient extends Base {
    return this.authDefaults ? true : false;
  }
  async triggerAppConfigUpdate() {
    const appConfig = await this.$relatedQuery('appConfig');
    // This is a workaround to update connection allowed column for AppConfig
    await appConfig?.$query().patch({
      key: appConfig.key,
      shared: appConfig.shared,
      disabled: appConfig.disabled,
    });
  }
  // TODO: Make another abstraction like beforeSave instead of using
  // beforeInsert and beforeUpdate separately for the same operation.
  async $beforeInsert(queryContext) {
    await super.$beforeInsert(queryContext);
    this.encryptData();
  }
  async $afterInsert(queryContext) {
    await super.$afterInsert(queryContext);
    await this.triggerAppConfigUpdate();
  }
  async $beforeUpdate(opt, queryContext) {
    await super.$beforeUpdate(opt, queryContext);
    this.encryptData();
  }
  async $afterUpdate(opt, queryContext) {
    await super.$afterUpdate(opt, queryContext);
    await this.triggerAppConfigUpdate();
  }
  async $afterFind() {
--- a/packages/backend/src/models/app-auth-client.test.js
+++ b/packages/backend/src/models/app-auth-client.test.js
@@ -7,6 +7,7 @@ import AppAuthClient from './app-auth-client.js';
 import Base from './base.js';
 import appConfig from '../config/app.js';
 import { createAppAuthClient } from '../../test/factories/app-auth-client.js';
 import { createAppConfig } from '../../test/factories/app-config.js';
 describe('AppAuthClient model', () => {
  it('tableName should return correct name', () => {
@@ -163,6 +164,63 @@ describe('AppAuthClient model', () => {
    });
  });
  describe('triggerAppConfigUpdate', () => {
    it('should trigger an update in related app config', async () => {
      await createAppConfig({ key: 'gitlab' });
      const appAuthClient = await createAppAuthClient({
        appKey: 'gitlab',
      });
      const appConfigBeforeUpdateSpy = vi.spyOn(
        AppConfig.prototype,
        '$beforeUpdate'
      );
      await appAuthClient.triggerAppConfigUpdate();
      expect(appConfigBeforeUpdateSpy).toHaveBeenCalledOnce();
    });
    it('should update related AppConfig after creating an instance', async () => {
      const appConfig = await createAppConfig({
        key: 'gitlab',
        disabled: false,
        shared: true,
      });
      await createAppAuthClient({
        appKey: 'gitlab',
        active: true,
      });
      const refetchedAppConfig = await appConfig.$query();
      expect(refetchedAppConfig.connectionAllowed).toBe(true);
    });
    it('should update related AppConfig after updating an instance', async () => {
      const appConfig = await createAppConfig({
        key: 'gitlab',
        disabled: false,
        shared: true,
      });
      const appAuthClient = await createAppAuthClient({
        appKey: 'gitlab',
        active: false,
      });
      let refetchedAppConfig = await appConfig.$query();
      expect(refetchedAppConfig.connectionAllowed).toBe(false);
      await appAuthClient.$query().patchAndFetch({ active: true });
      refetchedAppConfig = await appConfig.$query();
      expect(refetchedAppConfig.connectionAllowed).toBe(true);
    });
  });
  it('$beforeInsert should call AppAuthClient.encryptData', async () => {
    const appAuthClientBeforeInsertSpy = vi.spyOn(
      AppAuthClient.prototype,
@@ -174,6 +232,17 @@ describe('AppAuthClient model', () => {
    expect(appAuthClientBeforeInsertSpy).toHaveBeenCalledOnce();
  });
  it('$afterInsert should call AppAuthClient.triggerAppConfigUpdate', async () => {
    const appAuthClientAfterInsertSpy = vi.spyOn(
      AppAuthClient.prototype,
      'triggerAppConfigUpdate'
    );
    await createAppAuthClient();
    expect(appAuthClientAfterInsertSpy).toHaveBeenCalledOnce();
  });
  it('$beforeUpdate should call AppAuthClient.encryptData', async () => {
    const appAuthClient = await createAppAuthClient();
@@ -187,6 +256,19 @@ describe('AppAuthClient model', () => {
    expect(appAuthClientBeforeUpdateSpy).toHaveBeenCalledOnce();
  });
  it('$afterUpdate should call AppAuthClient.triggerAppConfigUpdate', async () => {
    const appAuthClient = await createAppAuthClient();
    const appAuthClientAfterUpdateSpy = vi.spyOn(
      AppAuthClient.prototype,
      'triggerAppConfigUpdate'
    );
    await appAuthClient.$query().patchAndFetch({ name: 'sample' });
    expect(appAuthClientAfterUpdateSpy).toHaveBeenCalledOnce();
  });
  it('$afterFind should call AppAuthClient.decryptData', async () => {
    const appAuthClient = await createAppAuthClient();
--- a/packages/backend/src/models/app-config.js
+++ b/packages/backend/src/models/app-config.js
@@ -16,7 +16,9 @@ class AppConfig extends Base {
    properties: {
      id: { type: 'string', format: 'uuid' },
      key: { type: 'string' },
-      useOnlyPredefinedAuthClients: { type: 'boolean', default: false },
+      connectionAllowed: { type: 'boolean', default: false },
      customConnectionAllowed: { type: 'boolean', default: false },
      shared: { type: 'boolean', default: false },
      disabled: { type: 'boolean', default: false },
      createdAt: { type: 'string' },
      updatedAt: { type: 'string' },
@@ -39,6 +41,39 @@ class AppConfig extends Base {
    return await App.findOneByKey(this.key);
  }
  async computeAndAssignConnectionAllowedProperty() {
    this.connectionAllowed = await this.computeConnectionAllowedProperty();
  }
  async computeConnectionAllowedProperty() {
    const appAuthClients = await this.$relatedQuery('appAuthClients');
    const hasSomeActiveAppAuthClients =
      appAuthClients?.some((appAuthClient) => appAuthClient.active) || false;
    const conditions = [
      hasSomeActiveAppAuthClients,
      this.shared,
      !this.disabled,
    ];
    const connectionAllowed = conditions.every(Boolean);
    return connectionAllowed;
  }
  async $beforeInsert(queryContext) {
    await super.$beforeInsert(queryContext);
    await this.computeAndAssignConnectionAllowedProperty();
  }
  async $beforeUpdate(opt, queryContext) {
    await super.$beforeUpdate(opt, queryContext);
    await this.computeAndAssignConnectionAllowedProperty();
  }
 }
 export default AppConfig;
--- a/packages/backend/src/models/app-config.test.js
+++ b/packages/backend/src/models/app-config.test.js
@@ -1,9 +1,11 @@
-import { describe, it, expect } from 'vitest';
+import { vi, describe, it, expect } from 'vitest';
 import Base from './base.js';
 import AppConfig from './app-config.js';
 import App from './app.js';
 import AppAuthClient from './app-auth-client.js';
 import { createAppConfig } from '../../test/factories/app-config.js';
 import { createAppAuthClient } from '../../test/factories/app-auth-client.js';
 describe('AppConfig model', () => {
  it('tableName should return correct name', () => {
@@ -53,4 +55,126 @@ describe('AppConfig model', () => {
      expect(app).toStrictEqual(expectedApp);
    });
  });
  describe('computeAndAssignConnectionAllowedProperty', () => {
    it('should call computeConnectionAllowedProperty and assign the result', async () => {
      const appConfig = await createAppConfig();
      const computeConnectionAllowedPropertySpy = vi
        .spyOn(appConfig, 'computeConnectionAllowedProperty')
        .mockResolvedValue(true);
      await appConfig.computeAndAssignConnectionAllowedProperty();
      expect(computeConnectionAllowedPropertySpy).toHaveBeenCalled();
      expect(appConfig.connectionAllowed).toBe(true);
    });
  });
  describe('computeConnectionAllowedProperty', () => {
    it('should return true when app is enabled, shared and allows custom connection with an active app auth client', async () => {
      await createAppAuthClient({
        appKey: 'deepl',
        active: true,
      });
      await createAppAuthClient({
        appKey: 'deepl',
        active: false,
      });
      const appConfig = await createAppConfig({
        disabled: false,
        customConnectionAllowed: true,
        shared: true,
        key: 'deepl',
      });
      const connectionAllowed =
