diff --git a/lib/auth/otrs.rb b/lib/auth/otrs.rb
index 3219d86cb..edb63143c 100644
--- a/lib/auth/otrs.rb
+++ b/lib/auth/otrs.rb
@@ -6,58 +6,22 @@ module Auth::Otrs
   def self.check( username, password, config, user )
 
     endpoint = Setting.get('import_otrs_endpoint')
-    return false if !endpoint || endpoint.empty? || endpoint == 'http://otrs_host/otrs'
+    return false if !endpoint
+    return false if endpoint.empty?
+    return false if endpoint == 'http://otrs_host/otrs'
 
     # connect to OTRS
     result = Import::OTRS.auth( username, password )
     return false if !result
     return false if !result['groups_ro']
     return false if !result['groups_rw']
+    return false if !result['user']
 
-    # check if required OTRS group exists
-    types = {
-      :required_group_ro => 'groups_ro',
-      :required_group_rw => 'groups_rw',
-    }
-    types.each {|config_key,result_key|
-      if config[config_key]
-        return false if !result[result_key].has_value?( config[config_key] )
-      end
-    }
+    user = User.where( :login => result['user']['UserLogin'], :active => true ).first
+    return false if !user
 
-    # sync roles / groups
-    if config[:group_ro_role_map] || config[:group_rw_role_map]
-      user.role_ids = []
-      user.save
-    end
-    types = {
-      :group_ro_role_map => 'groups_ro',
-      :group_rw_role_map => 'groups_rw',
-    }
-    types.each {|config_key,result_key|
-      next if !config[config_key]
-      config[config_key].each {|otrs_group, role|
-        next if !result[result_key].has_value?( otrs_group )
-        role_ids = user.role_ids
-        role = Role.where( :name => role ).first
-        next if !role
-        role_ids.push role.id
-        user.role_ids = role_ids
-        user.save
-      }
-    }
-
-    if config[:always_role]
-      config[:always_role].each {|role, active|
-        next if !active
-        role_ids = user.role_ids
-        role = Role.where( :name => role ).first
-        next if !role
-        role_ids.push role.id
-        user.role_ids = role_ids
-        user.save
-      }
-    end
+    # sync / check permissions
+    Import::OTRS.permission_sync( user, result, config )
 
     return user
   end
diff --git a/lib/import/otrs.rb b/lib/import/otrs.rb
index 838965e98..65bed128c 100644
--- a/lib/import/otrs.rb
+++ b/lib/import/otrs.rb
@@ -60,6 +60,55 @@ module Import::OTRS
     return result
   end
 
+  def self.permission_sync(user, result, config)
+
+    # check if required OTRS group exists
+    types = {
+      :required_group_ro => 'groups_ro',
+      :required_group_rw => 'groups_rw',
+    }
+    types.each {|config_key,result_key|
+      if config[config_key]
+        return false if !result[result_key].has_value?( config[config_key] )
+      end
+    }
+
+    # sync roles / groups
+    if config[:group_ro_role_map] || config[:group_rw_role_map]
+      user.role_ids = []
+      user.save
+    end
+    types = {
+      :group_ro_role_map => 'groups_ro',
+      :group_rw_role_map => 'groups_rw',
+    }
+    types.each {|config_key,result_key|
+      next if !config[config_key]
+      config[config_key].each {|otrs_group, role|
+        next if !result[result_key].has_value?( otrs_group )
+        role_ids = user.role_ids
+        role = Role.where( :name => role ).first
+        next if !role
+        role_ids.push role.id
+        user.role_ids = role_ids
+        user.save
+      }
+    }
+
+    if config[:always_role]
+      config[:always_role].each {|role, active|
+        next if !active
+        role_ids = user.role_ids
+        role = Role.where( :name => role ).first
+        next if !role
+        role_ids.push role.id
+        user.role_ids = role_ids
+        user.save
+      }
+    end
+
+  end
+
   def self.start
     puts 'Start import...'
 
diff --git a/lib/sso.rb b/lib/sso.rb
index 61695455f..858afc28f 100644
--- a/lib/sso.rb
+++ b/lib/sso.rb
@@ -22,7 +22,18 @@ returns
         :adapter => 'Sso::Env',
       },
       {
-        :adapter => 'Sso::Otrs',
+        :adapter           => 'Sso::Otrs',
+        :required_group_ro => 'stats',
+        :group_rw_role_map => {
+          'admin' => 'Admin',
+          'stats' => 'Report',
+        },
+        :group_ro_role_map => {
+          'stats' => 'Report',
+        },
+        :always_role => {
+          'Agent' => true,
+        },
       },
     ]
 
diff --git a/lib/sso/otrs.rb b/lib/sso/otrs.rb
index 660fa3e38..56e92af04 100644
--- a/lib/sso/otrs.rb
+++ b/lib/sso/otrs.rb
@@ -4,16 +4,23 @@ module Sso::Otrs
   def self.check( params, config_item )
 
     endpoint = Setting.get('import_otrs_endpoint')
-    return false if !endpoint || endpoint.empty? || endpoint == 'http://otrs_host/otrs'
+    return false if !endpoint
+    return false if endpoint.empty?
+    return false if endpoint == 'http://otrs_host/otrs'
     return false if !params['SessionID']
 
     # connect to OTRS
     result = Import::OTRS.session( params['SessionID'] )
     return false if !result
+    return false if !result['groups_ro']
+    return false if !result['groups_rw']
+    return false if !result['user']
 
-    user = User.where( :login => result['UserLogin'], :active => true ).first
-    return user if user
+    user = User.where( :login => result['user']['UserLogin'], :active => true ).first
 
-    return false
+    # sync / check permissions
+    Import::OTRS.permission_sync( user, result, config_item )
+
+    return user
   end
 end
\ No newline at end of file