diff --git a/jupyter/cygno_experiment.yaml b/jupyter/cygno_experiment.yaml
index f6ff48b6988b5bf06dde2aa681609ab79745b0c1..67068e257921636d5cdea9f6f4b5c89ebb4982b1 100644
--- a/jupyter/cygno_experiment.yaml
+++ b/jupyter/cygno_experiment.yaml
@@ -36,7 +36,7 @@ topology_template:
 
     iam_url:
       type: string
-      default: "https://iam.cloud.infn.it"
+      default: "https://iam.cloud.infn.it/"
       description: IAM Instance for end user authentication
 
     iam_subject:
@@ -109,9 +109,17 @@ topology_template:
 
   node_templates:
 
+    iam_client:
+      type: tosca.nodes.indigo.iam.client
+      properties:
+        scopes: openid email profile wlcg offline_access address wlcg.groups
+        issuer: { get_input: iam_url }
+
     ml_install:
       type: tosca.nodes.DODAS.single-node-jupyterhub
       properties:
+        iam_client_id: { get_property : [ iam_client, client_id ] }
+        iam_token: { get_property : [ iam_client, registration_access_token ] }
         iam_url: { get_input: iam_url }
         iam_subject: { get_input: iam_subject }
         iam_groups: { get_input: iam_groups }
diff --git a/jupyter/jupyter_matlab.yaml b/jupyter/jupyter_matlab.yaml
index 53cd074f4301f107f46e9ca717142e792798f6db..88b4962f11adaa51ba152182a62202c092f1bd09 100644
--- a/jupyter/jupyter_matlab.yaml
+++ b/jupyter/jupyter_matlab.yaml
@@ -48,7 +48,7 @@ topology_template:
 
     iam_url:
       type: string
-      default: "https://iam.cloud.infn.it"
+      default: "https://iam.cloud.infn.it/"
       description: IAM Instance for end user authentication
 
     iam_subject:
@@ -109,11 +109,20 @@ topology_template:
         type: tosca.datatypes.indigo.network.PortSpec
 
   node_templates:
+
+    iam_client:
+      type: tosca.nodes.indigo.iam.client
+      properties:
+        scopes: openid email profile wlcg offline_access address wlcg.groups
+        issuer: { get_input: iam_url }
+    
     ml_install:
       type: tosca.nodes.DODAS.single-node-jupyterhub
       properties:
-        letsencrypt_test: false
         contact_email: { get_input: contact_email }
+        iam_client_id: { get_property : [ iam_client, client_id ] }
+        iam_token: { get_property : [ iam_client, registration_access_token ] }
+        #letsencrypt_test: false #Commented because not in tosca.nodes.DODAS.single-node-jupyterhub        contact_email: { get_input: contact_email }
         iam_url: { get_input: iam_url }
         iam_subject: { get_input: iam_subject }
         iam_groups: { get_input: iam_groups }
diff --git a/jupyter/jupyter_vm.yaml b/jupyter/jupyter_vm.yaml
index d006c7139bdc8638f11a34338c7400333722df0e..5c1f4a0f2931bab2fe7b75460806c62a88bcef51 100644
--- a/jupyter/jupyter_vm.yaml
+++ b/jupyter/jupyter_vm.yaml
@@ -50,7 +50,7 @@ topology_template:
 
     iam_url:
       type: string
-      default: "https://iam.cloud.infn.it"
+      default: "https://iam.cloud.infn.it/"
       description: IAM Instance for end user authentication
 
     iam_subject:
@@ -124,9 +124,17 @@ topology_template:
 
   node_templates:
 
+    iam_client:
+      type: tosca.nodes.indigo.iam.client
+      properties:
+        scopes: openid email profile wlcg offline_access address wlcg.groups
+        issuer: { get_input: iam_url }
+
     ml_install:
       type: tosca.nodes.DODAS.single-node-jupyterhub
       properties:
+        iam_client_id: { get_property : [ iam_client, client_id ] }
+        iam_token: { get_property : [ iam_client, registration_access_token ] }
         contact_email: { get_input: contact_email }
         iam_url: { get_input: iam_url }
         iam_subject: { get_input: iam_subject }
diff --git a/jupyter/ml_infn.yaml b/jupyter/ml_infn.yaml
index 3372f6f537cbdfdf34051cbb82523c11f9c92873..4e4f09b5c06abb4a11024792bc455e6110d16de9 100644
--- a/jupyter/ml_infn.yaml
+++ b/jupyter/ml_infn.yaml
@@ -69,7 +69,7 @@ topology_template:
 
     iam_url:
       type: string
-      default: "https://iam.cloud.infn.it"
+      default: "https://iam.cloud.infn.it/"
       description: IAM Instance for end user authentication
 
     iam_subject:
@@ -155,9 +155,17 @@ topology_template:
 
   node_templates:
 
+    iam_client:
+      type: tosca.nodes.indigo.iam.client
+      properties:
+        scopes: openid email profile wlcg offline_access address wlcg.groups
+        issuer: { get_input: iam_url }
+          
     ml_install:
       type: tosca.nodes.DODAS.single-node-jupyterhub
       properties:
+        iam_client_id: { get_property : [ iam_client, client_id ] }
+        iam_token: { get_property : [ iam_client, registration_access_token ] }
         iam_url: { get_input: iam_url }
         iam_subject: { get_input: iam_subject }
         iam_groups: { get_input: iam_groups }
diff --git a/jupyter/private-net/jupyter_vm.yaml b/jupyter/private-net/jupyter_vm.yaml
index 04f202db0e32dc8d984a1b3849597037b9428112..b8645900c234e08d2f07d418ec63a605964fb948 100644
--- a/jupyter/private-net/jupyter_vm.yaml
+++ b/jupyter/private-net/jupyter_vm.yaml
@@ -49,7 +49,7 @@ topology_template:
 
     iam_url:
       type: string
-      default: "https://iam.cloud.infn.it"
+      default: "https://iam.cloud.infn.it/"
       description: IAM Instance for end user authentication
 
     iam_subject:
@@ -118,9 +118,17 @@ topology_template:
 
   node_templates:
 
+    iam_client:
+      type: tosca.nodes.indigo.iam.client
+      properties:
+        scopes: openid email profile wlcg offline_access address wlcg.groups
+        issuer: { get_input: iam_url }
+
     ml_install:
       type: tosca.nodes.DODAS.single-node-jupyterhub
       properties:
+        iam_client_id: { get_property : [ iam_client, client_id ] }
+        iam_token: { get_property : [ iam_client, registration_access_token ] }
         contact_email: { get_input: contact_email }
         iam_url: { get_input: iam_url }
         iam_subject: { get_input: iam_subject }
diff --git a/single-vm/cloud_storage_service.yaml b/single-vm/cloud_storage_service.yaml
index b99ce5bfac0d12d095af33d570f2d1e2d1425941..33fde72393715c2da9de74e2b9a3b0ae237923fe 100644
--- a/single-vm/cloud_storage_service.yaml
+++ b/single-vm/cloud_storage_service.yaml
@@ -137,7 +137,6 @@ topology_template:
       properties:
         scopes: openid profile email
         issuer: { get_input: iam_url }
-        owner: { get_input: iam_subject }
 
     s3_data_bucket:
       type: tosca.nodes.indigo.S3Bucket