diff --git a/docker-compose-host-macos.yml b/docker-compose-host-macos.yml
index 6ad445784..32fa8109c 100644
--- a/docker-compose-host-macos.yml
+++ b/docker-compose-host-macos.yml
@@ -55,7 +55,7 @@ services:
       - "8080:8080"
 
   auth:
-    image: quay.io/oauth2-proxy/oauth2-proxy:v7.2.1
+    image: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0
     container_name: radix-auth_container
     environment:
       # See the `radixconfig.yaml` file for a description of these settings
@@ -67,6 +67,7 @@ services:
       - OAUTH2_PROXY_EMAIL_DOMAINS=*
       - OAUTH2_PROXY_HTTP_ADDRESS=http://:8000
       - OAUTH2_PROXY_OIDC_ISSUER_URL=https://login.microsoftonline.com/3aa4a235-b6e2-48d5-9195-7fcf05b459b0/v2.0
+      - OAUTH2_PROXY_SKIP_CLAIMS_FROM_PROFILE_URL=true
       - OAUTH2_PROXY_PASS_ACCESS_TOKEN=true
       - OAUTH2_PROXY_PASS_BASIC_AUTH=false
       - OAUTH2_PROXY_PASS_USER_HEADERS=false
diff --git a/docker-compose-host.yml b/docker-compose-host.yml
index c0507636c..3ef1e4396 100644
--- a/docker-compose-host.yml
+++ b/docker-compose-host.yml
@@ -37,7 +37,7 @@ services:
       - "8080:8080"
 
   auth:
-    image: quay.io/oauth2-proxy/oauth2-proxy:v7.2.1
+    image: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0
     container_name: radix-auth_container
     environment:
       # See the `radixconfig.yaml` file for a description of these settings
@@ -49,6 +49,7 @@ services:
       - OAUTH2_PROXY_EMAIL_DOMAINS=*
       - OAUTH2_PROXY_HTTP_ADDRESS=http://:8000
       - OAUTH2_PROXY_OIDC_ISSUER_URL=https://login.microsoftonline.com/3aa4a235-b6e2-48d5-9195-7fcf05b459b0/v2.0
+      - OAUTH2_PROXY_SKIP_CLAIMS_FROM_PROFILE_URL=true
       - OAUTH2_PROXY_PASS_ACCESS_TOKEN=true
       - OAUTH2_PROXY_PASS_BASIC_AUTH=false
       - OAUTH2_PROXY_PASS_USER_HEADERS=false
diff --git a/docker-compose.yml b/docker-compose.yml
index a0b97bf3c..3499e26a0 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -41,7 +41,7 @@ services:
       - "8080:8080"
 
   auth:
-    image: quay.io/oauth2-proxy/oauth2-proxy:v7.2.1
+    image: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0
     container_name: radix-auth_container
     environment:
       # See the `radixconfig.yaml` file for a description of these settings
@@ -53,6 +53,7 @@ services:
       - OAUTH2_PROXY_EMAIL_DOMAINS=*
       - OAUTH2_PROXY_HTTP_ADDRESS=http://:8000
       - OAUTH2_PROXY_OIDC_ISSUER_URL=https://login.microsoftonline.com/3aa4a235-b6e2-48d5-9195-7fcf05b459b0/v2.0
+      - OAUTH2_PROXY_SKIP_CLAIMS_FROM_PROFILE_URL=true
       - OAUTH2_PROXY_PASS_ACCESS_TOKEN=true
       - OAUTH2_PROXY_PASS_BASIC_AUTH=false
       - OAUTH2_PROXY_PASS_USER_HEADERS=false
diff --git a/radixconfig.yaml b/radixconfig.yaml
index 60aabdb6c..7d7d1e7e0 100644
--- a/radixconfig.yaml
+++ b/radixconfig.yaml
@@ -38,7 +38,7 @@ spec:
         - DYNATRACE_API_TOKEN # Token to use for display of availability metrics
         - OAUTH2_CLIENT_ID # Azure Application ID
     - name: auth
-      image: quay.io/oauth2-proxy/oauth2-proxy:v7.2.1 # see https://github.com/oauth2-proxy/oauth2-proxy/blob/master/docs/docs/configuration/overview.md
+      image: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0 # see https://github.com/oauth2-proxy/oauth2-proxy/blob/master/docs/docs/configuration/overview.md
       ports:
         - name: http
           port: 8000
@@ -63,6 +63,7 @@ spec:
         OAUTH2_PROXY_EMAIL_DOMAINS: "*" # Any email address registered in AD should be accepted
         OAUTH2_PROXY_HTTP_ADDRESS: "http://:8000" # The port oauth2_proxy listens on
         OAUTH2_PROXY_OIDC_ISSUER_URL: "https://login.microsoftonline.com/3aa4a235-b6e2-48d5-9195-7fcf05b459b0/v2.0" # That's the Equinor tenant ID
+        OAUTH2_PROXY_SKIP_CLAIMS_FROM_PROFILE_URL: "true"
         OAUTH2_PROXY_PASS_ACCESS_TOKEN: "true" # Pass the access token upstream (to the proxy component)
         OAUTH2_PROXY_PASS_BASIC_AUTH: "false" # Disable unused default
         OAUTH2_PROXY_PASS_USER_HEADERS: "false" # Disable unused default
diff --git a/src/components/configure-application-github/index.tsx b/src/components/configure-application-github/index.tsx
index f3ee5e88c..2d2ec0a8c 100644
--- a/src/components/configure-application-github/index.tsx
+++ b/src/components/configure-application-github/index.tsx
@@ -28,6 +28,7 @@ import {
 import { pollingInterval } from '../../store/defaults';
 import { handlePromiseWithToast } from '../global-top-nav/styled-toaster';
 import { getFetchErrorMessage } from '../../store/utils';
+import { ScrimPopup } from '../scrim-popup';
 
