diff --git a/docs/migrations.md b/docs/migrations.md
index d979373e..50df2b21 100644
--- a/docs/migrations.md
+++ b/docs/migrations.md
@@ -8,7 +8,8 @@ SPDX-License-Identifier: Apache-2.0
 * [Disclaimer](#disclaimer)
 * [Releases upgrades](#releases-upgrades)
   * [From v0.9.0](#from-v090)
-    * [Manual interaction](#manual-interaction)
+    * [Changed openDesk defaults](#changed-opendesk-defaults)
+      * [MatrixID localpart update](#matrixid-localpart-update)
       * [Fileshare configurability](#fileshare-configurability)
     * [Automated migrations](#automated-migrations)
       * [Local Postfix as Relay](#local-postfix-as-relay)
@@ -34,7 +35,40 @@ Limitations:
 
 ## From v0.9.0
 
-### Manual interaction
+### Changed openDesk defaults
+
+#### MatrixID localpart update
+
+Until 0.9.0 openDesk used the LDAP entryUUID of a user to generate the user's MatrixID. Due to restrictions of the
+Matrix protocol an update of a MatrixID is not possible, therefore it was technically convenient to use the UUID
+as it is immutable (see https://de.wikipedia.org/wiki/Universally_Unique_Identifier for more details on UUIDs.)
+
+From the user experience perspective that was a bad approach, so from now on by default the username, that
+is also used for logging into openDesk, is used to define the localpart of the MatrixID.
+
+For existing installations: The changed setting only affects users that login to Element the first time. Existing
+user accounts will not be harmed. If you want existing users to get new MatrixIDs based on the new setting, you
+need to update their external ID in Synapse and deactivate the old user afterwards. The user will get a new
+Matrix account from the scratch, losing the existing contacts, chats and rooms.
+
+The following Admin API calls are helpful:
+- GET /_synapse/admin/v2/users/@<entryuuid>:<matrixdomain> get the user's existing external_id (auth_provider: "oidc")
+- PUT /_synapse/admin/v2/users/@<entryuuid>:<matrixdomain> update user's external_id with JSON payload:
+  `{ "external_ids": [ { "auth_provider": "oidc", "external_id": "<old_id>+deprecated" } ] }`
+- POST /_synapse/admin/v1/deactivate/@<entryuuid>:<matrixdomain> deactivate old user with JSON payload:
+  `{ "erase": true }`
+
+For more details check the Admin API documentation:
+https://element-hq.github.io/synapse/latest/usage/administration/admin_api/index.html
+
+You can enforce the old standard with the following setting:
+```
+functional:
+  chat:
+    matrix:
+      profile:
+        useImmutableIdentifierForLocalpart: true
+```
 
 #### Fileshare configurability
 
diff --git a/helmfile/apps/element/values-synapse.yaml.gotmpl b/helmfile/apps/element/values-synapse.yaml.gotmpl
index 6e47980b..80d94e4a 100644
--- a/helmfile/apps/element/values-synapse.yaml.gotmpl
+++ b/helmfile/apps/element/values-synapse.yaml.gotmpl
@@ -53,6 +53,9 @@ configuration:
     presence:
       enabled: {{ .Values.functional.dataProtection.matrixPresence.enabled }}
 
+    profile:
+      allowUsersToUpdateDisplayname: {{ .Values.functional.chat.matrix.profile.allowUsersToUpdateDisplayname }}
+
     smtp:
       senderAddress: "{{ .Values.smtp.localpartNoReply }}@{{ .Values.global.domain }}"
       host: {{ printf "%s.%s.svc.%s" "postfix" (.Values.postfix.namespace | default .Release.Namespace) .Values.cluster.networking.domain | quote }}
@@ -66,6 +69,7 @@ configuration:
       clientId: "opendesk-matrix"
       clientSecret: {{ .Values.secrets.keycloak.clientSecret.matrix | quote }}
       issuer: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}"
+      matrixIdLocalpart: {{ if .Values.functional.chat.matrix.profile.useImmutableIdentifierForLocalpart }}"opendesk_useruuid"{{ else }}"opendesk_username"{{ end }}
       scopes:
         - "openid"
         - "opendesk-matrix-scope"
diff --git a/helmfile/environments/default/charts.yaml b/helmfile/environments/default/charts.yaml
index 464b7ed1..958f9b50 100644
--- a/helmfile/environments/default/charts.yaml
+++ b/helmfile/environments/default/charts.yaml
@@ -90,7 +90,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
     name: "opendesk-element"
-    version: "3.3.2"
+    version: "3.4.0"
     verify: true
   elementWellKnown:
     # providerCategory: "Platform"
@@ -100,7 +100,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
     name: "opendesk-well-known"
-    version: "3.3.2"
+    version: "3.4.0"
     verify: true
   home:
     # providerCategory: "Platform"
@@ -192,7 +192,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
     name: "opendesk-matrix-user-verification-service"
-    version: "3.3.2"
+    version: "3.4.0"
     verify: true
   memcached:
     # providerCategory: "Community"
@@ -380,7 +380,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
     name: "opendesk-synapse"
-    version: "3.3.2"
+    version: "3.4.0"
     verify: true
   synapseCreateAccount:
     # providerCategory: "Platform"
@@ -390,7 +390,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
     name: "opendesk-synapse-create-account"
-    version: "3.3.2"
+    version: "3.4.0"
     verify: true
   synapseWeb:
     # providerCategory: "Platform"
@@ -400,7 +400,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
     name: "opendesk-synapse-web"
-    version: "3.3.2"
+    version: "3.4.0"
     verify: true
   xwiki:
     # providerCategory: "Supplier"
diff --git a/helmfile/environments/default/functional.yaml b/helmfile/environments/default/functional.yaml
index 149fde15..70aa0341 100644
--- a/helmfile/environments/default/functional.yaml
+++ b/helmfile/environments/default/functional.yaml
@@ -59,4 +59,17 @@ functional:
       # Ref.: https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html#presence
       enabled: false
 
+  chat:
+    matrix:
+      profile:
+        # Once connected with a user that user's MatrixID is rarely checked by their communication partners, as the
+        # display name is used to see whom they are communicating with. Not allowing users to change their
+        # own display name reduces the risk of identity fraud.
+        # To get the display name updated from the central identity and access management you have to have the Synapse
+        # enterprise feature "groupsync" configured.
+        allowUsersToUpdateDisplayname: true
+
+        # If the LDAP entryUUID should be used for the localpart of user's MatrixIDs following setting must be `true`.
+        useImmutableIdentifierForLocalpart: false
+
 ...