diff --git a/SAS/TMSS/src/tmss/settings.py b/SAS/TMSS/src/tmss/settings.py
index f087c50bffa0c431d86fd4c1fbecf8ec3d08d426..85ce3ea7453b4a56cff3819afb76e968ec1c5f2a 100644
--- a/SAS/TMSS/src/tmss/settings.py
+++ b/SAS/TMSS/src/tmss/settings.py
@@ -192,8 +192,8 @@ if "OIDC_RP_CLIENT_ID" in os.environ.keys():
     OIDC_DRF_AUTH_BACKEND = 'mozilla_django_oidc.auth.OIDCAuthenticationBackend'
 
     # For talking to Mozilla Identity Provider:
-    OIDC_RP_SCOPES = "openid email groups"
-    OIDC_RP_CLIENT_ID = os.environ.get('OIDC_RP_CLIENT_ID', '1')  # Secret, do not put real credentials on Git
+    OIDC_RP_SCOPES = "openid email profile"  # todo: groups are not a standard scope, how to handle those?
+    OIDC_RP_CLIENT_ID = os.environ.get('OIDC_RP_CLIENT_ID', '2')  # Secret, do not put real credentials on Git
     OIDC_RP_CLIENT_SECRET = os.environ.get('OIDC_RP_CLIENT_SECRET',
                                            'secret')  # Secret, do not put real credentials on Git
     OIDC_ENDPOINT_HOST = os.environ.get('OIDC_ENDPOINT_HOST', 'tmss_test_oidc')
@@ -233,6 +233,7 @@ else:
     REST_FRAMEWORK['DEFAULT_PERMISSION_CLASSES'].append('rest_framework.permissions.AllowAny')
     logger.warning("No authentication configured! please set either OIDC_RP_CLIENT_ID or TMSS_LDAPCREDENTIALS environment variable.")
 
+
 LOGIN_REDIRECT_URL = "/api/"
 LOGIN_REDIRECT_URL_FAILURE = "/api/"
 LOGOUT_REDIRECT_URL = "/api/"
diff --git a/SAS/TMSS/test/CMakeLists.txt b/SAS/TMSS/test/CMakeLists.txt
index 97461ce8d990f0801a67b055628452af0aa4b98d..96f2c42d0e50185e0792f49319787d02ae9588ae 100644
--- a/SAS/TMSS/test/CMakeLists.txt
+++ b/SAS/TMSS/test/CMakeLists.txt
@@ -25,6 +25,7 @@ if(BUILD_TESTING)
     lofar_add_test(t_tmssapp_scheduling_django)
     lofar_add_test(t_tmssapp_scheduling_functional)
     lofar_add_test(t_subtask_validation)
+    lofar_add_test(t_tmssapp_specification_permissions)
 
     # set_tests_properties(t_tmssapp_scheduling_functional PROPERTIES TIMEOUT 300)
 endif()
diff --git a/SAS/TMSS/test/t_tmssapp_specification_permissions.py b/SAS/TMSS/test/t_tmssapp_specification_permissions.py
index 847a883c6a818505d769024677d519567fff6d07..5408352e981f2c894ba9c186618724e267684600 100644
--- a/SAS/TMSS/test/t_tmssapp_specification_permissions.py
+++ b/SAS/TMSS/test/t_tmssapp_specification_permissions.py
@@ -91,7 +91,6 @@ class CycleTest(rest_framework.test.APITransactionTestCase):
         res = client.post('%s/cycle/' % BASE_URI, data=self.test_data_2)
         self.assertEqual(res.status_code, 201)
 
-
     def test_Cycle_cannot_be_deleted_without_group(self):
 
         self.user.groups.set([])
@@ -107,7 +106,7 @@ class CycleTest(rest_framework.test.APITransactionTestCase):
         self.assertEqual(res.status_code, 403)
         self.assertEqual(count + 1, len(models.Cycle.objects.all()))
 
-    def test_Cycle_can_be_deleted_by_admin(self):
+    def test_Cycle_can_only_be_deleted_by_admin(self):
 
         self.user.groups.set([self.admin_group])
 
@@ -120,4 +119,6 @@ class CycleTest(rest_framework.test.APITransactionTestCase):
         # delete
         res = client.delete(url)
         self.assertEqual(res.status_code, 204)
+
+        new_count = len(models.Cycle.objects.all())
         self.assertEqual(count, len(models.Cycle.objects.all()))
\ No newline at end of file