diff --git a/powerdnsadmin/models/setting.py b/powerdnsadmin/models/setting.py
index ca8e6bc..2325fa5 100644
--- a/powerdnsadmin/models/setting.py
+++ b/powerdnsadmin/models/setting.py
@@ -95,10 +95,13 @@ class Setting(db.Model):
         'oidc_oauth_api_url': '',
         'oidc_oauth_token_url': '',
         'oidc_oauth_authorize_url': '',
+        'oidc_oauth_logout_url': '',
         'oidc_oauth_username': 'preferred_username',
         'oidc_oauth_firstname': 'given_name',
         'oidc_oauth_last_name': 'family_name ',
         'oidc_oauth_email': 'email',
+        'oidc_oauth_account_name_property': '',
+        'oidc_oauth_account_description_property': '',
         'forward_records_allow_edit': {
             'A': True,
             'AAAA': True,
diff --git a/powerdnsadmin/models/user.py b/powerdnsadmin/models/user.py
index ce24a75..a3f31cd 100644
--- a/powerdnsadmin/models/user.py
+++ b/powerdnsadmin/models/user.py
@@ -473,7 +473,7 @@ class User(db.Model):
         user.email = self.email
 
         # store new password hash (only if changed)
-        if self.plain_text_password != "":
+        if self.plain_text_password:
             user.password = self.get_hashed_password(
                 self.plain_text_password).decode("utf-8")
 
@@ -589,3 +589,21 @@ class User(db.Model):
             return {'status': True, 'msg': 'Set user role successfully'}
         else:
             return {'status': False, 'msg': 'Role does not exist'}
+
+    def get_accounts(self):
+        """
+        Get accounts associated with this user
+        """
+        from .account import Account
+        from .account_user import AccountUser
+        accounts = []
+        query = db.session\
+            .query(
+                AccountUser,
+                Account)\
+            .filter(User.id == AccountUser.user_id)\
+            .filter(Account.id == AccountUser.account_id)\
+            .all()
+        for q in query:
+            accounts.append(q[1])
+        return accounts
diff --git a/powerdnsadmin/routes/admin.py b/powerdnsadmin/routes/admin.py
index ff037c5..5a92850 100644
--- a/powerdnsadmin/routes/admin.py
+++ b/powerdnsadmin/routes/admin.py
@@ -953,6 +953,10 @@ def setting_authentication():
                               request.form.get('oidc_oauth_last_name'))
                 Setting().set('oidc_oauth_email',
                               request.form.get('oidc_oauth_email'))
+                Setting().set('oidc_oauth_account_name_property',
+                              request.form.get('oidc_oauth_account_name_property'))
+                Setting().set('oidc_oauth_account_description_property',
+                              request.form.get('oidc_oauth_account_description_property'))
                 result = {
                     'status': True,
                     'msg':
diff --git a/powerdnsadmin/routes/index.py b/powerdnsadmin/routes/index.py
index 72fc56b..907a93a 100644
--- a/powerdnsadmin/routes/index.py
+++ b/powerdnsadmin/routes/index.py
@@ -380,11 +380,28 @@ def login():
                         firstname=oidc_givenname,
                         lastname=oidc_familyname,
                         email=oidc_email)
-
             result = user.create_local_user()
-            if not result['status']:
-                session.pop('oidc_token', None)
-                return redirect(url_for('index.login'))
+        else:
+            user.firstname = oidc_givenname
+            user.lastname = oidc_familyname
+            user.email = oidc_email
+            user.plain_text_password = None
+            result = user.update_local_user()
+
+        if not result['status']:
+            session.pop('oidc_token', None)
+            return redirect(url_for('index.login'))
+
+        if Setting().get('oidc_oauth_account_name_property') and Setting().get('oidc_oauth_account_description_property'):
+            name_prop = Setting().get('oidc_oauth_account_name_property')
+            desc_prop = Setting().get('oidc_oauth_account_description_property')
+            if name_prop in me and desc_prop in me:
+                account = handle_account(me[name_prop], me[desc_prop])
+                account.add_user(user)
+                user_accounts = user.get_accounts()
+                for ua in user_accounts:
+                    if ua.name != account.name:
+                        ua.remove_user(user)
 
         session['user_id'] = user.id
         session['authentication_type'] = 'OAuth'
@@ -519,6 +536,13 @@ def logout():
                 session_index=session['samlSessionIndex'],
                 name_id=session['samlNameId']))
 
+    redirect_uri = url_for('index.login')
+    oidc_logout = Setting().get('oidc_oauth_logout_url')
+
+    if 'oidc_token' in session and oidc_logout:
+        redirect_uri = "{}?redirect_uri={}".format(
+            oidc_logout, url_for('index.login', _external=True))
+
     # Clean cookies and flask session
     clear_session()
 