 const radixZoneDNS = configVariables.RADIX_CLUSTER_BASE;
 
@@ -53,7 +54,8 @@ export const ConfigureApplicationGithub = ({
   const isExpanded = !!startVisible;
   const webhookURL = `https://webhook.${radixZoneDNS}/events/github?appName=${app.name}`;
   const [useOtherCiTool, setUseOtherCiTool] = useState(false);
-
+  const [visibleRegenerateScrim, setVisibleRegenerateScrim] =
+    useState<boolean>(false);
   const [regenerateSecrets, { isLoading, error }] =
     useRegenerateDeployKeyMutation();
   const { data: secrets, refetch: refetchSecrets } =
@@ -63,13 +65,14 @@ export const ConfigureApplicationGithub = ({
     );
 
   const onRegenerate = handlePromiseWithToast(async () => {
+    setVisibleRegenerateScrim(false);
     await regenerateSecrets({
       appName: app.name,
       regenerateDeployKeyAndSecretData: { sharedSecret: nanoid() },
     }).unwrap();
     await refetchSecrets();
     await refetch?.();
-  });
+  }, 'Successfully re-generated deploy key and webhook secret');
 
   return (
     <div className="configure-application-github grid grid--gap-medium">
@@ -130,9 +133,40 @@ export const ConfigureApplicationGithub = ({
                         <Progress.Circular size={16} /> Regenerating…
                       </>
                     ) : (
-                      <Button onClick={onRegenerate}>
-                        Regenerate deploy key and webhook secret
-                      </Button>
+                      <>
+                        <ScrimPopup
+                          title={`Warning`}
+                          open={!!visibleRegenerateScrim}
+                          onClose={() => setVisibleRegenerateScrim(false)}
+                          isDismissable
+                        >
+                          <div className="grid grid--gap-medium grid--auto-columns regenerate-content">
+                            <div className="regenerate-options">
+                              <Typography>
+                                Do you want to <strong>re-generate</strong>{' '}
+                                deploy key and webhook secret?
+                              </Typography>
+                              <Typography>
+                                New deploy key and webhook secret need to be put
+                                to the GitHub repository settings
+                              </Typography>
+                            </div>
+
+                            <Button.Group>
+                              <Button onClick={onRegenerate}>Rerun</Button>
+                              <Button
+                                variant="outlined"
+                                onClick={() => setVisibleRegenerateScrim(false)}
+                              >
+                                Cancel
+                              </Button>
+                            </Button.Group>
+                          </div>
+                        </ScrimPopup>
+                        <Button onClick={() => setVisibleRegenerateScrim(true)}>
+                          Re-generate deploy key and webhook secret
+                        </Button>
+                      </>
                     )}
                   </div>
                 </div>
diff --git a/src/components/configure-application-github/style.css b/src/components/configure-application-github/style.css
index 6b78d972b..1fed62dfd 100644
--- a/src/components/configure-application-github/style.css
+++ b/src/components/configure-application-github/style.css
@@ -34,3 +34,19 @@
     filter: invert(0);
   }
 }
+
+.regenerate-content {
+  padding: var(--eds_spacing_medium);
+  padding-top: 0;
+  overflow: auto;
+}
+@media (min-width: 150rem) {
+  .regenerate-content {
+    margin: auto;
+  }
+}
+
+.regenerate-options {
+  margin-top: auto;
+  margin-bottom: auto;
+}
diff --git a/src/components/page-active-component/external-dns.tsx b/src/components/page-active-component/external-dns.tsx
index 48e3f1f67..3f1d07a50 100644
--- a/src/components/page-active-component/external-dns.tsx
+++ b/src/components/page-active-component/external-dns.tsx
@@ -143,6 +143,9 @@ export const ExternalDNSAccordion: FunctionComponent<{
               <ExternalDNSList
                 externalDnsList={externalDNSList}
                 onItemClick={(v) => {
+                  if (v.tls.useAutomation) {
+                    return;
+                  }
                   setSelectedExternalDns(v);
                   setVisibleScrim(true);
                 }}