diff --git a/src/views/apps.html b/src/views/apps.html
index b0c872051..69f8fc175 100644
--- a/src/views/apps.html
+++ b/src/views/apps.html
@@ -47,39 +47,31 @@
                                     </ng-form>
                                 </div>
 
-                                <div class="form-group" ng-show="appConfigure.customAuth && !appConfigure.app.manifest.addons.email">
-                                    <label class="control-label">User management</label>
-                                    <p>
+                                <div class="form-group">
+                                    <label ng-show="appConfigure.ssoAuth" class="control-label">User management</label>
+                                    <label ng-show="!appConfigure.ssoAuth" class="control-label">Dashboard visibility</label>
+                                    <p ng-show="!appConfigure.ssoAuth && !appConfigure.app.manifest.addons.email" class="text-small">
                                         This app has it's own user management.
                                     </p>
-                                </div>
-
-                                <div class="form-group" ng-show="!appConfigure.customAuth && appConfigure.app.sso === false">
-                                    <label class="control-label">User management</label>
-                                    <p>
-                                        This app is configured to use it's own user management.
+                                    <p ng-show="!appConfigure.ssoAuth && appConfigure.app.manifest.addons.email">
+                                        This app is pre-configured for use with <a href="https://cloudron.io/documentation/email/" target="_blank">Cloudron Email</a>.
                                     </p>
-                                </div>
 
-                                <div class="form-group" ng-show="appConfigure.app.manifest.addons.email">
-                                    <label class="control-label">User management</label>
-                                    <p>
-                                        All users with a mailbox on this Cloudron have access.
-                                    </p>
-                                </div>
-
-                                <div class="form-group" ng-hide="appConfigure.customAuth || appConfigure.app.manifest.addons.email || appConfigure.app.sso === false">
-                                    <label class="control-label">User management</label>
                                     <div class="radio">
                                         <label>
                                             <input type="radio" ng-model="appConfigure.accessRestrictionOption" value="any">
-                                            Allow all users from this Cloudron
+                                            <span ng-show="appConfigure.ssoAuth">Allow all users on this Cloudron</span>
+                                            <span ng-show="!appConfigure.ssoAuth">Visible to all users on this Cloudron</span>
                                         </label>
                                     </div>
                                     <div class="radio">
                                         <label>
                                             <input type="radio" ng-model="appConfigure.accessRestrictionOption" value="groups">
-                                            Only allow the following users and groups <span class="label label-danger" ng-show="appConfigure.accessRestrictionOption === 'groups' && !appConfigure.isAccessRestrictionValid()">Select at least one user or group</span>
+
+                                            <span ng-show="appConfigure.ssoAuth">Only allow the following users and groups</span>
+                                            <span ng-show="!appConfigure.ssoAuth">Only visible to the following users and groups</span>
+
+                                            <span class="label label-danger" ng-show="appConfigure.accessRestrictionOption === 'groups' && !appConfigure.isAccessRestrictionValid()">Select at least one user or group</span>
                                         </label>
                                     </div>
                                     <div>
@@ -100,9 +92,6 @@
                                     <br/>
                                 </div>
 
-                                <p ng-show="appConfigure.app.manifest.addons.email" class="text-info">
-                                    This app is pre-configured for use with <a href="https://cloudron.io/documentation/email/" target="_blank">Cloudron Email</a>.
-                                </p>
                             </uib-tab>
 
                             <uib-tab index="1" heading="Advanced">
diff --git a/src/views/apps.js b/src/views/apps.js
index f7623b49d..6930f460a 100644
--- a/src/views/apps.js
+++ b/src/views/apps.js
@@ -34,7 +34,7 @@ angular.module('Application').controller('AppsController', ['$scope', '$location
         accessRestrictionOption: 'any',
         accessRestriction: { users: [], groups: [] },
         xFrameOptions: '',
-        customAuth: false,
+        ssoAuth: false,
 
         isAccessRestrictionValid: function () {
             var tmp = $scope.appConfigure.accessRestriction;
@@ -52,11 +52,12 @@ angular.module('Application').controller('AppsController', ['$scope', '$location
             $scope. Option = app.accessRestriction ? 'groups' : 'any';
             $scope.appConfigure.memoryLimit = app.memoryLimit || app.manifest.memoryLimit || (256 * 1024 * 1024);
             $scope.appConfigure.xFrameOptions = app.xFrameOptions.indexOf('ALLOW-FROM') === 0 ? app.xFrameOptions.split(' ')[1] : '';
-            $scope.appConfigure.customAuth = !(app.manifest.addons['ldap'] || app.manifest.addons['oauth']);
             $scope.appConfigure.robotsTxt = app.robotsTxt;
             $scope.appConfigure.enableBackup = app.enableBackup;
             $scope.appConfigure.mailboxName = app.mailboxName || '';
 
+            $scope.appConfigure.ssoAuth = (app.manifest.addons['ldap'] || app.manifest.addons['oauth']) && app.sso;
+
             // create ticks starting from manifest memory limit. the memory limit here is currently split into ram+swap (and thus *2 below)
             // TODO: the *2 will overallocate since 4GB is max swap that cloudron itself allocates
             $scope.appConfigure.memoryTicks = [ ];
@@ -292,7 +293,7 @@ angular.module('Application').controller('AppsController', ['$scope', '$location
         $scope.appConfigure.accessRestrictionOption = 'any';
         $scope.appConfigure.accessRestriction = { users: [], groups: [] };
         $scope.appConfigure.xFrameOptions = '';
-        $scope.appConfigure.customAuth = false;
+        $scope.appConfigure.ssoAuth = false;
         $scope.appConfigure.robotsTxt = '';
         $scope.appConfigure.enableBackup = true;