diff --git a/helmfile/apps/nubus/values-nubus.yaml.gotmpl b/helmfile/apps/nubus/values-nubus.yaml.gotmpl
index fe316d3e..7ec5af2c 100644
--- a/helmfile/apps/nubus/values-nubus.yaml.gotmpl
+++ b/helmfile/apps/nubus/values-nubus.yaml.gotmpl
@@ -203,10 +203,17 @@ nubusPortalFrontend:
       secretName: {{ .Values.ingress.tls.secretName | quote }}
 
 nubusPortalListener:
-  enabled: false
+  enabled: true
+  portalListener:
+    objectStorageEndpoint: {{ .Values.objectstores.nubus.endpoint | default (printf "https://%s.%s" .Values.global.hosts.minioApi .Values.global.domain) | quote }}
+    objectStorageBucket: {{ .Values.objectstores.nubus.bucket | quote }}
+    objectStorageCredentialSecret:
+      name: "ums-portal-listener-minio-opendesk-credentials"
+      accessKeyKey: "access-key-id"
+      secretKeyKey: "secret-key-id"
 
 nubusPortalConsumer:
-  enabled: true
+  enabled: false
   portalConsumer:
     logLevel: {{ if .Values.debug.enabled }}"DEBUG"{{ else }}"INFO"{{ end }}
     objectStorageEndpoint: {{ .Values.objectstores.nubus.endpoint | default (printf "https://%s.%s" .Values.global.hosts.minioApi .Values.global.domain) | quote }}
@@ -244,14 +251,14 @@ nubusUdmRestApi:
       secretName: {{ .Values.ingress.tls.secretName | quote }}
 
 nubusProvisioning:
-  enabled: true
-nubusUdmListener:
-  enabled: true
-nubusSelfServiceListener:
   enabled: false
+nubusUdmListener:
+  enabled: false
+nubusSelfServiceListener:
+  enabled: true
 
 nubusSelfServiceConsumer:
-  enabled: true
+  enabled: false
 
 # Nubus services
 nubusStackDataUms:
@@ -426,6 +433,10 @@ extraSecrets:
     stringData:
       access-key-id: {{ .Values.objectstores.nubus.username | quote }}
       secret-key-id: {{ .Values.objectstores.nubus.secretKey | default .Values.secrets.minio.umsUser | quote }}
+  - name: "ums-portal-listener-minio-opendesk-credentials"
+    stringData:
+      access-key-id: {{ .Values.objectstores.nubus.username | quote }}
+      secret-key-id: {{ .Values.objectstores.nubus.secretKey | default .Values.secrets.minio.umsUser | quote }}
   - name: "ums-portal-consumer-minio-opendesk-credentials"
     stringData:
       access-key-id: {{ .Values.objectstores.nubus.username | quote }}
diff --git a/helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl b/helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl
index 87c0764c..acdc7188 100644
--- a/helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl
+++ b/helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl
@@ -87,6 +87,16 @@ nubusKeycloakExtensions:
     resources:
       {{ .Values.resources.umsKeycloakExtensionProxy | toYaml | nindent 6 }}
 
+nubusPortalListener:
+  podAnnotations:
+    intents.otterize.com/service-name: "ums-portal-listener"
+  replicaCount: {{ .Values.replicas.umsPortalListener }}
+  resources:
+    {{ .Values.resources.umsPortalListener | toYaml | nindent 4 }}
+  persistence:
+    storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
+    size: {{ .Values.persistence.size.nubus.portalListener | quote }}
+
 nubusPortalConsumer:
   podAnnotations:
     intents.otterize.com/service-name: "ums-portal-consumer"
diff --git a/helmfile/apps/nubus/values-opendesk-images.yaml.gotmpl b/helmfile/apps/nubus/values-opendesk-images.yaml.gotmpl
index f9545b73..0acbe297 100644
--- a/helmfile/apps/nubus/values-opendesk-images.yaml.gotmpl
+++ b/helmfile/apps/nubus/values-opendesk-images.yaml.gotmpl
@@ -51,13 +51,6 @@ nubusLdapServer:
       repository: {{ .Values.images.nubusWaitForDependency.repository }}
       tag: {{ .Values.images.nubusWaitForDependency.tag }}
 
-nubusPortalConsumer:
-  portalConsumer:
-    image:
-      registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusPortalConsumer.registry | quote }}
-      repository: {{ .Values.images.nubusPortalConsumer.repository }}
-      tag: {{ .Values.images.nubusPortalConsumer.tag }}
-
 nubusNotificationsApi:
   image:
     registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusNotificationsApi.registry | quote }}
@@ -70,6 +63,12 @@ nubusPortalFrontend:
     repository: {{ .Values.images.nubusPortalFrontend.repository }}
     tag: {{ .Values.images.nubusPortalFrontend.tag }}
 
