diff --git a/defaults/main.yaml b/defaults/main.yaml
index 683247d..d7bc661 100644
--- a/defaults/main.yaml
+++ b/defaults/main.yaml
@@ -14,7 +14,7 @@ workflows:
 #   - add_role_policy_permission 
 #   - add_all_member_roles
    - create_system_service
-#   - delete_system_service
+   - delete_system_service
 #   - add_all_system_services_to_vre
 keycloak_host: "https://accounts.dev.d4science.org/auth"
 keycloak: "{{ keycloak_host }}/realms"
diff --git a/templates/create_system_service.json.j2 b/templates/create_system_service.json.j2
index 302e17d..a3560ad 100644
--- a/templates/create_system_service.json.j2
+++ b/templates/create_system_service.json.j2
@@ -17,7 +17,7 @@
 				  "id" : "${workflow.input.client_id}",
 				  "secret" : "${workflow.input.client_secret}",
 				  "description" : "${workflow.input.description}",
-				  "scriptExpression": "function e(v){ return (v.trim && (v.trim() === '')) && v == null}; if(e($.id)) throw('Client ID must not be empty'); return { client : { clientId : $.id, description : ($.description ? $.description : $.id), secret : ($.secret ? $.secret : Java.type('java.util.UUID').randomUUID().toString()), rootUrl : '', enabled : true, serviceAccountsEnabled : true, standardFlowEnabled : true, authorizationServicesEnabled : false, publicClient : false, fullScopeAllowed : true, protocol : 'openid-connect'} }"
+				  "scriptExpression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; if(e($.id)) throw('Client ID must not be empty'); return { client : { clientId : $.id, description : ($.description ? $.description : $.id), secret : ($.secret ? $.secret : Java.type('java.util.UUID').randomUUID().toString()), rootUrl : '', enabled : true, serviceAccountsEnabled : true, standardFlowEnabled : true, authorizationServicesEnabled : false, publicClient : false, fullScopeAllowed : true, protocol : 'openid-connect'} }"
 			}
 		},
 		{
diff --git a/templates/delete_system_service.json.j2 b/templates/delete_system_service.json.j2
index 10867d6..7e2e1b9 100644
--- a/templates/delete_system_service.json.j2
+++ b/templates/delete_system_service.json.j2
@@ -14,7 +14,8 @@
 			"inputParameters": {
 				  "keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
 				  "keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
-				  "scriptExpression" : "1 == 1"
+				  "id" : "${workflow.input.client_id}",
+				  "scriptExpression" : "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; if(e($.id)) throw('Client ID must not be empty');"
 			}
 		},
 		{
@@ -48,6 +49,15 @@
 				}
 			}
 		},
+		{
+			"name": "LAMBDA_TASK",
+			"taskReferenceName": "check",
+			"type": "LAMBDA",
+			"inputParameters": {
+				  "list" : "${lookup_client.output.body}",
+				  "scriptExpression" : "if($.list.length === 0 || $.list.length > 1) throw('No client found with client_id or ambiguous query returned multiple clients.')"
+			}
+		},
 		{
 			"name" : "pyrest",
 			"taskReferenceName" : "delete_client",