        await appConfig.computeConnectionAllowedProperty();
      expect(connectionAllowed).toBe(true);
    });
    it('should return false if there is no active app auth client', async () => {
      await createAppAuthClient({
        appKey: 'deepl',
        active: false,
      });
      const appConfig = await createAppConfig({
        disabled: false,
        customConnectionAllowed: true,
        shared: true,
        key: 'deepl',
      });
      const connectionAllowed =
        await appConfig.computeConnectionAllowedProperty();
      expect(connectionAllowed).toBe(false);
    });
    it('should return false if there is no app auth clients', async () => {
      const appConfig = await createAppConfig({
        disabled: false,
        customConnectionAllowed: true,
        shared: true,
        key: 'deepl',
      });
      const connectionAllowed =
        await appConfig.computeConnectionAllowedProperty();
      expect(connectionAllowed).toBe(false);
    });
    it('should return false when app is disabled', async () => {
      const appConfig = await createAppConfig({
        disabled: true,
        customConnectionAllowed: true,
      });
      const connectionAllowed =
        await appConfig.computeConnectionAllowedProperty();
      expect(connectionAllowed).toBe(false);
    });
    it(`should return false when app doesn't allow custom connection`, async () => {
      const appConfig = await createAppConfig({
        disabled: false,
        customConnectionAllowed: false,
      });
      const connectionAllowed =
        await appConfig.computeConnectionAllowedProperty();
      expect(connectionAllowed).toBe(false);
    });
  });
  it('$beforeInsert should call computeAndAssignConnectionAllowedProperty', async () => {
    const computeAndAssignConnectionAllowedPropertySpy = vi
      .spyOn(AppConfig.prototype, 'computeAndAssignConnectionAllowedProperty')
      .mockResolvedValue(true);
    await createAppConfig();
    expect(computeAndAssignConnectionAllowedPropertySpy).toHaveBeenCalledOnce();
  });
  it('$beforeUpdate should call computeAndAssignConnectionAllowedProperty', async () => {
    const appConfig = await createAppConfig();
    const computeAndAssignConnectionAllowedPropertySpy = vi
      .spyOn(AppConfig.prototype, 'computeAndAssignConnectionAllowedProperty')
      .mockResolvedValue(true);
    await appConfig.$query().patch({
      key: 'deepl',
    });
    expect(computeAndAssignConnectionAllowedPropertySpy).toHaveBeenCalledOnce();
  });
 });
--- a/packages/backend/src/models/connection.js
+++ b/packages/backend/src/models/connection.js
@@ -33,6 +33,10 @@ class Connection extends Base {
    },
  };
  static get virtualAttributes() {
    return ['reconnectable'];
  }
  static relationMappings = () => ({
    user: {
      relation: Base.BelongsToOneRelation,
@@ -79,6 +83,18 @@ class Connection extends Base {
    },
  });
  get reconnectable() {
    if (this.appAuthClientId) {
      return this.appAuthClient.active;
    }
    if (this.appConfig) {
      return !this.appConfig.disabled && this.appConfig.customConnectionAllowed;
    }
    return true;
  }
  encryptData() {
    if (!this.eligibleForEncryption()) return;
@@ -128,13 +144,19 @@ class Connection extends Base {
        );
      }
-      if (appConfig.useOnlyPredefinedAuthClients && this.formattedData) {
+      if (!appConfig.customConnectionAllowed && this.formattedData) {
        throw new NotAuthorizedError(
          `New custom connections have been disabled for ${app.name}!`
        );
      }
-      if (!this.formattedData) {
+      if (!appConfig.shared && this.appAuthClientId) {
        throw new NotAuthorizedError(
          'The connection with the given app auth client is not allowed!'
        );
      }
      if (appConfig.shared && !this.formattedData) {
        const authClient = await appConfig
          .$relatedQuery('appAuthClients')
          .findById(this.appAuthClientId)
--- a/packages/backend/src/models/connection.test.js
+++ b/packages/backend/src/models/connection.test.js
@@ -23,6 +23,14 @@ describe('Connection model', () => {
    expect(Connection.jsonSchema).toMatchSnapshot();
  });
  it('virtualAttributes should return correct attributes', () => {
    const virtualAttributes = Connection.virtualAttributes;
    const expectedAttributes = ['reconnectable'];
    expect(virtualAttributes).toStrictEqual(expectedAttributes);
  });
  describe('relationMappings', () => {
    it('should return correct associations', () => {
      const relationMappings = Connection.relationMappings();
@@ -84,6 +92,78 @@ describe('Connection model', () => {
    });
  });
  describe('reconnectable', () => {
    it('should return active status of app auth client when created via app auth client', async () => {
      const appAuthClient = await createAppAuthClient({
        active: true,
        formattedAuthDefaults: {
          clientId: 'sample-id',
        },
      });
      const connection = await createConnection({
        appAuthClientId: appAuthClient.id,
        formattedData: {
          token: 'sample-token',
        },
      });
      const connectionWithAppAuthClient = await connection
        .$query()
        .withGraphFetched({
          appAuthClient: true,
        });
      expect(connectionWithAppAuthClient.reconnectable).toBe(true);
    });
    it('should return true when app config is not disabled and allows custom connection', async () => {
      const appConfig = await createAppConfig({
        key: 'gitlab',
        disabled: false,
        customConnectionAllowed: true,
      });
      const connection = await createConnection({
        key: appConfig.key,
        formattedData: {
          token: 'sample-token',
        },
      });
      const connectionWithAppAuthClient = await connection
        .$query()
        .withGraphFetched({
          appConfig: true,
        });
      expect(connectionWithAppAuthClient.reconnectable).toBe(true);
    });
    it('should return false when app config is disabled or does not allow custom connection', async () => {
      const connection = await createConnection({
        key: 'gitlab',
        formattedData: {
          token: 'sample-token',
        },
      });
      await createAppConfig({
        key: 'gitlab',
        disabled: true,
        customConnectionAllowed: false,
      });
      const connectionWithAppAuthClient = await connection
        .$query()
        .withGraphFetched({
          appConfig: true,
        });
      expect(connectionWithAppAuthClient.reconnectable).toBe(false);
    });
  });
  describe('encryptData', () => {
    it('should return undefined if eligibleForEncryption is not true', async () => {
      vi.spyOn(Connection.prototype, 'eligibleForEncryption').mockReturnValue(
@@ -286,7 +366,6 @@ describe('Connection model', () => {
      );
    });
    // TODO: update test case name
    it('should throw an error when app config does not allow custom connection with formatted data', async () => {
      vi.spyOn(Connection.prototype, 'getApp').mockResolvedValue({
        name: 'gitlab',
@@ -294,7 +373,7 @@ describe('Connection model', () => {
      vi.spyOn(Connection.prototype, 'getAppConfig').mockResolvedValue({
        disabled: false,
-        useOnlyPredefinedAuthClients: true,
+        customConnectionAllowed: false,
      });
      const connection = new Connection();
@@ -307,10 +386,32 @@ describe('Connection model', () => {
      );
    });
    it('should throw an error when app config is not shared with app auth client', async () => {
      vi.spyOn(Connection.prototype, 'getApp').mockResolvedValue({
        name: 'gitlab',
      });
      vi.spyOn(Connection.prototype, 'getAppConfig').mockResolvedValue({
        disabled: false,
        shared: false,
      });
      const connection = new Connection();
      connection.appAuthClientId = 'sample-id';
      await expect(() =>
        connection.checkEligibilityForCreation()
      ).rejects.toThrow(
        'The connection with the given app auth client is not allowed!'
