diff --git a/proxy/pkg/user/backend/cs3.go b/proxy/pkg/user/backend/cs3.go
index 3dcd9c3657..4623c7d5c8 100644
--- a/proxy/pkg/user/backend/cs3.go
+++ b/proxy/pkg/user/backend/cs3.go
@@ -31,14 +31,9 @@ func NewCS3UserBackend(rs settings.RoleService, ap RevaAuthenticator, machineAut
 }
 
 func (c *cs3backend) GetUserByClaims(ctx context.Context, claim, value string, withRoles bool) (*cs3.User, string, error) {
-	// We only support authentication via username for now
-	if claim != "username" {
-		return nil, "", fmt.Errorf("claim: %s not supported", claim)
-	}
-
 	res, err := c.authProvider.Authenticate(ctx, &gateway.AuthenticateRequest{
-		Type:         "bearer",
-		ClientId:     value,
+		Type:         "machine",
+		ClientId:     claim + ":" + value,
 		ClientSecret: c.machineAuthAPIKey,
 	})
 
diff --git a/storage/pkg/command/gateway.go b/storage/pkg/command/gateway.go
index d8a363d759..b1047367fb 100644
--- a/storage/pkg/command/gateway.go
+++ b/storage/pkg/command/gateway.go
@@ -164,6 +164,7 @@ func gatewayConfigFromStruct(c *cli.Context, cfg *config.Config, logger log.Logg
 							"rules": map[string]interface{}{
 								"basic":        cfg.Reva.AuthBasic.Endpoint,
 								"bearer":       cfg.Reva.AuthBearer.Endpoint,
+								"machine":      cfg.Reva.AuthMachine.Endpoint,
 								"publicshares": cfg.Reva.StoragePublicLink.Endpoint,
 							},
 						},