diff --git a/.gitignore b/.gitignore
index 387fdb8..0e96da2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,22 +1,23 @@
-*.class
-
-# Mobile Tools for Java (J2ME)
-.mtj.tmp/
-
-# Package Files #
-*.jar
-*.war
-*.ear
-
-# virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
-hs_err_pid*
-
-# JetBrains Files
-.idea
-*.iml
-
-/target/
-
-.classpath
-.settings
-.project
+*.class
+
+# Mobile Tools for Java (J2ME)
+.mtj.tmp/
+
+# Package Files #
+*.jar
+*.war
+*.ear
+
+# virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
+hs_err_pid*
+
+# JetBrains Files
+.idea
+*.iml
+
+/target/
+
+.classpath
+.settings
+.project
+.factorypath
diff --git a/pom.xml b/pom.xml
index 4b494aa..f2a5d7a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -33,6 +33,14 @@
       <artifactId>cibseven-bpm-spring-boot-starter-rest</artifactId>
       <version>${cibseven.version}</version>
     </dependency>
+    
+    <!-- LDAP Identity Plugin -->
+    <dependency>
+      <groupId>org.cibseven.bpm.identity</groupId>
+      <artifactId>cibseven-identity-ldap</artifactId>
+      <version>${cibseven.version}</version>
+    </dependency>
+    
     <dependency>
       <groupId>com.h2database</groupId>
       <artifactId>h2</artifactId>
@@ -42,6 +50,11 @@
       <artifactId>jaxb-impl</artifactId>
       <version>4.0.3</version>
     </dependency>
+    <dependency>
+    	<groupId>org.springframework.boot</groupId>
+    	<artifactId>spring-boot-configuration-processor</artifactId>
+    	<optional>true</optional>
+    </dependency>
   </dependencies>
 
    <build>
diff --git a/src/main/java/org/cibseven/getstarted/loanapproval/FilterConfiguration.java b/src/main/java/org/cibseven/getstarted/ldap/admin/plugin/FilterConfiguration.java
similarity index 97%
rename from src/main/java/org/cibseven/getstarted/loanapproval/FilterConfiguration.java
rename to src/main/java/org/cibseven/getstarted/ldap/admin/plugin/FilterConfiguration.java
index d50120d..0fa49bd 100644
--- a/src/main/java/org/cibseven/getstarted/loanapproval/FilterConfiguration.java
+++ b/src/main/java/org/cibseven/getstarted/ldap/admin/plugin/FilterConfiguration.java
@@ -1,4 +1,4 @@
-package org.cibseven.getstarted.loanapproval;
+package org.cibseven.getstarted.ldap.admin.plugin;
 