      );
    });
    it('should apply app auth client auth defaults when creating with shared app auth client', async () => {
      await createAppConfig({
        key: 'gitlab',
        disabled: false,
        customConnectionAllowed: true,
        shared: true,
      });
      const appAuthClient = await createAppAuthClient({
--- a/packages/backend/src/models/saml-auth-provider.ee.js
+++ b/packages/backend/src/models/saml-auth-provider.ee.js
@@ -5,7 +5,7 @@ import appConfig from '../config/app.js';
 import axios from '../helpers/axios-with-proxy.js';
 import Base from './base.js';
 import Identity from './identity.ee.js';
-import RoleMapping from './role-mapping.ee.js';
+import SamlAuthProvidersRoleMapping from './saml-auth-providers-role-mapping.ee.js';
 class SamlAuthProvider extends Base {
  static tableName = 'saml_auth_providers';
@@ -53,12 +53,12 @@ class SamlAuthProvider extends Base {
        to: 'saml_auth_providers.id',
      },
    },
-    roleMappings: {
+    samlAuthProvidersRoleMappings: {
      relation: Base.HasManyRelation,
-      modelClass: RoleMapping,
+      modelClass: SamlAuthProvidersRoleMapping,
      join: {
        from: 'saml_auth_providers.id',
-        to: 'role_mappings.saml_auth_provider_id',
+        to: 'saml_auth_providers_role_mappings.saml_auth_provider_id',
      },
    },
  });
@@ -133,22 +133,27 @@ class SamlAuthProvider extends Base {
  }
  async updateRoleMappings(roleMappings) {
-    await this.$relatedQuery('roleMappings').delete();
+    return await SamlAuthProvider.transaction(async (trx) => {
      await this.$relatedQuery('samlAuthProvidersRoleMappings', trx).delete();
-    if (isEmpty(roleMappings)) {
+      if (isEmpty(roleMappings)) {
-      return [];
+        return [];
-    }
+      }
-    const roleMappingsData = roleMappings.map((roleMapping) => ({
+      const samlAuthProvidersRoleMappingsData = roleMappings.map(
-      ...roleMapping,
+        (samlAuthProvidersRoleMapping) => ({
-      samlAuthProviderId: this.id,
+          ...samlAuthProvidersRoleMapping,
-    }));
+          samlAuthProviderId: this.id,
        })
      );
-    const newRoleMappings = await RoleMapping.query().insertAndFetch(
+      const samlAuthProvidersRoleMappings =
-      roleMappingsData
+        await SamlAuthProvidersRoleMapping.query(trx).insertAndFetch(
-    );
+          samlAuthProvidersRoleMappingsData
        );
-    return newRoleMappings;
+      return samlAuthProvidersRoleMappings;
    });
  }
 }
--- a/packages/backend/src/models/saml-auth-provider.ee.test.js
+++ b/packages/backend/src/models/saml-auth-provider.ee.test.js
@@ -1,14 +1,8 @@
-import { vi, beforeEach, describe, it, expect } from 'vitest';
+import { describe, it, expect } from 'vitest';
 import { v4 as uuidv4 } from 'uuid';
 import SamlAuthProvider from '../models/saml-auth-provider.ee';
-import RoleMapping from '../models/role-mapping.ee';
+import SamlAuthProvidersRoleMapping from '../models/saml-auth-providers-role-mapping.ee';
 import axios from '../helpers/axios-with-proxy.js';
 import Identity from './identity.ee';
 import Base from './base';
 import appConfig from '../config/app';
 import { createSamlAuthProvider } from '../../test/factories/saml-auth-provider.ee.js';
 import { createRoleMapping } from '../../test/factories/role-mapping.js';
 import { createRole } from '../../test/factories/role.js';
 describe('SamlAuthProvider model', () => {
  it('tableName should return correct name', () => {
@@ -31,12 +25,12 @@ describe('SamlAuthProvider model', () => {
          to: 'saml_auth_providers.id',
        },
      },
-      roleMappings: {
+      samlAuthProvidersRoleMappings: {
        relation: Base.HasManyRelation,
-        modelClass: RoleMapping,
+        modelClass: SamlAuthProvidersRoleMapping,
        join: {
          from: 'saml_auth_providers.id',
-          to: 'role_mappings.saml_auth_provider_id',
+          to: 'saml_auth_providers_role_mappings.saml_auth_provider_id',
        },
      },
    };
@@ -51,181 +45,4 @@ describe('SamlAuthProvider model', () => {
    expect(virtualAttributes).toStrictEqual(expectedAttributes);
  });
  it('loginUrl should return the URL of login', () => {
    const samlAuthProvider = new SamlAuthProvider();
    samlAuthProvider.issuer = 'sample-issuer';
    vi.spyOn(appConfig, 'baseUrl', 'get').mockReturnValue(
      'https://automatisch.io'
    );
    expect(samlAuthProvider.loginUrl).toStrictEqual(
      'https://automatisch.io/login/saml/sample-issuer'
    );
  });
  it('loginCallbackUrl should return the URL of login callback', () => {
    const samlAuthProvider = new SamlAuthProvider();
    samlAuthProvider.issuer = 'sample-issuer';
    vi.spyOn(appConfig, 'baseUrl', 'get').mockReturnValue(
      'https://automatisch.io'
    );
    expect(samlAuthProvider.loginCallBackUrl).toStrictEqual(
      'https://automatisch.io/login/saml/sample-issuer/callback'
    );
  });
  it('remoteLogoutUrl should return the URL from entrypoint', () => {
    const samlAuthProvider = new SamlAuthProvider();
    samlAuthProvider.entryPoint = 'https://example.com/saml/logout';
    expect(samlAuthProvider.remoteLogoutUrl).toStrictEqual(
      'https://example.com/saml/logout'
    );
  });
  it('config should return the correct configuration object', () => {
    const samlAuthProvider = new SamlAuthProvider();
    samlAuthProvider.certificate = 'sample-certificate';
    samlAuthProvider.signatureAlgorithm = 'sha256';
    samlAuthProvider.entryPoint = 'https://example.com/saml';
    samlAuthProvider.issuer = 'sample-issuer';
    vi.spyOn(appConfig, 'baseUrl', 'get').mockReturnValue(
      'https://automatisch.io'
    );
    const expectedConfig = {
      callbackUrl: 'https://automatisch.io/login/saml/sample-issuer/callback',
      cert: 'sample-certificate',
      entryPoint: 'https://example.com/saml',
      issuer: 'sample-issuer',
      signatureAlgorithm: 'sha256',
      logoutUrl: 'https://example.com/saml',
    };
    expect(samlAuthProvider.config).toStrictEqual(expectedConfig);
  });
  it('generateLogoutRequestBody should return a correctly encoded SAML logout request', () => {
    vi.mock('uuid', () => ({
      v4: vi.fn(),
    }));
    const samlAuthProvider = new SamlAuthProvider();
    samlAuthProvider.entryPoint = 'https://example.com/saml';
    samlAuthProvider.issuer = 'sample-issuer';
    const mockUuid = '123e4567-e89b-12d3-a456-426614174000';
    uuidv4.mockReturnValue(mockUuid);
    const sessionId = 'test-session-id';
    const logoutRequest = samlAuthProvider.generateLogoutRequestBody(sessionId);
    const expectedLogoutRequest = `
      <samlp:LogoutRequest
          xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
          ID="${mockUuid}"
          Version="2.0"
          IssueInstant="${new Date().toISOString()}"
          Destination="https://example.com/saml">
          <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">sample-issuer</saml:Issuer>
          <samlp:SessionIndex>test-session-id</samlp:SessionIndex>
      </samlp:LogoutRequest>
    `;
    const expectedEncodedRequest = Buffer.from(expectedLogoutRequest).toString(
      'base64'
    );
    expect(logoutRequest).toBe(expectedEncodedRequest);
  });
  it('terminateRemoteSession should send the correct POST request and return the response', async () => {
    vi.mock('../helpers/axios-with-proxy.js', () => ({
      default: {
        post: vi.fn(),
      },
    }));
    const samlAuthProvider = new SamlAuthProvider();
    samlAuthProvider.entryPoint = 'https://example.com/saml';
    samlAuthProvider.generateLogoutRequestBody = vi
      .fn()
      .mockReturnValue('mockEncodedLogoutRequest');
    const sessionId = 'test-session-id';
    const mockResponse = { data: 'Logout Successful' };
    axios.post.mockResolvedValue(mockResponse);
    const response = await samlAuthProvider.terminateRemoteSession(sessionId);
    expect(samlAuthProvider.generateLogoutRequestBody).toHaveBeenCalledWith(
      sessionId
    );
    expect(axios.post).toHaveBeenCalledWith(
      'https://example.com/saml',
      'SAMLRequest=mockEncodedLogoutRequest',
      {
        headers: {
