diff --git a/addons/aldryn-sso/addon.json b/addons/aldryn-sso/addon.json
new file mode 100644
index 0000000..a14ed8f
--- /dev/null
+++ b/addons/aldryn-sso/addon.json
@@ -0,0 +1,4 @@
+{
+    "installed-apps": [], 
+    "package-name": "aldryn-sso"
+}
\ No newline at end of file
diff --git a/addons/aldryn-sso/aldryn_config.py b/addons/aldryn-sso/aldryn_config.py
new file mode 100644
index 0000000..0a7b7df
--- /dev/null
+++ b/addons/aldryn-sso/aldryn_config.py
@@ -0,0 +1,134 @@
+# -*- coding: utf-8 -*-
+from aldryn_client import forms
+
+
+class Form(forms.BaseForm):
+    hide_user_management = forms.CheckboxField(
+        'Hide user management',
+        required=False,
+        initial=False,
+    )
+
+    def to_settings(self, data, settings):
+        from functools import partial
+        from django.core.urlresolvers import reverse_lazy
+        from aldryn_addons.exceptions import ImproperlyConfigured
+        from aldryn_addons.utils import boolean_ish
+        from aldryn_addons.utils import djsenv
+
+        def boolean_ish_or(value, or_values=()):
+            if value in or_values:
+                return value
+            return boolean_ish(value)
+
+        env = partial(djsenv, settings=settings)
+
+        settings['ALDRYN_SSO_HIDE_USER_MANAGEMENT'] = data['hide_user_management']
+
+        # if the SSO button is the only configured login option: redirect right
+        # to the login without showing the page.
+        settings['ALDRYN_SSO_ENABLE_AUTO_SSO_LOGIN'] = boolean_ish(
+            env('ALDRYN_SSO_ENABLE_AUTO_SSO_LOGIN', True)
+        )
+
+        settings['SSO_DSN'] = env('SSO_DSN')
+
+        settings['LOGIN_REDIRECT_URL'] = '/'
+
+        settings['ALDRYN_SSO_ENABLE_SSO_LOGIN'] = boolean_ish(
+            env(
+                'ALDRYN_SSO_ENABLE_SSO_LOGIN',
+                default=boolean_ish(settings['SSO_DSN']),
+            )
+        )
+
+        settings['ALDRYN_SSO_ENABLE_LOGIN_FORM'] = boolean_ish(
+            env(
+                'ALDRYN_SSO_ENABLE_LOGIN_FORM',
+                default=not settings['ALDRYN_SSO_HIDE_USER_MANAGEMENT'],
+            )
+        )
+
+        settings['ALDRYN_SSO_ENABLE_LOCALDEV'] = boolean_ish(
+            env(
+                'ALDRYN_SSO_ENABLE_LOCALDEV',
+                default=env('STAGE') == 'local',
+            )
+        )
+
+        settings['ALDRYN_SSO_ALWAYS_REQUIRE_LOGIN'] = boolean_ish_or(
+            env(
+                'ALDRYN_SSO_ALWAYS_REQUIRE_LOGIN',
+                default=env('STAGE') == 'test',
+            ),
+            or_values=(
+                'basicauth',
+            )
+        )
+
+        settings['ALDRYN_SSO_LOGIN_WHITE_LIST'] = env(
+            'ALDRYN_SSO_LOGIN_WHITE_LIST',
+            default=[]
+        )
+
+        settings['ADDON_URLS'].append('aldryn_sso.urls')
+        settings['ADDON_URLS_I18N'].append('aldryn_sso.urls_i18n')
+
+        # aldryn_sso must be after django.contrib.admin so it can unregister
+        # the User/Group Admin if necessary.
+        settings['INSTALLED_APPS'].insert(
+            settings['INSTALLED_APPS'].index('django.contrib.admin'),
+            'aldryn_sso'
+        )
+
+        if settings['ALDRYN_SSO_ENABLE_SSO_LOGIN']:
+            # Expire user session every day because:
+            # Users can change their data on the SSO server.
+            # We cannot do a sync of "recently changed" user data due to these reasons:
+            # - security risk, leaking user data to unauthorized websites,
+            # - it would require some periodic tasks (celery?),
+            # - stage websites are being paused during which the sync wouldn't work
+            settings['CLOUD_USER_SESSION_EXPIRATION'] = 24 * 60 * 60  # 24h = 1day
+            if not settings['SSO_DSN']:
+                raise ImproperlyConfigured(
+                    'ALDRYN_SSO_ENABLE_SSO_LOGIN is True, but no SSO_DSN is set.')