@@ -542,7 +566,7 @@ def logout():
 
         return res
 
-    return redirect(url_for('index.login'))
+    return redirect(redirect_uri)
 
 
 @index_bp.route('/register', methods=['GET', 'POST'])
@@ -956,7 +980,7 @@ def create_group_to_account_mapping():
     return group_to_account_mapping
 
 
-def handle_account(account_name):
+def handle_account(account_name, account_description=""):
     clean_name = ''.join(c for c in account_name.lower()
                          if c in "abcdefghijklmnopqrstuvwxyz0123456789")
     if len(clean_name) > Account.name.type.length:
@@ -965,13 +989,16 @@ def handle_account(account_name):
     account = Account.query.filter_by(name=clean_name).first()
     if not account:
         account = Account(name=clean_name.lower(),
-                          description='',
+                          description=account_description,
                           contact='',
                           mail='')
         account.create_account()
         history = History(msg='Account {0} created'.format(account.name),
-                          created_by='SAML Assertion')
+                          created_by='OIDC/SAML Assertion')
         history.add()
+    else:
+        account.description = account_description
+        account.update_account()
     return account
 
 
diff --git a/powerdnsadmin/templates/admin_setting_authentication.html b/powerdnsadmin/templates/admin_setting_authentication.html
index 5a4ef01..c73cc2c 100644
--- a/powerdnsadmin/templates/admin_setting_authentication.html
+++ b/powerdnsadmin/templates/admin_setting_authentication.html
@@ -538,9 +538,6 @@
                                                     <input type="text" class="form-control" name="oidc_oauth_secret" id="oidc_oauth_secret" placeholder="OIDC OAuth client secret" data-error="Please input Client secret" value="{{ SETTING.get('oidc_oauth_secret') }}">
                                                     <span class="help-block with-errors"></span>
                                                 </div>
-                                            </fieldset>
-                                            <fieldset>
-                                                <legend>ADVANCE</legend>
                                                 <div class="form-group">
                                                     <label for="oidc_oauth_scope">Scope</label>
                                                     <input type="text" class="form-control" name="oidc_oauth_scope" id="oidc_oauth_scope" placeholder="e.g. email" data-error="Please input scope" value="{{ SETTING.get('oidc_oauth_scope') }}">
@@ -561,6 +558,11 @@
                                                     <input type="text" class="form-control" name="oidc_oauth_authorize_url" id="oidc_oauth_authorize_url" placeholder="e.g. https://oidc.com/login/oauth/authorize" data-error="Plesae input Authorize URL" value="{{ SETTING.get('oidc_oauth_authorize_url') }}">
                                                     <span class="help-block with-errors"></span>
                                                 </div>
+                                                <div class="form-group">
+                                                    <label for="oidc_oauth_logout_url">Logout URL</label>
+                                                    <input type="text" class="form-control" name="oidc_oauth_logout_url" id="oidc_oauth_authorize_url" placeholder="e.g. https://oidc.com/login/oauth/logout" data-error="Please input Logout URL" value="{{ SETTING.get('oidc_oauth_logout_url') }}">
+                                                    <span class="help-block with-errors"></span>
+                                                </div>
                                             </fieldset>
                                             <fieldset>
                                                 <legend>CLAIMS</legend>
@@ -585,6 +587,19 @@
                                                     <span class="help-block with-errors"></span>
                                                 </div>
                                             </fieldset>
+                                            <fieldset>
+                                                <legend>ADVANCE</legend>
+                                                <div class="form-group">
+                                                    <label for="oidc_oauth_account_name_property">Autoprovision Account Name property</label>
+                                                    <input type="text" class="form-control" name="oidc_oauth_account_name_property" id="oidc_oauth_account_name_property" placeholder="e.g. account_name" data-error="Please input property containing account_name" value="{{ SETTING.get('oidc_oauth_account_name_property') }}">
+                                                    <span class="help-block with-errors"></span>
+                                                </div>
+                                                <div class="form-group">
+                                                    <label for="oidc_oauth_account_description_property">Autoprovision Account Description property</label>
+                                                    <input type="text" class="form-control" name="oidc_oauth_account_description_property" id="oidc_oauth_account_description_property" placeholder="e.g. account_description" data-error="Please input property containing account_description" value="{{ SETTING.get('oidc_oauth_account_description_property') }}">
+                                                    <span class="help-block with-errors"></span>
+                                                </div>
+                                            </fieldset>
                                             <div class="form-group">
                                                 <button type="submit" class="btn btn-flat btn-primary">Save</button>
                                             </div>