+nubusPortalListener:
+  image:
+    registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusPortalListener.registry | quote }}
+    repository: {{ .Values.images.nubusPortalListener.repository }}
+    tag: {{ .Values.images.nubusPortalListener.tag }}
+
 nubusPortalConsumer:
   portalConsumer:
     image:
diff --git a/helmfile/environments/default/images.yaml b/helmfile/environments/default/images.yaml
index d73a49a1..afed3b9e 100644
--- a/helmfile/environments/default/images.yaml
+++ b/helmfile/environments/default/images.yaml
@@ -553,7 +553,9 @@ images:
     # upstreamMirrorStartFrom: ["0", "3", "2"]
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/univention/images-mirror/selfservice-invitation"
-    tag: "0.7.1@sha256:45c246ba98494c3dc17a5ea1144e5ec292501f8b9833df7d4a5c590e772bc0a1"
+    # Image for the disabled selfservice-consumer, Will be activated in a future MR
+    # tag: "0.7.1@sha256:45c246ba98494c3dc17a5ea1144e5ec292501f8b9833df7d4a5c590e772bc0a1"
+    tag: "0.6.5@sha256:5630c9df3da4134789d2ebafad7de9062375d21547a2074827b680debd7a909e"
   nubusSelfserviceListener:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"
diff --git a/helmfile/environments/default/persistence.yaml b/helmfile/environments/default/persistence.yaml
index e9c93a0d..a1290bb1 100644
--- a/helmfile/environments/default/persistence.yaml
+++ b/helmfile/environments/default/persistence.yaml
@@ -19,6 +19,7 @@ persistence:
     nubus:
       ldapServerData: "1Gi"
       ldapServerShared: "1Gi"
+      portalListener: "1Gi"
       portalConsumer: "1Gi"
       selfserviceListener: "1Gi"
     xwiki: "1Gi"
diff --git a/helmfile/environments/default/replicas.yaml b/helmfile/environments/default/replicas.yaml
index 282b9242..b190bbcd 100644
--- a/helmfile/environments/default/replicas.yaml
+++ b/helmfile/environments/default/replicas.yaml
@@ -94,6 +94,8 @@ replicas:
   # -- scalable: true
   umsPortalFrontend: 1
   # -- scalable: tbd
+  umsPortalListener: 1
+  # -- scalable: tbd
   umsPortalConsumer: 1
   # -- scalable: true
   umsPortalServer: 1
diff --git a/helmfile/environments/default/resources.yaml b/helmfile/environments/default/resources.yaml
index fff12191..9e0e20db 100644
--- a/helmfile/environments/default/resources.yaml
+++ b/helmfile/environments/default/resources.yaml
@@ -471,6 +471,20 @@ resources:
     requests:
       cpu: 0.1
       memory: "256Mi"
+  umsPortalListener:
+    limits:
+      cpu: 99
+      memory: "1Gi"
+    requests:
+      cpu: 0.1
+      memory: "256Mi"
+  umsPortalListenerDependencies:
+    limits:
+      cpu: 99
+      memory: "1Gi"
+    requests:
+      cpu: 0.1
+      memory: "256Mi"
   umsPortalConsumer:
     limits:
       cpu: 99
diff --git a/helmfile/environments/default/secrets.gotmpl b/helmfile/environments/default/secrets.gotmpl
index f662f5d2..f1ab4bae 100644
--- a/helmfile/environments/default/secrets.gotmpl
+++ b/helmfile/environments/default/secrets.gotmpl
@@ -36,6 +36,7 @@ secrets:
       sysIdpUserPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "sysIdpUser" | sha1sum | quote }}
     storeDavUsers:
       portalServer: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "portal-server" "store-dav" | sha1sum | quote }}
+      portalListener: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "portal-listener" "store-dav" | sha1sum | quote }}
       portalConsumer: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "portal-consumer" "store-dav" | sha1sum | quote }}
     provisioning:
       apiNatsPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "api" "nats" | sha1sum | quote }}
diff --git a/helmfile/environments/default/selinux.yaml b/helmfile/environments/default/selinux.yaml
index ad1270f9..a76efde7 100644
--- a/helmfile/environments/default/selinux.yaml
+++ b/helmfile/environments/default/selinux.yaml
@@ -77,6 +77,7 @@ seLinuxOptions:
   umsNotificationsApi: ~
   umsOpenPolicyAgent: ~
   umsPortalFrontend: ~
+  umsPortalListener: ~
   umsPortalConsumer: ~
   umsPortalServer: ~
   umsProvisioningDispatcher: ~
diff --git a/helmfile/environments/test/values.yaml.gotmpl b/helmfile/environments/test/values.yaml.gotmpl
index 35535f51..39b0c402 100644
--- a/helmfile/environments/test/values.yaml.gotmpl
+++ b/helmfile/environments/test/values.yaml.gotmpl
@@ -21,6 +21,7 @@ persistence:
     nubus:
       ldapServerData: "42Gi"
       ldapServerShared: "42Gi"
+      portalListener: "42Gi"
       portalConsumer: "42Gi"
       selfserviceListener: "42Gi"
     postfix: "42Gi"
@@ -91,6 +92,7 @@ replicas:
   umsLdapServer: 42
   umsNotificationsApi: 42
   umsPortalFrontend: 42
+  umsPortalListener: 42
   umsPortalConsumer: 42
   umsPortalServer: 42
   umsSelfserviceListener: 42