diff --git a/src/AssociationRegistry.Acm.Api/Constants/Security.cs b/src/AssociationRegistry.Acm.Api/Constants/Security.cs
index 2d14ed3ce..dedf00674 100644
--- a/src/AssociationRegistry.Acm.Api/Constants/Security.cs
+++ b/src/AssociationRegistry.Acm.Api/Constants/Security.cs
@@ -5,11 +5,13 @@ public static class Security
     public static class ClaimTypes
     {
         public const string Scope = "scope";
+        public const string ClientId = "client_id";
     }
 
     public static class Scopes
     {
         public const string ACM = "dv_verenigingsregister_hoofdvertegenwoordigers";
         public const string Info = "vo_info";
+        public const string Admin = "dv_verenigingsregister_beheer";
     }
 }
diff --git a/src/AssociationRegistry.Acm.Api/Infrastructure/ConfigurationBindings/AppSettings.cs b/src/AssociationRegistry.Acm.Api/Infrastructure/ConfigurationBindings/AppSettings.cs
index 602810b38..4dc5934b2 100644
--- a/src/AssociationRegistry.Acm.Api/Infrastructure/ConfigurationBindings/AppSettings.cs
+++ b/src/AssociationRegistry.Acm.Api/Infrastructure/ConfigurationBindings/AppSettings.cs
@@ -1,5 +1,7 @@
 namespace AssociationRegistry.Acm.Api.Infrastructure.ConfigurationBindings;
 
+using System;
+
 public class AppSettings
 {
     private string? _baseUrl;
@@ -11,6 +13,7 @@ public string BaseUrl
     }
 
     public ApiDocsSettings ApiDocs { get; set; } = null!;
+    public string[] SuperAdminClientIds { get; set; } = Array.Empty<string>();
 
     public class ApiDocsSettings
     {
diff --git a/src/AssociationRegistry.Acm.Api/Program.cs b/src/AssociationRegistry.Acm.Api/Program.cs
index 54e773a28..8a883a3e4 100755
--- a/src/AssociationRegistry.Acm.Api/Program.cs
+++ b/src/AssociationRegistry.Acm.Api/Program.cs
@@ -320,11 +320,19 @@ private static void ConfigureServices(WebApplicationBuilder builder)
                                                           .AllowCredentials());
                     })
                .AddControllersAsServices()
-               .AddAuthorization(
-                    options =>
-                        options.DefaultPolicy = new AuthorizationPolicyBuilder()
-                                               .RequireClaim(Security.ClaimTypes.Scope, Security.Scopes.ACM)
-                                               .Build())
+               .AddAuthorization(options =>
+                {
+                    options.DefaultPolicy = new AuthorizationPolicyBuilder()
+                                           .RequireClaim(Security.ClaimTypes.Scope, Security.Scopes.ACM)
+                                           .Build();
+
+                    options.AddPolicy(
+                        SuperAdminPolicyName,
+                        new AuthorizationPolicyBuilder()
+                           .RequireClaim(Security.ClaimTypes.Scope, Security.Scopes.Admin)
+                           .RequireClaim(Security.ClaimTypes.ClientId, appSettings.SuperAdminClientIds)
+                           .Build());
+                })
                .AddNewtonsoftJson(
                     opt =>
                     {