          'Content-Type': 'application/x-www-form-urlencoded',
        },
      }
    );
    expect(response).toBe(mockResponse);
  });
  describe('updateRoleMappings', () => {
    let samlAuthProvider;
    beforeEach(async () => {
      samlAuthProvider = await createSamlAuthProvider();
    });
    it('should remove all existing role mappings', async () => {
      await createRoleMapping({
        samlAuthProviderId: samlAuthProvider.id,
        remoteRoleName: 'Admin',
      });
      await createRoleMapping({
        samlAuthProviderId: samlAuthProvider.id,
        remoteRoleName: 'User',
      });
      await samlAuthProvider.updateRoleMappings([]);
      const roleMappings = await samlAuthProvider.$relatedQuery('roleMappings');
      expect(roleMappings).toStrictEqual([]);
    });
    it('should return the updated role mappings when new ones are provided', async () => {
      const adminRole = await createRole({ name: 'Admin' });
      const userRole = await createRole({ name: 'User' });
      const newRoleMappings = [
        { remoteRoleName: 'Admin', roleId: adminRole.id },
        { remoteRoleName: 'User', roleId: userRole.id },
      ];
      const result = await samlAuthProvider.updateRoleMappings(newRoleMappings);
      const refetchedRoleMappings = await samlAuthProvider.$relatedQuery(
        'roleMappings'
      );
      expect(result).toStrictEqual(refetchedRoleMappings);
    });
  });
 });
--- a/packages/backend/src/models/saml-auth-providers-role-mapping.ee.js
+++ b/packages/backend/src/models/saml-auth-providers-role-mapping.ee.js
@@ -1,8 +1,8 @@
 import Base from './base.js';
 import SamlAuthProvider from './saml-auth-provider.ee.js';
-class RoleMapping extends Base {
+class SamlAuthProvidersRoleMapping extends Base {
-  static tableName = 'role_mappings';
+  static tableName = 'saml_auth_providers_role_mappings';
  static jsonSchema = {
    type: 'object',
@@ -21,11 +21,11 @@ class RoleMapping extends Base {
      relation: Base.BelongsToOneRelation,
      modelClass: SamlAuthProvider,
      join: {
-        from: 'role_mappings.saml_auth_provider_id',
+        from: 'saml_auth_providers_role_mappings.saml_auth_provider_id',
        to: 'saml_auth_providers.id',
      },
    },
  });
 }
-export default RoleMapping;
+export default SamlAuthProvidersRoleMapping;
--- a/packages/backend/src/models/saml-auth-providers-role-mapping.ee.test.js
+++ b/packages/backend/src/models/saml-auth-providers-role-mapping.ee.test.js
@@ -1,26 +1,28 @@
 import { describe, it, expect } from 'vitest';
-import RoleMapping from './role-mapping.ee';
+import SamlAuthProvidersRoleMapping from '../models/saml-auth-providers-role-mapping.ee';
 import SamlAuthProvider from './saml-auth-provider.ee';
 import Base from './base';
-describe('RoleMapping model', () => {
+describe('SamlAuthProvidersRoleMapping model', () => {
  it('tableName should return correct name', () => {
-    expect(RoleMapping.tableName).toBe('role_mappings');
+    expect(SamlAuthProvidersRoleMapping.tableName).toBe(
      'saml_auth_providers_role_mappings'
    );
  });
  it('jsonSchema should have the correct schema', () => {
-    expect(RoleMapping.jsonSchema).toMatchSnapshot();
+    expect(SamlAuthProvidersRoleMapping.jsonSchema).toMatchSnapshot();
  });
  it('relationMappings should return correct associations', () => {
-    const relationMappings = RoleMapping.relationMappings();
+    const relationMappings = SamlAuthProvidersRoleMapping.relationMappings();
    const expectedRelations = {
      samlAuthProvider: {
        relation: Base.BelongsToOneRelation,
        modelClass: SamlAuthProvider,
        join: {
-          from: 'role_mappings.saml_auth_provider_id',
+          from: 'saml_auth_providers_role_mappings.saml_auth_provider_id',
          to: 'saml_auth_providers.id',
        },
      },
--- a/packages/backend/src/models/user.js
+++ b/packages/backend/src/models/user.js
@@ -212,10 +212,6 @@ class User extends Base {
    return `${appConfig.webAppUrl}/accept-invitation?token=${this.invitationToken}`;
  }
  get ability() {
    return userAbility(this);
  }
  static async authenticate(email, password) {
    const user = await User.query().findOne({
      email: email?.toLowerCase() || null,
@@ -411,7 +407,7 @@ class User extends Base {
    }
  }
-  startTrialPeriod() {
+  async startTrialPeriod() {
    this.trialExpiryDate = DateTime.now().plus({ days: 30 }).toISODate();
  }
@@ -587,6 +583,62 @@ class User extends Base {
    return user;
  }
  async $beforeInsert(queryContext) {
    await super.$beforeInsert(queryContext);
    this.email = this.email.toLowerCase();
    await this.generateHash();
    if (appConfig.isCloud) {
      await this.startTrialPeriod();
    }
  }
  async $beforeUpdate(opt, queryContext) {
    await super.$beforeUpdate(opt, queryContext);
    if (this.email) {
      this.email = this.email.toLowerCase();
    }
    await this.generateHash();
  }
  async $afterInsert(queryContext) {
    await super.$afterInsert(queryContext);
    if (appConfig.isCloud) {
      await this.$relatedQuery('usageData').insert({
        userId: this.id,
        consumedTaskCount: 0,
        nextResetAt: DateTime.now().plus({ days: 30 }).toISODate(),
      });
    }
  }
  async $afterFind() {
    if (await hasValidLicense()) return this;
    if (Array.isArray(this.permissions)) {
      this.permissions = this.permissions.filter((permission) => {
        const restrictedSubjects = [
          'App',
          'Role',
          'SamlAuthProvider',
          'Config',
        ];
        return !restrictedSubjects.includes(permission.subject);
      });
    }
    return this;
  }
  get ability() {
    return userAbility(this);
  }
  can(action, subject) {
    const can = this.ability.can(action, subject);
@@ -602,68 +654,12 @@ class User extends Base {
    return conditionMap;
  }
-  lowercaseEmail() {
+  cannot(action, subject) {
-    if (this.email) {
+    const cannot = this.ability.cannot(action, subject);
      this.email = this.email.toLowerCase();
    }
  }
-  async createUsageData() {
+    if (cannot) throw new NotAuthorizedError();
    if (appConfig.isCloud) {
      return await this.$relatedQuery('usageData').insertAndFetch({
        userId: this.id,
        consumedTaskCount: 0,
        nextResetAt: DateTime.now().plus({ days: 30 }).toISODate(),
      });
    }
  }
-  async omitEnterprisePermissionsWithoutValidLicense() {
+    return cannot;
    if (await hasValidLicense()) {
      return this;
    }
    if (Array.isArray(this.permissions)) {
      this.permissions = this.permissions.filter((permission) => {
        const restrictedSubjects = [
          'App',
          'Role',
          'SamlAuthProvider',
          'Config',
        ];
        return !restrictedSubjects.includes(permission.subject);
      });
    }
  }
  async $beforeInsert(queryContext) {
    await super.$beforeInsert(queryContext);
    this.lowercaseEmail();
    await this.generateHash();
    if (appConfig.isCloud) {
      this.startTrialPeriod();
    }
  }
  async $beforeUpdate(opt, queryContext) {
    await super.$beforeUpdate(opt, queryContext);
    this.lowercaseEmail();
    await this.generateHash();
  }
  async $afterInsert(queryContext) {
    await super.$afterInsert(queryContext);
    await this.createUsageData();
  }
  async $afterFind() {
    await this.omitEnterprisePermissionsWithoutValidLicense();
  }
 }
--- a/packages/backend/src/models/user.test.js
+++ b/packages/backend/src/models/user.test.js
--- a/packages/backend/src/queues/action.js
+++ b/packages/backend/src/queues/action.js
@@ -11,6 +11,10 @@ const redisConnection = {
 const actionQueue = new Queue('action', redisConnection);
 process.on('SIGTERM', async () => {
  await actionQueue.close();
 });
 actionQueue.on('error', (error) => {
  if (error.code === CONNECTION_REFUSED) {
    logger.error(
--- a/packages/backend/src/queues/delete-user.ee.js
+++ b/packages/backend/src/queues/delete-user.ee.js
@@ -11,6 +11,10 @@ const redisConnection = {
 const deleteUserQueue = new Queue('delete-user', redisConnection);
 process.on('SIGTERM', async () => {
  await deleteUserQueue.close();
 });
 deleteUserQueue.on('error', (error) => {
