diff --git a/abra.sh b/abra.sh
index 61a56c2..a4adbdf 100644
--- a/abra.sh
+++ b/abra.sh
@@ -1,7 +1,7 @@
 export ENTRYPOINT_CONF_VERSION=v1
-export LOCAL_CONF_VERSION=v1
+export LOCAL_CONF_VERSION=v2
 
 create_admin () {
     export DATABASE_URL="$DATABASE_TYPE://$DATABASE_USER:$(cat /run/secrets/db_password)@$DATABASE_HOST/$DATABASE_NAME"
-    /opt/kimai/bin/console kimai:create-user admin admin@example.org ROLE_SUPER_ADMIN 
+    /opt/kimai/bin/console kimai:create-user admin admin@example.org ROLE_SUPER_ADMIN
 }
diff --git a/local.yaml.tmpl b/local.yaml.tmpl
index 011d289..b4b118f 100644
--- a/local.yaml.tmpl
+++ b/local.yaml.tmpl
@@ -4,13 +4,14 @@ kimai:
     activate: true
     title: Login with SAML
     mapping:
-      - { saml: $http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress, kimai: email }
-      - { saml: $http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name, kimai: alias }
+      - { saml: $Email, kimai: email }
+      - { saml: $FirstName $LastName, kimai: alias }
     roles:
-      attribute: http://schemas.xmlsoap.org/claims/Group
+      resetOnLogin: true
+      attribute: Roles
       mapping:
-      # Insert your roles here (ROLE_USER is added automatically)
-        - { saml: admin.group, kimai: ROLE_ADMIN }
+        - { saml: Admins, kimai: ROLE_ADMIN }
+        - { saml: Management, kimai: ROLE_TEAMLEAD }
     connection:
       # You SAML provider
       # Your Authentik instance, replace https://authentik.company with your authentik URL