diff --git a/helm/charts/generic_service/templates/NOTES.txt b/helm/charts/generic_service/templates/NOTES.txt
index 940c48fa..9391ac43 100644
--- a/helm/charts/generic_service/templates/NOTES.txt
+++ b/helm/charts/generic_service/templates/NOTES.txt
@@ -1,8 +1,9 @@
 1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range $host := .Values.ingress.hosts }}
+{{- $ingress := index (default (list .Values.ingress) .Values.ingresses) 0 }}
+{{- if $ingress }}
+{{- range $host := $ingress.hosts }}
   {{- range .paths }}
-  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ tpl $host.host $ }}{{ .path }}
+  http{{ if $ingress.tls }}s{{ end }}://{{ tpl $host.host $ }}{{ .path }}
   {{- end }}
 {{- end }}
 {{- else if contains "NodePort" .Values.service.type }}
diff --git a/helm/charts/generic_service/templates/ingress.yaml b/helm/charts/generic_service/templates/ingress.yaml
index 3aa8882c..867c4b3a 100644
--- a/helm/charts/generic_service/templates/ingress.yaml
+++ b/helm/charts/generic_service/templates/ingress.yaml
@@ -1,34 +1,36 @@
-{{- if .Values.ingress.enabled -}}
-{{- $fullName := include "helm_chart.fullname" . -}}
-{{- $svcPort := .Values.service.externalPort -}}
-{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
-  {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
-  {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
+{{- range $ingress := default (list .Values.ingress) .Values.ingresses }}
+{{- if $ingress.enabled -}}
+{{- $fullName := include "helm_chart.fullname" $ -}}
+{{- $svcPort := $.Values.service.externalPort -}}
+{{- $gitVersion := $.Capabilities.KubeVersion.GitVersion -}}
+{{- if and $ingress.className (not (semverCompare ">=1.18-0" $gitVersion)) }}
+  {{- if not (hasKey $ingress.annotations "kubernetes.io/ingress.class") }}
+  {{- $_ := set $ingress.annotations "kubernetes.io/ingress.class" $ingress.className}}
   {{- end }}
 {{- end }}
-{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- if semverCompare ">=1.19-0" $gitVersion -}}
 apiVersion: networking.k8s.io/v1
-{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- else if semverCompare ">=1.14-0" $gitVersion -}}
 apiVersion: networking.k8s.io/v1beta1
 {{- else -}}
 apiVersion: extensions/v1beta1
 {{- end }}
 kind: Ingress
 metadata:
-  name: {{ $fullName }}
-  {{- with .Values.ingress.annotations }}
+  name: {{ default $fullName $ingress.name }}
+  {{- with $ingress.annotations }}
   annotations:
     {{- toYaml . | nindent 4 }}
   {{- end }}
   labels:
-    {{- include "helm_chart.labels" . | nindent 4 }}
+    {{- include "helm_chart.labels" $ | nindent 4 }}
 spec:
-  {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
-  ingressClassName: {{ .Values.ingress.className }}
+  {{- if and $ingress.className (semverCompare ">=1.18-0" $gitVersion) }}
+  ingressClassName: {{ $ingress.className }}
   {{- end }}
-  {{- if .Values.ingress.tls }}
+  {{- if $ingress.tls }}
   tls:
-    {{- range .Values.ingress.tls }}
+    {{- range $ingress.tls }}
     - hosts:
         {{- range .hosts }}
         - {{ tpl . $ | quote }}
@@ -37,25 +39,27 @@ spec:
     {{- end }}
   {{- end }}
   rules:
-    {{- range .Values.ingress.hosts }}
+    {{- range $ingress.hosts }}
     - host: {{ tpl .host $ | quote }}
       http:
         paths:
           {{- range .paths }}
           - path: {{ .path }}
-            {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
+            {{- if and .pathType (semverCompare ">=1.18-0" $gitVersion) }}
             pathType: {{ .pathType }}
             {{- end }}
             backend:
-              {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+              {{- if semverCompare ">=1.19-0" $gitVersion }}
               service:
                 name: {{ $fullName }}
                 port:
                   number: {{ $svcPort }}
               {{- else -}}
               serviceName: {{ $fullName }}
-              servicePort: {{ $svcPort }}7
+              servicePort: {{ $svcPort }}
               {{- end }}
           {{- end }}
     {{- end }}
+---
   {{- end }}
+{{- end }}
diff --git a/helm/configs/backend/values.yaml b/helm/configs/backend/values.yaml
index 5a45c0b1..d2ee9aae 100644
--- a/helm/configs/backend/values.yaml
+++ b/helm/configs/backend/values.yaml
@@ -41,22 +41,34 @@ secrets:
       mail_auth: "{{ .Values.secretsJson.MAIL_AUTH }}"
       express_session: "{{ .Values.secretsJson.EXPRESS_SESSION_SECRET }}"
 
-ingress:
-  enabled: true
-  annotations: 
-    kubernetes.io/ingress.class: nginx
-    cert-manager.io/cluster-issuer: letsencrypt-prod
-    nginx.ingress.kubernetes.io/proxy-body-size: 50m
-    nginx.ingress.kubernetes.io/proxy-read-timeout: "120"
-  hosts:
-    - host: "{{ .Values.host }}"
-      paths: 
-        - path: "/"
-          pathType: Prefix
-  tls:
-    - hosts:
-      - "{{ .Values.host }}"
-      secretName: "scicat-be-certificate"
+ingresses:
+  - enabled: true
+    annotations:
+      kubernetes.io/ingress.class: nginx
+      cert-manager.io/cluster-issuer: letsencrypt-prod
+      nginx.ingress.kubernetes.io/proxy-body-size: 50m
+      nginx.ingress.kubernetes.io/proxy-read-timeout: "120"
+    hosts:
+      - host: "{{ .Values.host }}"
+        paths: 
+          - path: "/"
+            pathType: Prefix
+    tls:
+      - hosts:
+        - "{{ .Values.host }}"
+        secretName: "scicat-be-certificate"
+  - enabled: true
+    name: backend-login
+    annotations:
+      kubernetes.io/ingress.class: nginx
+      nginx.ingress.kubernetes.io/whitelist-source-range: "{{ .Values.secretsJson.WHITELISTED_IPS }}"
+    hosts:
+      - host: "{{ .Values.host }}"
+        paths:
+          - path: /api/v3/Users/login
+            pathType: Exact
+          - path: /api/v3/auth/msad
+            pathType: Exact
 
 configMaps: 
   "{{ .Release.Name }}-cm":