  if (error.code === CONNECTION_REFUSED) {
    logger.error(
--- a/packages/backend/src/queues/email.js
+++ b/packages/backend/src/queues/email.js
@@ -11,6 +11,10 @@ const redisConnection = {
 const emailQueue = new Queue('email', redisConnection);
 process.on('SIGTERM', async () => {
  await emailQueue.close();
 });
 emailQueue.on('error', (error) => {
  if (error.code === CONNECTION_REFUSED) {
    logger.error(
--- a/packages/backend/src/queues/flow.js
+++ b/packages/backend/src/queues/flow.js
@@ -11,6 +11,10 @@ const redisConnection = {
 const flowQueue = new Queue('flow', redisConnection);
 process.on('SIGTERM', async () => {
  await flowQueue.close();
 });
 flowQueue.on('error', (error) => {
  if (error.code === CONNECTION_REFUSED) {
    logger.error(
--- a/packages/backend/src/queues/index.js
+++ b/packages/backend/src/queues/index.js
@@ -1,21 +0,0 @@
 import appConfig from '../config/app.js';
 import actionQueue from './action.js';
 import emailQueue from './email.js';
 import flowQueue from './flow.js';
 import triggerQueue from './trigger.js';
 import deleteUserQueue from './delete-user.ee.js';
 import removeCancelledSubscriptionsQueue from './remove-cancelled-subscriptions.ee.js';
 const queues = [
  actionQueue,
  emailQueue,
  flowQueue,
  triggerQueue,
  deleteUserQueue,
 ];
 if (appConfig.isCloud) {
  queues.push(removeCancelledSubscriptionsQueue);
 }
 export default queues;
--- a/packages/backend/src/queues/remove-cancelled-subscriptions.ee.js
+++ b/packages/backend/src/queues/remove-cancelled-subscriptions.ee.js
@@ -14,6 +14,10 @@ const removeCancelledSubscriptionsQueue = new Queue(
  redisConnection
 );
 process.on('SIGTERM', async () => {
  await removeCancelledSubscriptionsQueue.close();
 });
 removeCancelledSubscriptionsQueue.on('error', (error) => {
  if (error.code === CONNECTION_REFUSED) {
    logger.error(
--- a/packages/backend/src/queues/trigger.js
+++ b/packages/backend/src/queues/trigger.js
@@ -11,6 +11,10 @@ const redisConnection = {
 const triggerQueue = new Queue('trigger', redisConnection);
 process.on('SIGTERM', async () => {
  await triggerQueue.close();
 });
 triggerQueue.on('error', (error) => {
  if (error.code === CONNECTION_REFUSED) {
    logger.error(
--- a/packages/backend/src/serializers/app-config.js
+++ b/packages/backend/src/serializers/app-config.js
@@ -1,8 +1,10 @@
 const appConfigSerializer = (appConfig) => {
  return {
    key: appConfig.key,
-    useOnlyPredefinedAuthClients: appConfig.useOnlyPredefinedAuthClients,
+    customConnectionAllowed: appConfig.customConnectionAllowed,
    shared: appConfig.shared,
    disabled: appConfig.disabled,
    connectionAllowed: appConfig.connectionAllowed,
    createdAt: appConfig.createdAt.getTime(),
    updatedAt: appConfig.updatedAt.getTime(),
  };
--- a/packages/backend/src/serializers/app-config.test.js
+++ b/packages/backend/src/serializers/app-config.test.js
@@ -12,8 +12,10 @@ describe('appConfig serializer', () => {
  it('should return app config data', async () => {
    const expectedPayload = {
      key: appConfig.key,
-      useOnlyPredefinedAuthClients: appConfig.useOnlyPredefinedAuthClients,
+      customConnectionAllowed: appConfig.customConnectionAllowed,
      shared: appConfig.shared,
      disabled: appConfig.disabled,
      connectionAllowed: appConfig.connectionAllowed,
      createdAt: appConfig.createdAt.getTime(),
      updatedAt: appConfig.updatedAt.getTime(),
    };
--- a/packages/backend/src/serializers/auth.js
+++ b/packages/backend/src/serializers/auth.js
@@ -2,9 +2,7 @@ const authSerializer = (auth) => {
  return {
    fields: auth.fields,
    authenticationSteps: auth.authenticationSteps,
    sharedAuthenticationSteps: auth.sharedAuthenticationSteps,
    reconnectionSteps: auth.reconnectionSteps,
    sharedReconnectionSteps: auth.sharedReconnectionSteps,
  };
 };
--- a/packages/backend/src/serializers/auth.test.js
+++ b/packages/backend/src/serializers/auth.test.js
@@ -10,8 +10,6 @@ describe('authSerializer', () => {
      fields: auth.fields,
      authenticationSteps: auth.authenticationSteps,
      reconnectionSteps: auth.reconnectionSteps,
      sharedAuthenticationSteps: auth.sharedAuthenticationSteps,
      sharedReconnectionSteps: auth.sharedReconnectionSteps,
    };
    expect(authSerializer(auth)).toStrictEqual(expectedPayload);
--- a/packages/backend/src/serializers/connection.js
+++ b/packages/backend/src/serializers/connection.js
@@ -2,6 +2,7 @@ const connectionSerializer = (connection) => {
  return {
    id: connection.id,
    key: connection.key,
    reconnectable: connection.reconnectable,
    appAuthClientId: connection.appAuthClientId,
    formattedData: {
      screenName: connection.formattedData.screenName,
--- a/packages/backend/src/serializers/connection.test.js
+++ b/packages/backend/src/serializers/connection.test.js
@@ -13,6 +13,7 @@ describe('connectionSerializer', () => {
    const expectedPayload = {
      id: connection.id,
      key: connection.key,
      reconnectable: connection.reconnectable,
      appAuthClientId: connection.appAuthClientId,
      formattedData: {
        screenName: connection.formattedData.screenName,
--- a/packages/backend/src/serializers/index.js
+++ b/packages/backend/src/serializers/index.js
@@ -26,7 +26,7 @@ const serializers = {
  Permission: permissionSerializer,
  AdminSamlAuthProvider: adminSamlAuthProviderSerializer,
  SamlAuthProvider: samlAuthProviderSerializer,
-  RoleMapping: samlAuthProviderRoleMappingSerializer,
+  SamlAuthProvidersRoleMapping: samlAuthProviderRoleMappingSerializer,
  AppAuthClient: appAuthClientSerializer,
  AppConfig: appConfigSerializer,
  Flow: flowSerializer,
--- a/packages/backend/src/worker.js
+++ b/packages/backend/src/worker.js
@@ -1,22 +1,20 @@
 import * as Sentry from './helpers/sentry.ee.js';
-import process from 'node:process';
+import appConfig from './config/app.js';
 Sentry.init();
 import './config/orm.js';
 import './helpers/check-worker-readiness.js';
-import queues from './queues/index.js';
+import './workers/flow.js';
-import workers from './workers/index.js';
+import './workers/trigger.js';
 import './workers/action.js';
 import './workers/email.js';
 import './workers/delete-user.ee.js';
-process.on('SIGTERM', async () => {
+if (appConfig.isCloud) {
-  for (const queue of queues) {
+  import('./workers/remove-cancelled-subscriptions.ee.js');
-    await queue.close();
+  import('./queues/remove-cancelled-subscriptions.ee.js');
-  }
+}
  for (const worker of workers) {
    await worker.close();
  }
 });
 import telemetry from './helpers/telemetry/index.js';
--- a/packages/backend/src/workers/action.js
+++ b/packages/backend/src/workers/action.js
@@ -1,4 +1,5 @@
 import { Worker } from 'bullmq';
 import process from 'node:process';
 import * as Sentry from '../helpers/sentry.ee.js';
 import redisConfig from '../config/redis.js';
@@ -14,7 +15,7 @@ import delayAsMilliseconds from '../helpers/delay-as-milliseconds.js';
 const DEFAULT_DELAY_DURATION = 0;
-const actionWorker = new Worker(
+export const worker = new Worker(
  'action',
  async (job) => {
    const { stepId, flowId, executionId, computedParameters, executionStep } =
@@ -54,11 +55,11 @@ const actionWorker = new Worker(
  { connection: redisConfig }
 );
-actionWorker.on('completed', (job) => {
+worker.on('completed', (job) => {
  logger.info(`JOB ID: ${job.id} - FLOW ID: ${job.data.flowId} has started!`);
 });
-actionWorker.on('failed', (job, err) => {
+worker.on('failed', (job, err) => {
  const errorMessage = `
    JOB ID: ${job.id} - FLOW ID: ${job.data.flowId} has failed to start with ${err.message}
    \n ${err.stack}
@@ -73,4 +74,6 @@ actionWorker.on('failed', (job, err) => {
  });
 });
-export default actionWorker;
+process.on('SIGTERM', async () => {
  await worker.close();
 });
--- a/packages/backend/src/workers/delete-user.ee.js
+++ b/packages/backend/src/workers/delete-user.ee.js
@@ -1,4 +1,5 @@
 import { Worker } from 'bullmq';
 import process from 'node:process';
 import * as Sentry from '../helpers/sentry.ee.js';
 import redisConfig from '../config/redis.js';
@@ -7,7 +8,7 @@ import appConfig from '../config/app.js';
