diff --git a/abra.sh b/abra.sh
index e61cd95..2687a5c 100644
--- a/abra.sh
+++ b/abra.sh
@@ -5,17 +5,17 @@ export FLOW_INVALIDATION_VERSION=v2
 export FLOW_RECOVERY_VERSION=v1
 export FLOW_TRANSLATION_VERSION=v3
 export SYSTEM_BRAND_VERSION=v4
-export NEXTCLOUD_CONFIG_VERSION=v2
-export WORDPRESS_CONFIG_VERSION=v3
-export MATRIX_CONFIG_VERSION=v2
-export WEKAN_CONFIG_VERSION=v4
-export VIKUNJA_CONFIG_VERSION=v2
-export OUTLINE_CONFIG_VERSION=v3
-export KIMAI_CONFIG_VERSION=v2
-export ZAMMAD_CONFIG_VERSION=v3
-export RALLLY_CONFIG_VERSION=v3
-export HEDGEDOC_CONFIG_VERSION=v2
-export MONITORING_CONFIG_VERSION=v3
+export NEXTCLOUD_CONFIG_VERSION=v3
+export WORDPRESS_CONFIG_VERSION=v4
+export MATRIX_CONFIG_VERSION=v3
+export WEKAN_CONFIG_VERSION=v5
+export VIKUNJA_CONFIG_VERSION=v3
+export OUTLINE_CONFIG_VERSION=v4
+export KIMAI_CONFIG_VERSION=v3
+export ZAMMAD_CONFIG_VERSION=v4
+export RALLLY_CONFIG_VERSION=v4
+export HEDGEDOC_CONFIG_VERSION=v3
+export MONITORING_CONFIG_VERSION=v4
 export DB_ENTRYPOINT_VERSION=v1
 export PG_BACKUP_VERSION=v2
 export ENTRYPOINT_CSS_VERSION=v1
diff --git a/compose.matrix.yml b/compose.matrix.yml
index 79233b1..dd2075f 100644
--- a/compose.matrix.yml
+++ b/compose.matrix.yml
@@ -12,6 +12,7 @@ services:
       - matrix_secret
     environment:
       - ELEMENT_DOMAIN
+      - MATRIX_DOMAIN
     configs:
       - source: matrix
         target: /blueprints/matrix.yaml
diff --git a/hedgedoc.yaml.tmpl b/hedgedoc.yaml.tmpl
index eafa124..10b6007 100644
--- a/hedgedoc.yaml.tmpl
+++ b/hedgedoc.yaml.tmpl
@@ -16,6 +16,9 @@ entries:
     client_type: confidential
     include_claims_in_id_token: true
     issuer_mode: per_provider
+    redirect_uris:
+    - matching_mode: strict
+      url: https://{{ env  "HEDGEDOC_DOMAIN" }}/auth/oauth2/callback
     name: Hedgedoc
     property_mappings:
     - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
@@ -32,7 +35,7 @@ entries:
   state: present
 
 - attrs:
-    meta_launch_url: https://{{ env  "HEDGEDOC_DOMAIN" }}
+    meta_launch_url: https://{{ env  "HEDGEDOC_DOMAIN" }}/auth/oauth2
     open_in_new_tab: true
     policy_engine_mode: any
     provider: !KeyOf hedgedoc_provider
diff --git a/kimai.yaml.tmpl b/kimai.yaml.tmpl
index ccc016d..844e852 100644
--- a/kimai.yaml.tmpl
+++ b/kimai.yaml.tmpl
@@ -37,7 +37,7 @@ entries:
   state: present
 
