diff --git a/cesnet-central/deployments/fullhub.yaml b/cesnet-central/deployments/fullhub.yaml
index 95107322cf2619bbe4f80af3089434d0b56d4c50..73a29ad1ebbfbde26c6639f74f459fc7ccf2e590 100644
--- a/cesnet-central/deployments/fullhub.yaml
+++ b/cesnet-central/deployments/fullhub.yaml
@@ -104,27 +104,21 @@ hub:
       # - cesnet/playbooks/templates/binder.yaml
       # - documentation/content/en/users/dev-env/notebooks/_index.md
       allowed_groups:
-        - urn:mace:egi.eu:group:vo.access.egi.eu:role=member#aai.egi.eu
-        - urn:mace:egi.eu:group:vo.notebooks.egi.eu:role=member#aai.egi.eu
-        - urn:mace:egi.eu:www.egi.eu:fedcloud-users:member@egi.eu
-        - urn:mace:egi.eu:www.egi.eu:techsolutions:member@egi.eu
-          # changed 2022-10
-        - urn:mace:egi.eu:group:fedcloud-users#sso.egi.eu
-        - urn:mace:egi.eu:group:supplier-notebooks#sso.egi.eu
-        - urn:mace:egi.eu:group:techsolutions#sso.egi.eu
-        - urn:mace:egi.eu:group:notebooks-support#sso.egi.eu
+        - urn:geant:eosc-federation.eu:testing:group:eosc#testing.eosc-federation.eu
       auto_login: true
-      claim_groups_key: "eduperson_entitlement"
+      claim_groups_key: "entitlements"
     EGICheckinAuthenticator:
       checkin_host: "{{ secret['checkin_host'] }}"
-      authorize_url: "https://{{ secret['checkin_host'] }}/auth/realms/egi/protocol/openid-connect/auth"
-      token_url: "https://{{ secret['checkin_host'] }}/auth/realms/egi/protocol/openid-connect/token"
-      userdata_url: "https://{{ secret['checkin_host'] }}/auth/realms/egi/protocol/openid-connect/userinfo"
+      authorize_url: "https://{{ secret['checkin_host'] }}/OIDC/authorization"
+      token_url: "https://{{ secret['checkin_host'] }}/OIDC/token"
+      userdata_url: "https://{{ secret['checkin_host'] }}/OIDC/userinfo"
       client_id: "{{ secret['client_id'] }}"
       client_secret: "{{ secret['client_secret'] }}"
       oauth_callback_url: "https://fullhub.eosc.zcu.cz/hub/oauth_callback"
-      scope: ["openid", "profile", "email", "offline_access", "eduperson_scoped_affiliation", "eduperson_entitlement"]
+      scope: ["openid", "profile", "email", "offline_access", "entitlements"]
       username_key: "sub"
+      extra_authorize_params:
+        prompt: consent
     JupyterHub:
       admin_access: true
       authenticate_prometheus: false