diff --git a/abra.sh b/abra.sh
index d3180c5..4c74c45 100644
--- a/abra.sh
+++ b/abra.sh
@@ -8,7 +8,7 @@ export SYSTEM_TENANT_VERSION=v1
 export NEXTCLOUD_CONFIG_VERSION=v1
 export WORDPRESS_CONFIG_VERSION=v1
 export MATRIX_CONFIG_VERSION=v1
-export WEKAN_CONFIG_VERSION=v2
+export WEKAN_CONFIG_VERSION=v3
 export VIKUNJA_CONFIG_VERSION=v1
 
 customize() {
diff --git a/wekan.yaml.tmpl b/wekan.yaml.tmpl
index 0cbc1b7..7be7eba 100644
--- a/wekan.yaml.tmpl
+++ b/wekan.yaml.tmpl
@@ -9,7 +9,7 @@ entries:
     description: wekan
     expression: "groupsDict = {\"wekanGroups\": []}\nfor group in request.user.ak_groups.all():\n\
       \  my_attributes = group.attributes\n  my_attributes[\"displayName\"] = group.name\n\
-      \  my_attributes[\"isAdmin\"] = group.is_superuser\n\
+      \  my_attributes[\"isAdmin\"] = group.attributes[\"isAdmin\"] if 'isAdmin' in group.attributes else group.is_superuser\n\
       \  my_attributes[\"isActive\"] = group.attributes[\"\
       isActive\"] if 'isActive' in group.attributes else True\n  my_attributes[\"\
       forceCreate\"] = group.attributes[\"forceCreate\"] if 'forceCreate' in group.attributes\
@@ -38,7 +38,7 @@ entries:
     - !Find [authentik_providers_oauth2.scopemapping, [scope_name, profile]]
     - !KeyOf wekan_group_mapping
     signing_key: !Find [authentik_crypto.certificatekeypair, [name, authentik Self-signed Certificate]]
-    sub_mode: user_username
+    sub_mode: hashed_user_id
     token_validity: days=30
   conditions: []
   id: wekan_provider