 - attrs:
-    meta_launch_url: https://{{ env  "KIMAI_DOMAIN" }}
+    meta_launch_url: https://{{ env  "KIMAI_DOMAIN" }}/auth/saml/login
     open_in_new_tab: true
     policy_engine_mode: any
     provider: !KeyOf kimai_provider
diff --git a/matrix.yaml.tmpl b/matrix.yaml.tmpl
index aa4e2ae..1d6717e 100644
--- a/matrix.yaml.tmpl
+++ b/matrix.yaml.tmpl
@@ -16,6 +16,9 @@ entries:
     client_type: confidential
     include_claims_in_id_token: true
     issuer_mode: per_provider
+    redirect_uris:
+    - matching_mode: strict
+      url: https://{{ env  "MATRIX_DOMAIN" }}/_synapse/client/oidc/callback
     name: Matrix
     property_mappings:
     - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
diff --git a/monitoring.yaml.tmpl b/monitoring.yaml.tmpl
index 7c1942b..3c88d6a 100644
--- a/monitoring.yaml.tmpl
+++ b/monitoring.yaml.tmpl
@@ -16,6 +16,9 @@ entries:
     client_type: confidential
     include_claims_in_id_token: true
     issuer_mode: per_provider
+    redirect_uris:
+    - matching_mode: strict
+      url: https://{{ env  "MONITORING_DOMAIN" }}/login/generic_oauth
     name: Monitoring
     property_mappings:
     - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
diff --git a/nextcloud.yaml.tmpl b/nextcloud.yaml.tmpl
index af62a9e..33bdb68 100644
--- a/nextcloud.yaml.tmpl
+++ b/nextcloud.yaml.tmpl
@@ -28,6 +28,9 @@ entries:
     client_type: confidential
     include_claims_in_id_token: true
     issuer_mode: per_provider
+    redirect_uris:
+    - matching_mode: strict
+      url: https://{{ env  "NEXTCLOUD_DOMAIN" }}/apps/sociallogin/custom_oidc/authentik
     name: Nextcloud
     property_mappings:
     - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
diff --git a/outline.yaml.tmpl b/outline.yaml.tmpl
index ec72b2e..a388a16 100644
--- a/outline.yaml.tmpl
+++ b/outline.yaml.tmpl
@@ -16,6 +16,9 @@ entries:
     client_type: confidential
     include_claims_in_id_token: true
     issuer_mode: per_provider
+    redirect_uris:
+    - matching_mode: strict
+      url: https://{{ env  "OUTLINE_DOMAIN" }}/auth/oidc.callback
     name: Outline
     property_mappings:
     - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
@@ -32,7 +35,7 @@ entries:
   state: present
 
 - attrs:
-    meta_launch_url: https://{{ env  "OUTLINE_DOMAIN" }}
+    meta_launch_url: https://{{ env  "OUTLINE_DOMAIN" }}/auth/oidc
     open_in_new_tab: true
     policy_engine_mode: any
     provider: !KeyOf outline_provider
diff --git a/rallly.yaml.tmpl b/rallly.yaml.tmpl
index 8e26c40..a1a649a 100644
--- a/rallly.yaml.tmpl
+++ b/rallly.yaml.tmpl
@@ -16,6 +16,9 @@ entries:
     client_type: confidential
     include_claims_in_id_token: true
     issuer_mode: per_provider
+    redirect_uris:
+    - matching_mode: strict
+      url: https://{{ env  "RALLLY_DOMAIN" }}/api/auth/callback/oidc
     name: Rallly
     property_mappings:
     - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
diff --git a/vikunja.yaml.tmpl b/vikunja.yaml.tmpl
index ab7af08..5267035 100644
--- a/vikunja.yaml.tmpl
+++ b/vikunja.yaml.tmpl
@@ -16,6 +16,9 @@ entries:
     client_type: confidential
     include_claims_in_id_token: true
     issuer_mode: per_provider
+    redirect_uris:
+    - matching_mode: strict
+      url: https://{{ env  "VIKUNJA_DOMAIN" }}/auth/openid/authentik
     name: Vikunja
     property_mappings:
     - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
diff --git a/wekan.yaml.tmpl b/wekan.yaml.tmpl
index a9549f8..a2c70de 100644
--- a/wekan.yaml.tmpl
+++ b/wekan.yaml.tmpl
@@ -33,6 +33,9 @@ entries:
     client_type: confidential
     include_claims_in_id_token: true
     issuer_mode: per_provider
+    redirect_uris:
+    - matching_mode: strict
+      url: https://{{ env  "WEKAN_DOMAIN" }}/_oauth/oidc
     name: Wekan
     property_mappings:
     - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
diff --git a/wordpress.yaml.tmpl b/wordpress.yaml.tmpl
index 7624908..91c8c2c 100644
--- a/wordpress.yaml.tmpl
+++ b/wordpress.yaml.tmpl
@@ -16,6 +16,9 @@ entries:
     client_type: confidential
     include_claims_in_id_token: true
     issuer_mode: per_provider
+    redirect_uris:
+    - matching_mode: strict
+      url: https://{{ env  "WORDPRESS_DOMAIN" }}/openid-connect-authorize
     name: Wordpress
     property_mappings:
     - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]