diff --git a/docker-compose.yml b/docker-compose.yml
index e82f46e..ae35888 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -4,8 +4,23 @@
 version: "2"
 
 services:
+
+    identity:
+        image: alfresco/alfresco-identity-service:1.3
+        user: jboss
+        environment:
+            KEYCLOAK_USER: admin
+            KEYCLOAK_PASSWORD: admin
+            KEYCLOAK_HOSTNAME: ${PROXY_HOST}
+            KEYCLOAK_IMPORT: /tmp/keycloak-alfresco-realm.json
+            KEYCLOAK_STATISTICS: enabled
+        volumes:
+            - ./keycloak-alfresco-realm.json:/tmp/keycloak-alfresco-realm.json:ro
+    
     proxy:
         build: ./nginx-ingress
-        image: local/nginx-ingress:base
+        image: local/nginx-ingress:aims
         ports:
             - 8080:8080
+        depends_on:
+            - identity
diff --git a/keycloak-alfresco-realm.json b/keycloak-alfresco-realm.json
new file mode 100644
index 0000000..dbbb756
--- /dev/null
+++ b/keycloak-alfresco-realm.json
@@ -0,0 +1,32 @@
+{
+  "realm": "alfresco",
+  "enabled": true,
+  "sslRequired": "external",
+  "registrationAllowed": false,
+  "roles": {
+    "realm": [ {
+      "name": "user",
+      "description": "User privileges"
+    }, {
+      "name": "admin",
+      "description": "Administrator privileges"
+    } ]
+  },
+  "clients": [
+    {
+      "clientId": "alfresco",
+      "name": "Alfresco Products",
+      "enabled": true,
+      "alwaysDisplayInConsole": false,
+      "redirectUris": [
+        "*"
+      ],
+      "publicClient": true,
+      "protocol": "openid-connect",
+      "attributes": {
+        "login_theme": "alfresco"
+      }
+    }
+  ],
+  "requiredCredentials": [ "password" ]
+}
diff --git a/nginx-ingress/entrypoint.sh b/nginx-ingress/entrypoint.sh
index 8bcdeb5..78597ae 100644
--- a/nginx-ingress/entrypoint.sh
+++ b/nginx-ingress/entrypoint.sh
@@ -1,5 +1,9 @@
 #!/bin/sh
 
+if [[ $AIMS_URL ]]; then
+  sed -i s%http:\/\/identity:8080%"$AIMS_URL"%g /etc/nginx/nginx.conf
+fi
+
 if [[ $ACCESS_LOG ]]; then
   sed -i s%\#ENV_ACCESS_LOG%"access_log $ACCESS_LOG;"%g /etc/nginx/nginx.conf
 fi
diff --git a/nginx-ingress/nginx.conf b/nginx-ingress/nginx.conf
index 8124476..329c46e 100644
--- a/nginx-ingress/nginx.conf
+++ b/nginx-ingress/nginx.conf
@@ -25,5 +25,16 @@ http {
         proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
         proxy_pass_header Set-Cookie;
+
+        location / {
+            return 301 $scheme://$http_host/auth;
+        }
+
+        location /auth/ {
+            proxy_pass http://identity:8080;
+
+            # If using external proxy / load balancer (for initial redirect if no trailing slash)
+            absolute_redirect off;
+        }
     }
 }