 import User from '../models/user.js';
 import ExecutionStep from '../models/execution-step.js';
-const deleteUserWorker = new Worker(
+export const worker = new Worker(
  'delete-user',
  async (job) => {
    const { id } = job.data;
@@ -45,13 +46,13 @@ const deleteUserWorker = new Worker(
  { connection: redisConfig }
 );
-deleteUserWorker.on('completed', (job) => {
+worker.on('completed', (job) => {
  logger.info(
    `JOB ID: ${job.id} - The user with the ID of '${job.data.id}' has been deleted!`
  );
 });
-deleteUserWorker.on('failed', (job, err) => {
+worker.on('failed', (job, err) => {
  const errorMessage = `
    JOB ID: ${job.id} - The user with the ID of '${job.data.id}' has failed to be deleted! ${err.message}
    \n ${err.stack}
@@ -66,4 +67,6 @@ deleteUserWorker.on('failed', (job, err) => {
  });
 });
-export default deleteUserWorker;
+process.on('SIGTERM', async () => {
  await worker.close();
 });
--- a/packages/backend/src/workers/email.js
+++ b/packages/backend/src/workers/email.js
@@ -1,4 +1,5 @@
 import { Worker } from 'bullmq';
 import process from 'node:process';
 import * as Sentry from '../helpers/sentry.ee.js';
 import redisConfig from '../config/redis.js';
@@ -15,7 +16,7 @@ const isAutomatischEmail = (email) => {
  return email.endsWith('@automatisch.io');
 };
-const emailWorker = new Worker(
+export const worker = new Worker(
  'email',
  async (job) => {
    const { email, subject, template, params } = job.data;
@@ -38,13 +39,13 @@ const emailWorker = new Worker(
  { connection: redisConfig }
 );
-emailWorker.on('completed', (job) => {
+worker.on('completed', (job) => {
  logger.info(
    `JOB ID: ${job.id} - ${job.data.subject} email sent to ${job.data.email}!`
  );
 });
-emailWorker.on('failed', (job, err) => {
+worker.on('failed', (job, err) => {
  const errorMessage = `
    JOB ID: ${job.id} - ${job.data.subject} email to ${job.data.email} has failed to send with ${err.message}
    \n ${err.stack}
@@ -59,4 +60,6 @@ emailWorker.on('failed', (job, err) => {
  });
 });
-export default emailWorker;
+process.on('SIGTERM', async () => {
  await worker.close();
 });
--- a/packages/backend/src/workers/flow.js
+++ b/packages/backend/src/workers/flow.js
@@ -1,4 +1,5 @@
 import { Worker } from 'bullmq';
 import process from 'node:process';
 import * as Sentry from '../helpers/sentry.ee.js';
 import redisConfig from '../config/redis.js';
@@ -12,7 +13,7 @@ import {
  REMOVE_AFTER_7_DAYS_OR_50_JOBS,
 } from '../helpers/remove-job-configuration.js';
-const flowWorker = new Worker(
+export const worker = new Worker(
  'flow',
  async (job) => {
    const { flowId } = job.data;
@@ -63,11 +64,11 @@ const flowWorker = new Worker(
  { connection: redisConfig }
 );
-flowWorker.on('completed', (job) => {
+worker.on('completed', (job) => {
  logger.info(`JOB ID: ${job.id} - FLOW ID: ${job.data.flowId} has started!`);
 });
-flowWorker.on('failed', async (job, err) => {
+worker.on('failed', async (job, err) => {
  const errorMessage = `
    JOB ID: ${job.id} - FLOW ID: ${job.data.flowId} has failed to start with ${err.message}
    \n ${err.stack}
@@ -94,4 +95,6 @@ flowWorker.on('failed', async (job, err) => {
  });
 });
-export default flowWorker;
+process.on('SIGTERM', async () => {
  await worker.close();
 });
--- a/packages/backend/src/workers/index.js
+++ b/packages/backend/src/workers/index.js
@@ -1,21 +0,0 @@
 import appConfig from '../config/app.js';
 import actionWorker from './action.js';
 import emailWorker from './email.js';
 import flowWorker from './flow.js';
 import triggerWorker from './trigger.js';
 import deleteUserWorker from './delete-user.ee.js';
 import removeCancelledSubscriptionsWorker from './remove-cancelled-subscriptions.ee.js';
 const workers = [
  actionWorker,
  emailWorker,
  flowWorker,
  triggerWorker,
  deleteUserWorker,
 ];
 if (appConfig.isCloud) {
  workers.push(removeCancelledSubscriptionsWorker);
 }
 export default workers;
--- a/packages/backend/src/workers/remove-cancelled-subscriptions.ee.js
+++ b/packages/backend/src/workers/remove-cancelled-subscriptions.ee.js
@@ -1,11 +1,12 @@
 import { Worker } from 'bullmq';
 import process from 'node:process';
 import { DateTime } from 'luxon';
 import * as Sentry from '../helpers/sentry.ee.js';
 import redisConfig from '../config/redis.js';
 import logger from '../helpers/logger.js';
 import Subscription from '../models/subscription.ee.js';
-const removeCancelledSubscriptionsWorker = new Worker(
+export const worker = new Worker(
  'remove-cancelled-subscriptions',
  async () => {
    await Subscription.query()
@@ -22,13 +23,13 @@ const removeCancelledSubscriptionsWorker = new Worker(
  { connection: redisConfig }
 );
-removeCancelledSubscriptionsWorker.on('completed', (job) => {
+worker.on('completed', (job) => {
  logger.info(
    `JOB ID: ${job.id} - The cancelled subscriptions have been removed!`
  );
 });
-removeCancelledSubscriptionsWorker.on('failed', (job, err) => {
+worker.on('failed', (job, err) => {
  const errorMessage = `
    JOB ID: ${job.id} - ERROR: The cancelled subscriptions can not be removed! ${err.message}
    \n ${err.stack}
@@ -41,4 +42,6 @@ removeCancelledSubscriptionsWorker.on('failed', (job, err) => {
  });
 });
-export default removeCancelledSubscriptionsWorker;
+process.on('SIGTERM', async () => {
  await worker.close();
 });
--- a/packages/backend/src/workers/trigger.js
+++ b/packages/backend/src/workers/trigger.js
@@ -1,4 +1,5 @@
 import { Worker } from 'bullmq';
 import process from 'node:process';
 import * as Sentry from '../helpers/sentry.ee.js';
 import redisConfig from '../config/redis.js';
@@ -11,7 +12,7 @@ import {
  REMOVE_AFTER_7_DAYS_OR_50_JOBS,
 } from '../helpers/remove-job-configuration.js';
-const triggerWorker = new Worker(
+export const worker = new Worker(
  'trigger',
  async (job) => {
    const { flowId, executionId, stepId, executionStep } = await processTrigger(
@@ -40,11 +41,11 @@ const triggerWorker = new Worker(
  { connection: redisConfig }
 );
-triggerWorker.on('completed', (job) => {
+worker.on('completed', (job) => {
  logger.info(`JOB ID: ${job.id} - FLOW ID: ${job.data.flowId} has started!`);
 });
-triggerWorker.on('failed', (job, err) => {
+worker.on('failed', (job, err) => {
  const errorMessage = `
    JOB ID: ${job.id} - FLOW ID: ${job.data.flowId} has failed to start with ${err.message}
    \n ${err.stack}
@@ -59,4 +60,6 @@ triggerWorker.on('failed', (job, err) => {
  });
 });
-export default triggerWorker;
+process.on('SIGTERM', async () => {
  await worker.close();
 });
--- a/packages/backend/test/factories/role-mapping.js
+++ b/packages/backend/test/factories/role-mapping.js
@@ -1,15 +1,16 @@
 import { faker } from '@faker-js/faker';
 import { createRole } from './role.js';
 import RoleMapping from '../../src/models/role-mapping.ee.js';
 import { createSamlAuthProvider } from './saml-auth-provider.ee.js';
 import SamlAuthProviderRoleMapping from '../../src/models/saml-auth-providers-role-mapping.ee.js';
 export const createRoleMapping = async (params = {}) => {
-  params.roleId = params.roleId || (await createRole()).id;
+  params.roleId = params?.roleId || (await createRole()).id;
  params.samlAuthProviderId =
-    params.samlAuthProviderId || (await createSamlAuthProvider()).id;
+    params?.samlAuthProviderId || (await createSamlAuthProvider()).id;
  params.remoteRoleName = params.remoteRoleName || faker.person.jobType();
-  const roleMapping = await RoleMapping.query().insertAndFetch(params);
+  params.remoteRoleName = params?.remoteRoleName || 'User';
-  return roleMapping;
+  const samlAuthProviderRoleMapping =
    await SamlAuthProviderRoleMapping.query().insertAndFetch(params);
  return samlAuthProviderRoleMapping;
 };
--- a/packages/backend/test/factories/saml-auth-providers-role-mapping.js
+++ b/packages/backend/test/factories/saml-auth-providers-role-mapping.js
@@ -0,0 +1,16 @@
 import { faker } from '@faker-js/faker';
 import { createRole } from './role.js';
 import SamlAuthProvidersRoleMapping from '../../src/models/saml-auth-providers-role-mapping.ee.js';
 import { createSamlAuthProvider } from './saml-auth-provider.ee.js';