+        if settings['ALDRYN_SSO_ALWAYS_REQUIRE_LOGIN'] == 'basicauth':
+            basicauth_user = env('ALDRYN_SSO_BASICAUTH_USER')
+            basicauth_password = env('ALDRYN_SSO_BASICAUTH_PASSWORD')
+            if basicauth_user and basicauth_password:
+                settings['ALDRYN_SSO_BASICAUTH_USER'] = basicauth_user
+                settings['ALDRYN_SSO_BASICAUTH_PASSWORD'] = basicauth_password
+            else:
+                raise ImproperlyConfigured(
+                    'ALDRYN_SSO_ALWAYS_REQUIRE_LOGIN set to "basicauth", but ALDRYN_SSO_BASICAUTH_USER and ALDRYN_SSO_BASICAUTH_PASSWORD not set'
+                )
+            position = settings['MIDDLEWARE_CLASSES'].index('django.contrib.auth.middleware.AuthenticationMiddleware') + 1
+            settings['MIDDLEWARE_CLASSES'].insert(position, 'aldryn_sso.middleware.BasicAuthAccessControlMiddleware')
+        elif settings['ALDRYN_SSO_ALWAYS_REQUIRE_LOGIN']:
+            position = settings['MIDDLEWARE_CLASSES'].index('django.contrib.auth.middleware.AuthenticationMiddleware') + 1
+            settings['MIDDLEWARE_CLASSES'].insert(position, 'aldryn_sso.middleware.AccessControlMiddleware')
+            settings['ALDRYN_SSO_LOGIN_WHITE_LIST'].extend([
+                reverse_lazy('simple-sso-login'),
+                reverse_lazy('aldryn_sso_login'),
+                reverse_lazy('aldryn_sso_localdev_login'),
+                reverse_lazy('aldryn_localdev_create_user'),
+            ])
+
+        if settings['ALDRYN_SSO_ALWAYS_REQUIRE_LOGIN']:
+            settings['SHARING_VIEW_ONLY_TOKEN_KEY_NAME'] = env('SHARING_VIEW_ONLY_TOKEN_KEY_NAME')
+            settings['SHARING_VIEW_ONLY_SECRET_TOKEN'] = env('SHARING_VIEW_ONLY_SECRET_TOKEN')
+
+        settings['ALDRYN_SSO_OVERIDE_ADMIN_LOGIN_VIEW'] = env(
+            'ALDRYN_SSO_OVERIDE_ADMIN_LOGIN_VIEW',
+                any([
+                settings['ALDRYN_SSO_ENABLE_SSO_LOGIN'],
+                settings['ALDRYN_SSO_ENABLE_LOGIN_FORM'],
+                settings['ALDRYN_SSO_ENABLE_LOCALDEV'],
+            ])
+        )
+
+        if settings['ALDRYN_SSO_OVERIDE_ADMIN_LOGIN_VIEW']:
+            # configure our combined login view to be the default
+            settings['LOGIN_URL'] = 'aldryn_sso_login'
+            # see admin.py for how we force admin to use this view as well
+        return settings
diff --git a/addons/aldryn-sso/settings.json b/addons/aldryn-sso/settings.json
new file mode 100644
index 0000000..ee9951b
--- /dev/null
+++ b/addons/aldryn-sso/settings.json
@@ -0,0 +1,3 @@
+{
+    "hide_user_management": false
+}
\ No newline at end of file
diff --git a/requirements.in b/requirements.in
index 40b9338..7e0cbd6 100644
--- a/requirements.in
+++ b/requirements.in
@@ -1,2 +1,3 @@
 # <INSTALLED_ADDONS>  # Warning: text inside the INSTALLED_ADDONS tags is auto-generated. Manual changes will be overwritten.
+https://control.divio.com/api/v1/apps/serve/aldryn-sso/1.1.16/dbe0c45a-c981-4beb-8624-b0d2c4196aa0/aldryn-sso-1.1.16.tar.gz#egg=aldryn-sso==1.1.16
 # </INSTALLED_ADDONS>
diff --git a/settings.py b/settings.py
index 52e1e02..cfe36f4 100644
--- a/settings.py
+++ b/settings.py
@@ -1,10 +1,9 @@
 # -*- coding: utf-8 -*-
 
 INSTALLED_ADDONS = [
-    # <INSTALLED_ADDONS>  # Warning: this is auto-generated. Manual changes will be overwritten.
-    'aldryn-addons',
-    'aldryn-django',
-    # </INSTALLED_ADDONS>'
+    # <INSTALLED_ADDONS>  # Warning: text inside the INSTALLED_ADDONS tags is auto-generated. Manual changes will be overwritten.
+    'aldryn-sso',
+    # </INSTALLED_ADDONS>
 ]
 
 import aldryn_addons.settings