diff --git a/manifests/wikijs/values.yaml b/manifests/wikijs/values.yaml
index 7c6f878..e102940 100644
--- a/manifests/wikijs/values.yaml
+++ b/manifests/wikijs/values.yaml
@@ -43,3 +43,60 @@ env:
 
 nodeSelector:
   node-role.kubernetes.io/worker: "true"
+
+# 🚀 Initial admin registration + groups
+initialSetup:
+  enabled: true
+  defaultEmail: dvirlabs@gmail.com
+  defaultPassword: changeThisNow
+
+# 👥 Auto-create groups with permissions
+initialGroups:
+  - name: wikijs-admins
+    system: false
+    permissions:
+      - pages.view
+      - pages.create
+      - pages.update
+      - pages.delete
+      - administration.access
+      - users.manage
+      - groups.manage
+
+  - name: wikijs-users
+    system: false
+    permissions:
+      - pages.view
+      - pages.create
+      - pages.update
+
+  - name: Guests
+    system: true
+    permissions:
+      - pages.view
+
+# 🔐 Authentication provider (OIDC / Keycloak)
+authentication:
+  oauth2:
+    enabled: true
+    allowSelfRegistration: true
+    autoAssignGroups:
+      - Guests
+    clientId: wikijs
+    clientSecret: <YOUR_CLIENT_SECRET>
+    authorizationEndpoint: https://keycloak.dvirlabs.com/realms/lab/protocol/openid-connect/auth
+    tokenEndpoint: https://keycloak.dvirlabs.com/realms/lab/protocol/openid-connect/token
+    userInfoEndpoint: https://keycloak.dvirlabs.com/realms/lab/protocol/openid-connect/userinfo
+    logoutEndpoint: https://keycloak.dvirlabs.com/realms/lab/protocol/openid-connect/logout
+    scope: openid profile email
+    prompt: auto
+    domainWhitelist:
+      - dvirlabs.com
+    mapGroups:
+      enabled: true
+      claim: groups
+      mappings:
+        - source: wikijs-admins
+          target: wikijs-admins
+        - source: wikijs-users
+          target: wikijs-users