diff --git a/.vscode/settings.json b/.vscode/settings.json
index f41e8dcb..098ff514 100644
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -13,8 +13,8 @@
   },
   "[typescript]": {
     "editor.codeActionsOnSave": {
-      "source.fixAll": true,
-      "source.organizeImports": true
+      "source.fixAll": "explicit",
+      "source.organizeImports": "explicit"
     },
     "editor.defaultFormatter": "dbaeumer.vscode-eslint"
   },
@@ -22,7 +22,7 @@
     "editor.defaultFormatter": "esbenp.prettier-vscode"
   },
   "editor.codeActionsOnSave": {
-    "source.fixAll": true
+    "source.fixAll": "explicit"
   },
   "editor.defaultFormatter": "dbaeumer.vscode-eslint",
   "editor.formatOnSave": true,
diff --git a/src/tasks/harbor/harbor.ts b/src/tasks/harbor/harbor.ts
index 2e841c20..ef7246ac 100644
--- a/src/tasks/harbor/harbor.ts
+++ b/src/tasks/harbor/harbor.ts
@@ -24,8 +24,10 @@ import {
   HARBOR_BASE_URL,
   HARBOR_PASSWORD,
   HARBOR_USER,
+  OIDC_AUTO_ONBOARD,
   OIDC_CLIENT_SECRET,
   OIDC_ENDPOINT,
+  OIDC_USER_CLAIM,
   OIDC_VERIFY_CERT,
   TEAM_IDS,
   cleanEnv,
@@ -36,6 +38,8 @@ const env = cleanEnv({
   HARBOR_BASE_REPO_URL,
   HARBOR_PASSWORD,
   HARBOR_USER,
+  OIDC_USER_CLAIM,
+  OIDC_AUTO_ONBOARD,
   OIDC_CLIENT_SECRET,
   OIDC_ENDPOINT,
   OIDC_VERIFY_CERT,
@@ -93,8 +97,8 @@ const config: any = {
   oidc_name: 'otomi',
   oidc_scope: 'openid',
   oidc_verify_cert: env.OIDC_VERIFY_CERT,
-  oidc_user_claim: 'otomi',
-  oidc_auto_onboard: true,
+  oidc_user_claim: env.OIDC_USER_CLAIM,
+  oidc_auto_onboard: env.OIDC_AUTO_ONBOARD,
   project_creation_restriction: 'adminonly',
   robot_name_prefix: robotPrefix,
   self_registration: false,
diff --git a/src/validators.ts b/src/validators.ts
index 6763635b..9d48ea58 100644
--- a/src/validators.ts
+++ b/src/validators.ts
@@ -64,6 +64,8 @@ export const NODE_TLS_REJECT_UNAUTHORIZED = bool({ default: true })
 export const OIDC_CLIENT_SECRET = str({ desc: 'The OIDC client secret used by keycloak to access the IDP' })
 export const OIDC_ENDPOINT = str({ desc: 'The OIDC endpoint used by keycloak to access the IDP' })
 export const OIDC_VERIFY_CERT = bool({ desc: 'Wether to validate the OIDC endpoint cert', default: true })
+export const OIDC_USER_CLAIM = str({ desc: 'Claim name containing username values', default: 'email' })
+export const OIDC_AUTO_ONBOARD = bool({ desc: 'Wether users should be automatically onboarded', default: true })
 export const OTOMI_VALUES = json({ desc: 'The main values such as cluster.* otomi.* teamConfig.*', default: {} })
 export const OTOMI_SCHEMA_PATH = str({ desc: 'The path to the values-schema.yaml schema file' })
 export const OTOMI_ENV_DIR = str({ desc: 'The path to the otomi-values folder' })