diff --git a/grafana/files/grafana.ini b/grafana/files/grafana.ini
index b7dbd33..6d48fad 100644
--- a/grafana/files/grafana.ini
+++ b/grafana/files/grafana.ini
@@ -126,16 +126,17 @@ provider_config = addr={{ server.session.get('host', '127.0.0.1') }}:{{ server.s
 #################################### Users ####################################
 [users]
 # disable user signup / registration
-;allow_sign_up = true
+allow_sign_up = {{ server.get('users', {}).get('sign_up', True)|lower }}
 
 # Allow non admin users to create organizations
-;allow_org_create = true
+allow_org_create = {{ server.get('users', {}).get('org_create', True)|lower }}
 
 # Set to true to automatically assign new users to the default organization (id 1)
 ;auto_assign_org = true
 
 # Default role new users will be automatically assigned (if disabled above is set to true)
 ;auto_assign_org_role = Viewer
+auto_assign_org_role = {{ server.get('users', {}).get('auto_assign_role', 'Viewer') }}
 
 #################################### Anonymous Auth ##########################
 [auth.anonymous]
@@ -177,14 +178,18 @@ provider_config = addr={{ server.session.get('host', '127.0.0.1') }}:{{ server.s
 [auth.proxy]
 {%- if server.get('auth', {}).get('engine', None) == 'proxy' %}
 enabled = true
-header_name = {{ server.auth.get('header', 'X-REMOTE-USER') }}
+header_name = {{ server.auth.get('header', 'X-Forwarded-User') }}
 header_property = {{ server.auth.get('header_property', 'username') }}
 auto_sign_up = true
 {%- endif %}
 
 #################################### Basic Auth ##########################
 [auth.basic]
-;enabled = true
+{%- if server.get('auth', {}).get('engine', 'basic') != 'basic' %}
+enabled = false
+{%- else %}
+enabled = true
+{%- endif %}
 
 #################################### Auth LDAP ##########################
 [auth.ldap]