diff --git a/defaults/main.yaml b/defaults/main.yaml
index 09af6c7..683247d 100644
--- a/defaults/main.yaml
+++ b/defaults/main.yaml
@@ -8,12 +8,12 @@ workflows:
 #   - invitation-accepted
 #   - user-group_deleted
 #   - user-group-role_deleted
-   - delete-user-account
+#   - delete-user-account
 #   - role_deleted
 #   - role_created
 #   - add_role_policy_permission 
 #   - add_all_member_roles
-#   - create_system_service
+   - create_system_service
 #   - delete_system_service
 #   - add_all_system_services_to_vre
 keycloak_host: "https://accounts.dev.d4science.org/auth"
diff --git a/templates/create_system_service.json.j2 b/templates/create_system_service.json.j2
index 4d20484..302e17d 100644
--- a/templates/create_system_service.json.j2
+++ b/templates/create_system_service.json.j2
@@ -17,7 +17,7 @@
 				  "id" : "${workflow.input.client_id}",
 				  "secret" : "${workflow.input.client_secret}",
 				  "description" : "${workflow.input.description}",
-				  "scriptExpression": "return { client : { clientId : $.id, description : ($.description ? $.description : $.id), secret : ($.secret ? $.secret : Java.type('java.util.UUID').randomUUID().toString()), rootUrl : '', enabled : true, serviceAccountsEnabled : true, standardFlowEnabled : true, authorizationServicesEnabled : false, publicClient : false, fullScopeAllowed : true, protocol : 'openid-connect'} }"
+				  "scriptExpression": "function e(v){ return (v.trim && (v.trim() === '')) && v == null}; if(e($.id)) throw('Client ID must not be empty'); return { client : { clientId : $.id, description : ($.description ? $.description : $.id), secret : ($.secret ? $.secret : Java.type('java.util.UUID').randomUUID().toString()), rootUrl : '', enabled : true, serviceAccountsEnabled : true, standardFlowEnabled : true, authorizationServicesEnabled : false, publicClient : false, fullScopeAllowed : true, protocol : 'openid-connect'} }"
 			}
 		},
 		{