 export const createSamlAuthProvidersRoleMapping = async (params = {}) => {
  params.roleId = params.roleId || (await createRole()).id;
  params.samlAuthProviderId =
    params.samlAuthProviderId || (await createSamlAuthProvider()).id;
  params.remoteRoleName = params.remoteRoleName || faker.person.jobType();
  const samlAuthProvider =
    await SamlAuthProvidersRoleMapping.query().insertAndFetch(params);
  return samlAuthProvider;
 };
--- a/packages/backend/test/mocks/rest/api/v1/admin/apps/create-config.js
+++ b/packages/backend/test/mocks/rest/api/v1/admin/apps/create-config.js
@@ -2,7 +2,8 @@ const createAppConfigMock = (appConfig) => {
  return {
    data: {
      key: appConfig.key,
-      useOnlyPredefinedAuthClients: appConfig.useOnlyPredefinedAuthClients,
+      customConnectionAllowed: appConfig.customConnectionAllowed,
      shared: appConfig.shared,
      disabled: appConfig.disabled,
    },
    meta: {
--- a/packages/backend/test/mocks/rest/api/v1/admin/saml-auth-providers/get-role-mappings.ee.js
+++ b/packages/backend/test/mocks/rest/api/v1/admin/saml-auth-providers/get-role-mappings.ee.js
@@ -15,7 +15,7 @@ const getRoleMappingsMock = async (roleMappings) => {
      currentPage: null,
      isArray: true,
      totalPages: null,
-      type: 'RoleMapping',
+      type: 'SamlAuthProvidersRoleMapping',
    },
  };
 };
--- a/packages/backend/test/mocks/rest/api/v1/admin/saml-auth-providers/update-role-mappings.ee.js
+++ b/packages/backend/test/mocks/rest/api/v1/admin/saml-auth-providers/update-role-mappings.ee.js
@@ -15,7 +15,7 @@ const createRoleMappingsMock = async (roleMappings) => {
      currentPage: null,
      isArray: true,
      totalPages: null,
-      type: 'RoleMapping',
+      type: 'SamlAuthProvidersRoleMapping',
    },
  };
 };
--- a/packages/backend/test/mocks/rest/api/v1/apps/create-connection.js
+++ b/packages/backend/test/mocks/rest/api/v1/apps/create-connection.js
@@ -2,6 +2,7 @@ const createConnection = (connection) => {
  const connectionData = {
    id: connection.id,
    key: connection.key,
    reconnectable: connection.reconnectable || true,
    appAuthClientId: connection.appAuthClientId,
    formattedData: connection.formattedData,
    verified: connection.verified || false,
--- a/packages/backend/test/mocks/rest/api/v1/apps/get-auth.js
+++ b/packages/backend/test/mocks/rest/api/v1/apps/get-auth.js
@@ -4,8 +4,6 @@ const getAuthMock = (auth) => {
      fields: auth.fields,
      authenticationSteps: auth.authenticationSteps,
      reconnectionSteps: auth.reconnectionSteps,
      sharedReconnectionSteps: auth.sharedReconnectionSteps,
      sharedAuthenticationSteps: auth.sharedAuthenticationSteps,
    },
    meta: {
      count: 1,
--- a/packages/backend/test/mocks/rest/api/v1/apps/get-config.js
+++ b/packages/backend/test/mocks/rest/api/v1/apps/get-config.js
@@ -2,8 +2,10 @@ const getAppConfigMock = (appConfig) => {
  return {
    data: {
      key: appConfig.key,
-      useOnlyPredefinedAuthClients: appConfig.useOnlyPredefinedAuthClients,
+      customConnectionAllowed: appConfig.customConnectionAllowed,
      shared: appConfig.shared,
      disabled: appConfig.disabled,
      connectionAllowed: appConfig.connectionAllowed,
      createdAt: appConfig.createdAt.getTime(),
      updatedAt: appConfig.updatedAt.getTime(),
    },
--- a/packages/backend/test/mocks/rest/api/v1/apps/get-connections.js
+++ b/packages/backend/test/mocks/rest/api/v1/apps/get-connections.js
@@ -3,6 +3,7 @@ const getConnectionsMock = (connections) => {
    data: connections.map((connection) => ({
      id: connection.id,
      key: connection.key,
      reconnectable: connection.reconnectable,
      verified: connection.verified,
      appAuthClientId: connection.appAuthClientId,
      formattedData: {
--- a/packages/backend/test/mocks/rest/api/v1/connections/reset-connection.js
+++ b/packages/backend/test/mocks/rest/api/v1/connections/reset-connection.js
@@ -3,6 +3,7 @@ const resetConnectionMock = (connection) => {
    id: connection.id,
    key: connection.key,
    verified: connection.verified,
    reconnectable: connection.reconnectable,
    appAuthClientId: connection.appAuthClientId,
    formattedData: {
      screenName: connection.formattedData.screenName,
--- a/packages/backend/test/mocks/rest/api/v1/connections/update-connection.js
+++ b/packages/backend/test/mocks/rest/api/v1/connections/update-connection.js
@@ -3,6 +3,7 @@ const updateConnectionMock = (connection) => {
    id: connection.id,
    key: connection.key,
    verified: connection.verified,
    reconnectable: connection.reconnectable,
    appAuthClientId: connection.appAuthClientId,
    formattedData: {
      screenName: connection.formattedData.screenName,
--- a/packages/backend/test/mocks/rest/api/v1/steps/get-connection.js
+++ b/packages/backend/test/mocks/rest/api/v1/steps/get-connection.js
@@ -3,6 +3,7 @@ const getConnectionMock = async (connection) => {
    id: connection.id,
    key: connection.key,
    verified: connection.verified,
    reconnectable: connection.reconnectable,
    appAuthClientId: connection.appAuthClientId,
    formattedData: {
      screenName: connection.formattedData.screenName,
--- a/packages/backend/vitest.config.js
+++ b/packages/backend/vitest.config.js
@@ -2,25 +2,8 @@ import { defineConfig } from 'vitest/config';
 export default defineConfig({
  test: {
    root: './',
    environment: 'node',
    setupFiles: ['./test/setup/global-hooks.js'],
    globals: true,
    reporters: process.env.GITHUB_ACTIONS ? ['dot', 'github-actions'] : ['dot'],
    coverage: {
      reportOnFailure: true,
      provider: 'v8',
      reportsDirectory: './coverage',
      reporter: ['text', 'lcov'],
      all: true,
      include: ['**/src/models/**', '**/src/controllers/**'],
      thresholds: {
        autoUpdate: true,
        statements: 95.16,
        branches: 94.66,
        functions: 97.65,
        lines: 95.16,
      },
    },
  },
 });
--- a/packages/backend/yarn.lock
+++ b/packages/backend/yarn.lock
--- a/packages/docs/.gitignore
+++ b/packages/docs/.gitignore
@@ -1 +0,0 @@
 pages/.vitepress/cache
--- a/packages/docs/package.json
+++ b/packages/docs/package.json
@@ -4,7 +4,6 @@
  "license": "See LICENSE file",
  "description": "The open source Zapier alternative. Build workflow automation without spending time and money.",
  "private": true,
  "type": "module",
  "scripts": {
    "dev": "vitepress dev pages --port 3002",
    "build": "vitepress build pages",
--- a/packages/docs/pages/contributing/development-setup.md
+++ b/packages/docs/pages/contributing/development-setup.md
@@ -6,19 +6,11 @@ Clone main branch of Automatisch.
 git clone git@github.com:automatisch/automatisch.git
 ```
-Then, install the dependencies for both backend and web packages separately.
+Then, install the dependencies.
 ```bash
 cd automatisch
 # Install backend dependencies
 cd packages/backend
 yarn install
 # Install web dependencies
 cd packages/web
 yarn install
 ```
 ## Backend
@@ -61,14 +53,12 @@ yarn db:seed:user
 Start the main backend server.
 ```bash
 cd packages/backend
 yarn dev
 ```
 Start the worker server in another terminal tab.
 ```bash
 cd packages/backend
 yarn worker
 ```
@@ -94,7 +84,6 @@ It will automatically open [http://localhost:3001](http://localhost:3001) in you
 ```bash
 cd packages/docs
 yarn install
 yarn dev
 ```
--- a/packages/docs/pages/contributing/repository-structure.md
+++ b/packages/docs/pages/contributing/repository-structure.md
@@ -1,6 +1,6 @@
 # Repository Structure
-We manage a monorepo structure with the following packages:
+We use `lerna` with `yarn workspaces` to manage the mono repository. We have the following packages:
 ```
 .
@@ -15,5 +15,3 @@ We manage a monorepo structure with the following packages:
 - `docs` - The docs package contains the documentation website.
 - `e2e-tests` - The e2e-tests package contains the end-to-end tests for the internal usage.
 - `web` - The web package contains the frontend application of Automatisch.
 Each package is independently managed, and has its own package.json file to manage dependencies. This allows for better isolation and flexibility.
