diff --git a/postamates/settings.py b/postamates/settings.py
index fcf0e4f..e5f66c1 100644
--- a/postamates/settings.py
+++ b/postamates/settings.py
@@ -43,8 +43,8 @@ INSTALLED_APPS = [
     'rest_framework',
     'django_json_widget',
     'django.contrib.gis',
-    'rest_registration',
     'django_celery_beat',
+    'drf_keycloak_auth',
 ]
 
 MIDDLEWARE = [
@@ -147,23 +147,6 @@ if os.getenv('local') is not None:
     GDAL_LIBRARY_PATH = '/opt/homebrew/opt/gdal/lib/libgdal.dylib'
     GEOS_LIBRARY_PATH = '/opt/homebrew/opt/geos/lib/libgeos_c.dylib'
 
-EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
-EMAIL_HOST = os.getenv('EMAIL_HOST', 'smtp.yandex.ru')
-EMAIL_PORT = os.getenv('EMAIL_PORT', 587)
-EMAIL_HOST_USER = os.getenv('EMAIL_HOST_USER', 'noreply@spatiality.website')
-EMAIL_HOST_PASSWORD = os.getenv('EMAIL_HOST_PASSWORD', 'spatialitypass321')
-EMAIL_USE_TLS = True
-FRONTEND_URL = os.getenv('REACT_APP_DOMAIN_URL', 'http://localhost:3000/')
-REST_REGISTRATION = {
-    'REGISTER_VERIFICATION_ENABLED': True,
-    'RESET_PASSWORD_VERIFICATION_ENABLED': False,
-    'REGISTER_EMAIL_VERIFICATION_ENABLED': True,
-    'REGISTER_VERIFICATION_URL': f'{FRONTEND_URL}verify-user/',
-    'RESET_PASSWORD_VERIFICATION_URL': f'{FRONTEND_URL}reset-password/',
-    'REGISTER_EMAIL_VERIFICATION_URL': f'{FRONTEND_URL}verify-email/',
-    'VERIFICATION_FROM_EMAIL': 'noreply@spatiality.website',
-    'USER_LOGIN_FIELDS': ['email'],
-}
 
 SWAGGER_SETTINGS = {
     'DEFAULT_INFO': 'service.urls.info',
@@ -198,3 +181,22 @@ DATA_UPLOAD_MAX_NUMBER_FIELDS = None
 GEOCODER_API_KEY = os.getenv('GEOCODER_API_KEY','TzgdKWgyI2nfaz1WHRD-aYJK4e400MiOJQP7Enf1e1M')
 STATUS_TASK_NAME='status_task'
 STATUS_TASK_NAME_IMPORT='import_status_task'
+
+
+REST_FRAMEWORK = {
+  'DEFAULT_AUTHENTICATION_CLASSES': [
+    'rest_framework.authentication.SessionAuthentication',
+    'drf_keycloak_auth.authentication.KeycloakAuthentication',
+  ]
+}
+
+
+DRF_KEYCLOAK_AUTH = {
+    # 'KEYCLOAK_SERVER_URL': 'http://keycloak.dev.selfservicetech.ru/auth',
+    'KEYCLOAK_SERVER_URL': 'https://kk.dev.selftech.ru/auth',
+    'KEYCLOAK_REALM': 'SST',
+    'KEYCLOAK_CLIENT_ID': 'postnet',
+    'KEYCLOAK_CLIENT_SECRET_KEY': 'K2yHweEUispkVeWn03VMk843sW2Moic5',
+    'KEYCLOAK_MANAGE_LOCAL_USER': False,
+    'KEYCLOAK_ROLE_SET_PREFIX': 'realm_access',
+}
diff --git a/postamates/urls.py b/postamates/urls.py
index e862f63..03a4078 100644
--- a/postamates/urls.py
+++ b/postamates/urls.py
@@ -8,7 +8,6 @@ from service.admin import my_admin_site
 urlpatterns = [
     path('admin/', my_admin_site.urls),
     path('api/', include('service.urls')),
-    path('accounts/', include('rest_registration.api.urls')),
 ]
 
 urlpatterns += static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
diff --git a/requirements.txt b/requirements.txt
index d65d26b..eb428b0 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -92,3 +92,4 @@ xlrd==1.2.0
 XlsxWriter==3.0.8
 django-filter==23.2
 shap==0.41.0
+drf-keycloak-auth==0.3.0
diff --git a/service/permissions.py b/service/permissions.py
index 8282304..321a4c6 100644
--- a/service/permissions.py
+++ b/service/permissions.py
@@ -1,14 +1,16 @@
 from rest_framework.permissions import BasePermission
+# from drf_keycloak_auth.authentication import KeycloakAuthentication
 
 
 class UserPermission(BasePermission):
     def has_permission(self, request, view):
-        if view.action in [
-            'update_fact', 'update_postamat_id', 'update_status', 'retrieve',
-            'update', 'partial_update', 'destroy', 'create',
-        ]:
-            return request.user.groups.filter(name='Редактор').exists()
+        kk_profile = request.auth
+        kk_roles = kk_profile.get('realm_access', {}).get('roles', [])
+        if getattr(view, 'action', None):
+            if view.action in [
+                'update_fact', 'update_postamat_id', 'update_status', 'retrieve',
+                'update', 'partial_update', 'destroy', 'create',
+            ]:
+                return 'postnet_editor' in kk_roles
         else:
-            return request.user.groups.filter(
-                name__in=('Зритель', 'Редактор'),
-            ).exists()
+            return 'postnet_editor' in kk_roles or 'postnet_viewer' in kk_roles
diff --git a/service/views.py b/service/views.py
index 0367c49..5b3888b 100644
--- a/service/views.py
+++ b/service/views.py
@@ -7,7 +7,6 @@ from django.http import JsonResponse
 from rest_framework.decorators import action
 from rest_framework.decorators import api_view
 from rest_framework.decorators import permission_classes
-from rest_framework.permissions import IsAuthenticated
 from rest_framework.response import Response
 from rest_framework.views import APIView
 from rest_framework.viewsets import ReadOnlyModelViewSet
@@ -512,10 +511,12 @@ def upload_houses(request):
 
 
 @api_view(['GET'])
-@permission_classes([IsAuthenticated])
+@permission_classes([UserPermission])
 def get_current_user(request):
+    kk_profile = request.auth
+    kk_roles = kk_profile.get('realm_access', {}).get('roles', [])
     return JsonResponse(
-        {'groups': [gr.name for gr in request.user.groups.all()]},
+        {'groups': kk_roles, 'username': kk_profile.get('preferred_username')},
     )