diff --git a/controller/config.go b/controller/config.go
index 2c566b85..69a72eb4 100644
--- a/controller/config.go
+++ b/controller/config.go
@@ -19,6 +19,7 @@ type EndpointConfig struct {
 
 type ProxyConfig struct {
 	UrlTemplate string
+	Identities  []string
 }
 
 func LoadConfig(path string) (*Config, error) {
diff --git a/controller/tunnel.go b/controller/tunnel.go
index 4ec15aa9..5e889cce 100644
--- a/controller/tunnel.go
+++ b/controller/tunnel.go
@@ -160,7 +160,11 @@ func (self *tunnelHandler) createServicePolicyBind(svcName, svcId, envId string,
 }
 
 func (self *tunnelHandler) createServicePolicyDial(svcName, svcId string, edge *rest_management_api_client.ZitiEdgeManagement) error {
-	identityRoles := []string{"@PyB606.S."} // @proxy
+	var identityRoles []string
+	for _, proxyIdentity := range self.cfg.Proxy.Identities {
+		identityRoles = append(identityRoles, "@"+proxyIdentity)
+		logrus.Infof("added proxy identity role '%v'", proxyIdentity)
+	}
 	name := fmt.Sprintf("%v-dial", svcName)
 	postureCheckRoles := []string{}
 	semantic := rest_model.SemanticAllOf
diff --git a/etc/ctrl.yml b/etc/ctrl.yml
index 11635fd3..173f0f40 100644
--- a/etc/ctrl.yml
+++ b/etc/ctrl.yml
@@ -4,6 +4,8 @@ endpoint:
 
 proxy:
   url_template:     "http://{svcName}.zrok.quigley.com:10111/"
+  identities:
+    - "-zbBF8eVb-"
 
 store:
   path:             zrok.db
\ No newline at end of file