--- a/packages/docs/yarn.lock
+++ b/packages/docs/yarn.lock
--- a/packages/e2e-tests/package.json
+++ b/packages/e2e-tests/package.json
@@ -29,12 +29,10 @@
    "@playwright/test": "^1.45.1"
  },
  "dependencies": {
    "axios": "^1.6.0",
    "dotenv": "^16.3.1",
    "eslint": "^8.13.0",
    "eslint-config-prettier": "^8.3.0",
    "eslint-plugin-prettier": "^4.0.0",
    "knex": "^2.4.0",
    "luxon": "^3.4.4",
    "micro": "^10.0.1",
    "pg": "^8.12.0",
--- a/packages/e2e-tests/yarn.lock
+++ b/packages/e2e-tests/yarn.lock
--- a/packages/web/package.json
+++ b/packages/web/package.json
@@ -18,7 +18,6 @@
    "@testing-library/jest-dom": "^5.11.4",
    "@testing-library/react": "^11.1.0",
    "@testing-library/user-event": "^12.1.10",
    "axios": "^1.6.0",
    "clipboard-copy": "^4.0.1",
    "compare-versions": "^4.1.3",
    "lodash": "^4.17.21",
@@ -83,7 +82,6 @@
    "access": "public"
  },
  "devDependencies": {
    "@simbathesailor/use-what-changed": "^2.0.0",
    "@tanstack/eslint-plugin-query": "^5.20.1",
    "@tanstack/react-query-devtools": "^5.24.1",
    "eslint-config-prettier": "^9.1.0",
--- a/packages/web/src/components/AcceptInvitationForm/index.jsx
+++ b/packages/web/src/components/AcceptInvitationForm/index.jsx
@@ -112,7 +112,7 @@ export default function ResetPasswordForm() {
              <Alert
                data-test="accept-invitation-form-error"
                severity="error"
-                sx={{ mt: 1 }}
+                sx={{ mt: 1, fontWeight: 500 }}
              >
                {formatMessage('acceptInvitationForm.invalidToken')}
              </Alert>
--- a/packages/web/src/components/AddAppConnection/index.jsx
+++ b/packages/web/src/components/AddAppConnection/index.jsx
@@ -18,7 +18,6 @@ import { generateExternalLink } from 'helpers/translationValues';
 import { Form } from './style';
 import useAppAuth from 'hooks/useAppAuth';
 import { useQueryClient } from '@tanstack/react-query';
 import { useWhatChanged } from '@simbathesailor/use-what-changed';
 function AddAppConnection(props) {
  const { application, connectionId, onClose } = props;
@@ -65,7 +64,7 @@ function AddAppConnection(props) {
      asyncAuthenticate();
    },
-    [appAuthClientId, authenticate, key, navigate],
+    [appAuthClientId, authenticate],
  );
  const handleClientClick = (appAuthClientId) =>
@@ -127,7 +126,7 @@ function AddAppConnection(props) {
      </DialogTitle>
      {authDocUrl && (
-        <Alert severity="info">
+        <Alert severity="info" sx={{ fontWeight: 300 }}>
          {formatMessage('addAppConnection.callToDocs', {
            appName: name,
            docsLink: generateExternalLink(authDocUrl),
@@ -139,7 +138,7 @@ function AddAppConnection(props) {
        <Alert
          data-test="add-connection-error"
          severity="error"
-          sx={{ mt: 1, wordBreak: 'break-all' }}
+          sx={{ mt: 1, fontWeight: 500, wordBreak: 'break-all' }}
        >
          {!errorDetails && errorMessage}
          {errorDetails && (
--- a/packages/web/src/components/AdminApplicationAuthClientDialog/index.jsx
+++ b/packages/web/src/components/AdminApplicationAuthClientDialog/index.jsx
@@ -32,7 +32,10 @@ function AdminApplicationAuthClientDialog(props) {
    <Dialog open={true} onClose={onClose}>
      <DialogTitle>{title}</DialogTitle>
      {error && (
-        <Alert severity="error" sx={{ mt: 1, wordBreak: 'break-all' }}>
+        <Alert
          severity="error"
          sx={{ mt: 1, fontWeight: 500, wordBreak: 'break-all' }}
        >
          {error.message}
        </Alert>
      )}
--- a/packages/web/src/components/AdminApplicationCreateAuthClient/index.jsx
+++ b/packages/web/src/components/AdminApplicationCreateAuthClient/index.jsx
@@ -34,10 +34,10 @@ function AdminApplicationCreateAuthClient(props) {
    if (!appConfigKey) {
      const { data: appConfigData } = await createAppConfig({
-        useOnlyPredefinedAuthClients: false,
+        customConnectionAllowed: true,
        shared: false,
        disabled: false,
      });
      appConfigKey = appConfigData.key;
    }
--- a/packages/web/src/components/AdminApplicationSettings/index.jsx
+++ b/packages/web/src/components/AdminApplicationSettings/index.jsx
@@ -46,8 +46,9 @@ function AdminApplicationSettings(props) {
  const defaultValues = useMemo(
    () => ({
-      useOnlyPredefinedAuthClients:
+      customConnectionAllowed:
-        appConfig?.data?.useOnlyPredefinedAuthClients || false,
+        appConfig?.data?.customConnectionAllowed || false,
      shared: appConfig?.data?.shared || false,
      disabled: appConfig?.data?.disabled || false,
    }),
    [appConfig?.data],
@@ -61,17 +62,21 @@ function AdminApplicationSettings(props) {
        <Paper sx={{ p: 2, mt: 4 }}>
          <Stack spacing={2} direction="column">
            <Switch
-              name="useOnlyPredefinedAuthClients"
+              name="customConnectionAllowed"
-              label={formatMessage(
+              label={formatMessage('adminAppsSettings.customConnectionAllowed')}
-                'adminAppsSettings.useOnlyPredefinedAuthClients',
+              FormControlLabelProps={{
-              )}
+                labelPlacement: 'start',
              }}
            />
            <Divider />
            <Switch
              name="shared"
              label={formatMessage('adminAppsSettings.shared')}
              FormControlLabelProps={{
                labelPlacement: 'start',
              }}
            />
            <Divider />
            <Switch
              name="disabled"
              label={formatMessage('adminAppsSettings.disabled')}
@@ -81,7 +86,6 @@ function AdminApplicationSettings(props) {
            />
            <Divider />
          </Stack>
          <Stack>
            <LoadingButton
              data-test="submit-button"
--- a/packages/web/src/components/AppAuthClientsDialog/index.ee.jsx
+++ b/packages/web/src/components/AppAuthClientsDialog/index.ee.jsx
@@ -15,7 +15,17 @@ function AppAuthClientsDialog(props) {
  const formatMessage = useFormatMessage();
-  if (!appAuthClients?.data.length) return <React.Fragment />;
+  React.useEffect(
    function autoAuthenticateSingleClient() {
      if (appAuthClients?.data.length === 1) {
        onClientClick(appAuthClients.data[0].id);
      }
    },
    [appAuthClients?.data],
  );
  if (!appAuthClients?.data.length || appAuthClients?.data.length === 1)
    return <React.Fragment />;
  return (
    <Dialog onClose={onClose} open={true}>
--- a/packages/web/src/components/AppConnectionContextMenu/index.jsx
+++ b/packages/web/src/components/AppConnectionContextMenu/index.jsx
@@ -11,7 +11,14 @@ import { useQueryClient } from '@tanstack/react-query';
 import Can from 'components/Can';
 function ContextMenu(props) {
-  const { appKey, connection, onClose, onMenuItemClick, anchorEl } = props;
+  const {
    appKey,
    connection,
    onClose,
    onMenuItemClick,
    anchorEl,
    disableReconnection,
  } = props;
  const formatMessage = useFormatMessage();
  const queryClient = useQueryClient();
@@ -66,7 +73,7 @@ function ContextMenu(props) {
        {(allowed) => (
          <MenuItem
            component={Link}
-            disabled={!allowed}
+            disabled={!allowed || disableReconnection}
            to={URLS.APP_RECONNECT_CONNECTION(
              appKey,
              connection.id,
@@ -102,6 +109,7 @@ ContextMenu.propTypes = {
    PropTypes.func,
    PropTypes.shape({ current: PropTypes.instanceOf(Element) }),
  ]),
  disableReconnection: PropTypes.bool.isRequired,
 };
 export default ContextMenu;
--- a/packages/web/src/components/AppConnectionRow/index.jsx
+++ b/packages/web/src/components/AppConnectionRow/index.jsx
@@ -30,7 +30,8 @@ const countTranslation = (value) => (
 function AppConnectionRow(props) {
  const formatMessage = useFormatMessage();
  const enqueueSnackbar = useEnqueueSnackbar();
-  const { id, key, formattedData, verified, createdAt } = props.connection;
+  const { id, key, formattedData, verified, createdAt, reconnectable } =
    props.connection;
  const [verificationVisible, setVerificationVisible] = React.useState(false);
  const contextButtonRef = React.useRef(null);
  const [anchorEl, setAnchorEl] = React.useState(null);
@@ -173,6 +174,7 @@ function AppConnectionRow(props) {
        <ConnectionContextMenu
          appKey={key}
          connection={props.connection}
          disableReconnection={!reconnectable}
          onClose={handleClose}
          onMenuItemClick={onContextMenuAction}
          anchorEl={anchorEl}
--- a/packages/web/src/components/ChooseConnectionSubstep/index.jsx
+++ b/packages/web/src/components/ChooseConnectionSubstep/index.jsx
@@ -95,8 +95,7 @@ function ChooseConnectionSubstep(props) {
    if (
      !appConfig?.data ||
-      (!appConfig.data?.disabled === false &&
+      (!appConfig.data?.disabled && appConfig.data?.customConnectionAllowed)
        appConfig.data?.useOnlyPredefinedAuthClients === false)
    ) {
      options.push({
        label: formatMessage('chooseConnectionSubstep.addNewConnection'),
@@ -104,10 +103,12 @@ function ChooseConnectionSubstep(props) {
      });
    }
-    options.push({
+    if (appConfig?.data?.connectionAllowed) {
-      label: formatMessage('chooseConnectionSubstep.addNewSharedConnection'),
+      options.push({
-      value: ADD_SHARED_CONNECTION_VALUE,
+        label: formatMessage('chooseConnectionSubstep.addNewSharedConnection'),
-    });
+        value: ADD_SHARED_CONNECTION_VALUE,
      });
    }
    return options;
  }, [data, formatMessage, appConfig?.data]);
--- a/packages/web/src/components/ControlledCustomAutocomplete/index.jsx
+++ b/packages/web/src/components/ControlledCustomAutocomplete/index.jsx
@@ -6,7 +6,7 @@ import FormHelperText from '@mui/material/FormHelperText';
 import ArrowDropDownIcon from '@mui/icons-material/ArrowDropDown';
 import ClearIcon from '@mui/icons-material/Clear';
 import { ActionButtonsWrapper } from './style';
-import { ClickAwayListener } from '@mui/base/ClickAwayListener';
+import ClickAwayListener from '@mui/base/ClickAwayListener';
 import InputLabel from '@mui/material/InputLabel';
 import { createEditor } from 'slate';
 import { Editable, ReactEditor } from 'slate-react';
--- a/Show More
+++ b/Show More