diff --git a/lib/Controller/SettingsController.php b/lib/Controller/SettingsController.php
index 9af6eba7..fbce96a6 100644
--- a/lib/Controller/SettingsController.php
+++ b/lib/Controller/SettingsController.php
@@ -73,6 +73,9 @@ public function isDiscoveryEndpointValid($url) {
 		return $result;
 	}
 
+	/**
+	 * @PasswordConfirmationRequired
+	 */
 	public function createProvider(string $identifier, string $clientId, string $clientSecret, string $discoveryEndpoint,
 		array $settings = [], string $scope = 'openid email profile', ?string $endSessionEndpoint = null): JSONResponse {
 		if ($this->providerService->getProviderByIdentifier($identifier) !== null) {
@@ -103,6 +106,9 @@ public function createProvider(string $identifier, string $clientId, string $cli
 		return new JSONResponse(array_merge($provider->jsonSerialize(), ['settings' => $providerSettings]));
 	}
 
+	/**
+	 * @PasswordConfirmationRequired
+	 */
 	public function updateProvider(int $providerId, string $identifier, string $clientId, string $discoveryEndpoint, ?string $clientSecret = null,
 		array $settings = [], string $scope = 'openid email profile', ?string $endSessionEndpoint = null): JSONResponse {
 		$provider = $this->providerMapper->getProvider($providerId);
@@ -139,6 +145,9 @@ public function updateProvider(int $providerId, string $identifier, string $clie
 		return new JSONResponse(array_merge($provider->jsonSerialize(), ['settings' => $providerSettings]));
 	}
 
+	/**
+	 * @PasswordConfirmationRequired
+	 */
 	public function deleteProvider(int $providerId): JSONResponse {
 		try {
 			$provider = $this->providerMapper->getProvider($providerId);
@@ -160,6 +169,9 @@ public function getID4ME(): bool {
 		return $this->id4meService->getID4ME();
 	}
 
+	/**
+	 * @PasswordConfirmationRequired
+	 */
 	public function setID4ME(bool $enabled): JSONResponse {
 		$this->id4meService->setID4ME($enabled);
 		return new JSONResponse(['enabled' => $this->getID4ME()]);
diff --git a/package-lock.json b/package-lock.json
index e5186ef0..088de0fe 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -13,6 +13,7 @@
 				"@nextcloud/dialogs": "^5.3.7",
 				"@nextcloud/initial-state": "^2.2.0",
 				"@nextcloud/logger": "^2.7.0",
+				"@nextcloud/password-confirmation": "^5.1.1",
 				"@nextcloud/router": "^3.0.1",
 				"@nextcloud/vue": "^8.19.0",
 				"jstz": "^2.1.1",
@@ -2805,6 +2806,25 @@
 				"npm": "^9.0.0"
 			}
 		},
+		"node_modules/@nextcloud/password-confirmation": {
+			"version": "5.1.1",
+			"resolved": "https://registry.npmjs.org/@nextcloud/password-confirmation/-/password-confirmation-5.1.1.tgz",
+			"integrity": "sha512-UlQcjVe/fr/JaJ6TWaRM+yBLIEZRU6RWMy0JoExcA6UVJs2HJrRIyVMuiCLuIYlH23ReJH+z7zFI3+V7vdeJ1Q==",
+			"license": "MIT",
+			"dependencies": {
+				"@nextcloud/axios": "^2.5.0",
+				"@nextcloud/l10n": "^3.1.0",
+				"@nextcloud/router": "^3.0.1"
+			},
+			"engines": {
+				"node": "^20.0.0",
+				"npm": "^10.0.0"
+			},
+			"peerDependencies": {
+				"@nextcloud/vue": "^8.0.0",
+				"vue": "^2.7.16"
+			}
+		},
 		"node_modules/@nextcloud/paths": {
 			"version": "2.2.1",
 			"resolved": "https://registry.npmjs.org/@nextcloud/paths/-/paths-2.2.1.tgz",
diff --git a/package.json b/package.json
index 7463a550..5039ad8e 100644
--- a/package.json
+++ b/package.json
@@ -26,6 +26,7 @@
 		"@nextcloud/dialogs": "^5.3.7",
 		"@nextcloud/initial-state": "^2.2.0",
 		"@nextcloud/logger": "^2.7.0",
+		"@nextcloud/password-confirmation": "^5.1.1",
 		"@nextcloud/router": "^3.0.1",
 		"@nextcloud/vue": "^8.19.0",
 		"jstz": "^2.1.1",
diff --git a/src/components/AdminSettings.vue b/src/components/AdminSettings.vue
index 16680c87..b2c64354 100644
--- a/src/components/AdminSettings.vue
+++ b/src/components/AdminSettings.vue
@@ -111,6 +111,7 @@ import NcActions from '@nextcloud/vue/dist/Components/NcActions.js'
 import NcActionButton from '@nextcloud/vue/dist/Components/NcActionButton.js'
 import NcModal from '@nextcloud/vue/dist/Components/NcModal.js'
 import NcCheckboxRadioSwitch from '@nextcloud/vue/dist/Components/NcCheckboxRadioSwitch.js'
+import { confirmPassword } from '@nextcloud/password-confirmation'
 
 import logger from '../logger.js'
 import SettingsForm from './SettingsForm.vue'
@@ -175,6 +176,7 @@ export default {
 
 			this.loadingId4Me = true
 			try {
+				await confirmPassword()
 				const url = generateUrl('/apps/user_oidc/provider/id4me')
 
 				await axios.post(url, {
@@ -194,6 +196,7 @@ export default {
 			this.editProvider = null
 		},
 		async onUpdate(provider) {
+			await confirmPassword()
 			logger.info('Update oidc provider', { data: provider })
 
 			const url = generateUrl(`/apps/user_oidc/provider/${provider.id}`)
@@ -208,6 +211,7 @@ export default {
 			}
 		},
 		async onRemove(provider) {
+			await confirmPassword()
 			logger.info('Remove oidc provider', { provider })
 
 			const url = generateUrl(`/apps/user_oidc/provider/${provider.id}`)
@@ -221,6 +225,7 @@ export default {
 			}
 		},
 		async onSubmit() {
+			await confirmPassword()
 			logger.info('Add new oidc provider', { data: this.newProvider })
 
 			const url = generateUrl('/apps/user_oidc/provider')