diff --git a/config/settings.yml b/config/settings.yml
index 602c9c0e2..e759be67a 100644
--- a/config/settings.yml
+++ b/config/settings.yml
@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2022 Gregor Kleen <gregor.kleen@ifi.lmu.de>,Sarah Vaupel <sarah.vaupel@ifi.lmu.de>,Steffen Jost <jost@tcs.ifi.lmu.de>,Wolfgang Witt <Wolfgang.Witt@campus.lmu.de>
+# SPDX-FileCopyrightText: 2022-2024 Sarah Vaupel <sarah.vaupel@uniworx.de>, Gregor Kleen <gregor.kleen@ifi.lmu.de>, Sarah Vaupel <sarah.vaupel@ifi.lmu.de>, Steffen Jost <jost@tcs.ifi.lmu.de>, Wolfgang Witt <Wolfgang.Witt@campus.lmu.de>
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 
@@ -131,20 +131,30 @@ database:
 
 auto-db-migrate: '_env:AUTO_DB_MIGRATE:true'
 
-ldap:
-  - host:    "_env:LDAPHOST:"
-    tls:     "_env:LDAPTLS:"
-    port:    "_env:LDAPPORT:389"
-    user:    "_env:LDAPUSER:"
-    pass:    "_env:LDAPPASS:"
-    baseDN:  "_env:LDAPBASE:"
-    scope:   "_env:LDAPSCOPE:WholeSubtree"
-    timeout: "_env:LDAPTIMEOUT:5"
-    search-timeout: "_env:LDAPSEARCHTIME:5"
-    pool:
-      stripes: "_env:LDAPSTRIPES:1"
-      timeout: "_env:LDAPTIMEOUT:20"
-      limit:   "_env:LDAPLIMIT:10"
+# External databases used for authentication and user data lookup
+# If the first user database in the list is unreachable, the application will perform a failover to the next list entry, etc.
+user-databases:
+  - protocol: "oauth2"
+    config:
+      client-id: "_env:OAUTH2CLIENTID:"
+      client-secret: "_env:OAUTH2CLIENTSECRET:"
+      tenant-id: "_env:OAUTH2TENANTID:"
+      scopes: "_env:OAUTH2SCOPES:"
+  - protocol: "ldap"
+    config:
+      host:    "_env:LDAPHOST:"
+      tls:     "_env:LDAPTLS:"
+      port:    "_env:LDAPPORT:389"
+      user:    "_env:LDAPUSER:"
+      pass:    "_env:LDAPPASS:"
+      baseDN:  "_env:LDAPBASE:"
+      scope:   "_env:LDAPSCOPE:WholeSubtree"
+      timeout: "_env:LDAPTIMEOUT:5"
+      search-timeout: "_env:LDAPSEARCHTIME:5"
+      pool:
+        stripes: "_env:LDAPSTRIPES:1"
+        timeout: "_env:LDAPTIMEOUT:20"
+        limit:   "_env:LDAPLIMIT:10"
 
 ldap-re-test-failover: 60