 import org.cibseven.bpm.engine.rest.security.auth.ProcessEngineAuthenticationFilter;
 import org.springframework.boot.autoconfigure.web.servlet.JerseyApplicationPath;
diff --git a/src/main/java/org/cibseven/getstarted/ldap/admin/plugin/WebappExampleProcessApplication.java b/src/main/java/org/cibseven/getstarted/ldap/admin/plugin/WebappExampleProcessApplication.java
new file mode 100644
index 0000000..72c844d
--- /dev/null
+++ b/src/main/java/org/cibseven/getstarted/ldap/admin/plugin/WebappExampleProcessApplication.java
@@ -0,0 +1,61 @@
+package org.cibseven.getstarted.ldap.admin.plugin;
+
+import org.cibseven.bpm.engine.RuntimeService;
+import org.cibseven.bpm.engine.impl.plugin.AdministratorAuthorizationPlugin;
+import org.cibseven.bpm.identity.impl.ldap.plugin.LdapIdentityProviderPlugin;
+import org.cibseven.bpm.spring.boot.starter.annotation.EnableProcessApplication;
+import org.cibseven.bpm.spring.boot.starter.event.PostDeployEvent;
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.event.EventListener;
+
+@SpringBootApplication
+@EnableProcessApplication
+public class WebappExampleProcessApplication {
+  
+  private static final String LDAP_PREFIX = "camunda.bpm.run.ldap";
+  private static final String ADMIN_PREFIX = "camunda.bpm.run.admin-auth";
+
+  @Bean
+  @ConditionalOnProperty(name = "enabled", havingValue = "true", prefix = ADMIN_PREFIX)
+  @ConfigurationProperties(prefix = ADMIN_PREFIX)
+  public AdministratorAuthorizationPlugin administratorAuthorizationPlugin() {
+    return new AdministratorAuthorizationPlugin();
+  }
+
+  @Bean
+  @ConfigurationProperties(prefix = LDAP_PREFIX)
+  @ConditionalOnProperty(name = "enabled", havingValue = "true", prefix = LDAP_PREFIX)
+  public LdapIdentityProviderPlugin ldapIdentityProviderPlugin() {
+    return new LdapIdentityProviderPlugin();
+  }
+  
+  /**
+   * The dependencies of some of the beans in the application context form a cycle:
+┌─────┐
+|  webappExampleProcessApplication (field private org.cibseven.bpm.engine.RuntimeService org.cibseven.getstarted.ldap.admin.plugin.WebappExampleProcessApplication.runtimeService)
+↑     ↓
+|  org.cibseven.bpm.engine.spring.SpringProcessEngineServicesConfiguration (field private org.cibseven.bpm.engine.ProcessEngine org.cibseven.bpm.engine.spring.SpringProcessEngineServicesConfiguration.processEngine)
+↑     ↓
+|  org.cibseven.bpm.spring.boot.starter.CamundaBpmAutoConfiguration$ProcessEngineConfigurationImplDependingConfiguration (field protected org.cibseven.bpm.engine.impl.cfg.ProcessEngineConfigurationImpl org.cibseven.bpm.spring.boot.starter.CamundaBpmAutoConfiguration$ProcessEngineConfigurationImplDependingConfiguration.processEngineConfigurationImpl)
+↑     ↓
+|  processEngineConfigurationImpl defined in class path resource [org/cibseven/bpm/spring/boot/starter/CamundaBpmConfiguration.class]
+└─────┘
+   */
+//  @Autowired
+//  private RuntimeService runtimeService;
+
+  public static void main(String... args) {
+    SpringApplication.run(WebappExampleProcessApplication.class, args);
+  }
+  
+  @EventListener
+  public void processPostDeploy(PostDeployEvent event) {
+    RuntimeService runtimeService = event.getProcessEngine().getRuntimeService();
+    runtimeService.startProcessInstanceByKey("loanApproval");
+  }
+
+}
\ No newline at end of file
diff --git a/src/main/java/org/cibseven/getstarted/loanapproval/WebappExampleProcessApplication.java b/src/main/java/org/cibseven/getstarted/loanapproval/WebappExampleProcessApplication.java
deleted file mode 100644
index ce61ee4..0000000
--- a/src/main/java/org/cibseven/getstarted/loanapproval/WebappExampleProcessApplication.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Copyright Camunda Services GmbH and/or licensed to Camunda Services GmbH
- * under one or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information regarding copyright
- * ownership. Camunda licenses this file to you under the Apache License,
- * Version 2.0; you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.cibseven.getstarted.loanapproval;
-
-import org.cibseven.bpm.engine.RuntimeService;
-import org.cibseven.bpm.spring.boot.starter.annotation.EnableProcessApplication;
-import org.cibseven.bpm.spring.boot.starter.event.PostDeployEvent;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.SpringApplication;
-import org.springframework.boot.autoconfigure.SpringBootApplication;
-import org.springframework.context.event.EventListener;
-
-@SpringBootApplication
-@EnableProcessApplication
-public class WebappExampleProcessApplication {
-
-  @Autowired
-  private RuntimeService runtimeService;
-
-  public static void main(String... args) {
-    SpringApplication.run(WebappExampleProcessApplication.class, args);
-  }
-
-  @EventListener
-  public void processPostDeploy(PostDeployEvent event) {
-    runtimeService.startProcessInstanceByKey("loanApproval");
-  }
-
-}
\ No newline at end of file
diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml
index 820dc3c..37c81bb 100644
--- a/src/main/resources/application.yaml
+++ b/src/main/resources/application.yaml
@@ -5,6 +5,39 @@ camunda.bpm:
     firstName: Demo
   filter:
     create: All tasks
+  run:
+# https://docs.cibseven.org/manual/latest/user-guide/process-engine/identity-service/#configuration-properties-of-the-ldap-plugin
+# https://docs.cibseven.org/manual/latest/user-guide/cibseven-run/#ldap-identity-service
+# Uncomment this section to enable LDAP support for CIB seven Run
+#    ldap:
+#      enabled: true
+#      server-url: ldaps://localhost:4334
+#      accept-untrusted-certificates: false
+#      manager-dn: uid=jonny,ou=office,o=cibseven,c=org
+#      manager-password: s3cr3t
+#      base-dn: o=camunda,c=org
+#      user-search-base: ''
+#      user-search-filter: (objectclass=person)
+#      user-id-attribute: uid
+#      user-firstname-attribute: cn
+#      user-lastname-attribute: sn
+#      user-email-ttribute: mail
+#      user-password-attribute: userpassword
+#      group-search-base: ''
+#      group-search-filter: (objectclass=groupOfNames)
+#      group-id-attribute: cn
+#      group-name-attribute: cn
+#      group-member-attribute: member
+#      sort-control-supported: false
+# https://docs.cibseven.org/manual/latest/user-guide/process-engine/authorization-service/#the-administrator-authorization-plugin
+# https://docs.cibseven.org/manual/latest/user-guide/cibseven-run/#ldap-administrator-authorization
+# Uncomment this section to grant administrator authorizations to an existing LDAP user or group
+#    admin-auth:
+#      enabled: true
+#      administrator-user-name: admin
+#      administrator-group-name: admins
+#  authorization:
+#    enabled: true # Required for authorization plugin to work
 
 spring:
   config: