diff --git a/type/__jitsi_meet/gencode-remote b/type/__jitsi_meet/gencode-remote
index 7a400b8..ae91f53 100755
--- a/type/__jitsi_meet/gencode-remote
+++ b/type/__jitsi_meet/gencode-remote
@@ -3,3 +3,10 @@
 if grep -qE "^__file/etc/nginx" "${__messages_in}"; then
 	echo "service nginx reload"
 fi
+
+JITSI_HOST="${__object_id}"
+if grep -qE "^(__line/jitsi_jicofo_secured_domains|__file/etc/prosody/conf.d/${JITSI_HOST}.zauth.cfg.lua)" "${__messages_in}"; then
+  echo "systemctl restart prosody"
+  echo "systemctl restart jicofo"
+  echo "systemctl restart jitsi-videobridge2"
+fi
diff --git a/type/__jitsi_meet/manifest b/type/__jitsi_meet/manifest
index aa2bdf9..50e61c3 100755
--- a/type/__jitsi_meet/manifest
+++ b/type/__jitsi_meet/manifest
@@ -141,6 +141,32 @@ server {
 }
 EOF
 
+if [ -f "${__object}/parameter/secured-domains" ]; then
+  SECURED_DOMAINS_STATE='present'
+  SECURED_DOMAINS_STATE_JICOFO='replace'
+else
+  SECURED_DOMAINS_STATE='absent'
+  SECURED_DOMAINS_STATE_JICOFO='absent'
+fi
+
+__file "/etc/prosody/conf.d/${JITSI_HOST}.zauth.cfg.lua" \
+  --owner prosody --group prosody --mode 0440 \
+  --state ${SECURED_DOMAINS_STATE} \
+  --source - <<EOF
+VirtualHost "${JITSI_HOST}"
+    authentication = "internal_plain"
+
+VirtualHost "guest.${JITSI_HOST}"
+    authentication = "anonymous"
+    c2s_require_encryption = false
+EOF
+
+__line jitsi_jicofo_secured_domains \
+  --file /etc/jitsi/jicofo/sip-communicator.properties \
+  --line "org.jitsi.jicofo.auth.URL=XMPP:${JITSI_HOST}" \
+  --regex "org.jitsi.jicofo.auth.URL=" \
+  --state ${SECURED_DOMAINS_STATE_JICOFO}
+
 # These two should be changed on new release
 PROMETHEUS_JITSI_EXPORTER_SHOULD_VERSION="1.1.5"
 PROMETHEUS_JITSI_EXPORTER_CHECKSUM="sha256:3ddf43a48d9a2f62be1bc6db9e7ba75d61994f9423e5c5b28be019f41f06f745"
diff --git a/type/__jitsi_meet/parameter/boolean b/type/__jitsi_meet/parameter/boolean
index 2e0af7a..26d95b7 100644
--- a/type/__jitsi_meet/parameter/boolean
+++ b/type/__jitsi_meet/parameter/boolean
@@ -1 +1,2 @@
 disable-prometheus-exporter
+secured-domains
diff --git a/type/__jitsi_meet_domain/boolean b/type/__jitsi_meet_domain/boolean
new file mode 100644
index 0000000..9c2e510
--- /dev/null
+++ b/type/__jitsi_meet_domain/boolean
@@ -0,0 +1 @@
+secured-domains
diff --git a/type/__jitsi_meet_domain/files/config.js.sh b/type/__jitsi_meet_domain/files/config.js.sh
index 248e90b..0fecded 100644
--- a/type/__jitsi_meet_domain/files/config.js.sh
+++ b/type/__jitsi_meet_domain/files/config.js.sh
@@ -13,7 +13,14 @@ var config = {
         domain: '${JITSI_HOST}',
 
         // When using authentication, domain for guest users.
+$( if [ -n "${SECURED_DOMAINS}" ]; then cat<<EOF2
+        anonymousdomain: 'guest.${JITSI_HOST}',
+EOF2
+else cat <<EOF2
         // anonymousdomain: 'guest.example.com',
+EOF2
+fi
+)
 
         // Domain for authenticated users. Defaults to <domain>.
         // authdomain: '${JITSI_HOST}',
diff --git a/type/__jitsi_meet_domain/manifest b/type/__jitsi_meet_domain/manifest
index b57b853..a7d5fec 100755
--- a/type/__jitsi_meet_domain/manifest
+++ b/type/__jitsi_meet_domain/manifest
@@ -32,6 +32,9 @@ fi
 if [ -f "${__object}/parameter/disable-audio-levels" ]; then
 	DISABLE_AUDIO_LEVELS="YES"
 fi
+if [ -f "${__object}/parameter/secured-domains" ]; then
+	SECURED_DOMAINS="YES"
+fi
 
 if [ -z "${TURN_SERVER}" ]; then
 	TURN_SERVER="${__target_host}"
diff --git a/type/__jitsi_meet_domain/parameter/boolean b/type/__jitsi_meet_domain/parameter/boolean
index a820841..fb485d1 100644
--- a/type/__jitsi_meet_domain/parameter/boolean
+++ b/type/__jitsi_meet_domain/parameter/boolean
@@ -1,2 +1,3 @@
 disable-audio-levels
 enable-third-party-requests
+secured-domains
diff --git a/type/__jitsi_meet_user/man.rst b/type/__jitsi_meet_user/man.rst
new file mode 100644
index 0000000..173aa8a
--- /dev/null
+++ b/type/__jitsi_meet_user/man.rst
@@ -0,0 +1,54 @@
+cdist-type__jitsi_meet_user(7)
+=================================
+
+NAME
+----
+cdist-type__jitsi_meet_user - Setup users when using jitsi_meet instance with secure domain configuration
+
+DESCRIPTION
+-----------
+This type just places a file with a user and a password (plaintext) that will be used in a jitsi-meet instance with `secure domain configuration https://jitsi.github.io/handbook/docs/devops-guide/secure-domain`. There is a different from the official approach: to have an `internal_plain` authentication method to facilitate the auth management. That user will be able to create and join rooms on that instance as a moderator.
+
+You will also need to setup first the `__jitsi_meet_domain` and `__jitsi_meet` types.
+
+This type only works on De{bi,vu}an systems.
+
+REQUIRED PARAMETERS
+-------------------
+object id
+    The user that will be able to authenticate against a Jitsi-Meet instance with secure domain configuration
+
+passwd
+    The user's password in plaintext (beware that it is also stored as plaintext in the server)
+
+OPTIONAL PARAMETERS
+-------------------
+state
+    If user should be (default) present or absent
+
+EXAMPLES
+--------
+
+.. code-block:: sh
+
+    # Setup a Jitsi user for secure domain configuration
+    __jitsi_meet_user "user_1" --password "WeNeedGoodSecurity"
+
+SEE ALSO
+--------
+- `__jitsi_meet`
+- `__jitsi_meet_domain`
+
+
+AUTHORS
+-------
+Pedro <pedrodocs2021@cas.cat>
+Evilham <contact@evilham.com>
+
+COPYING
+-------
+Copyright \(C) 2021 Pedro. You can redistribute it
+and/or modify it under the terms of the GNU General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.
+Copyright \(C) 2021 Evilham
diff --git a/type/__jitsi_meet_user/manifest b/type/__jitsi_meet_user/manifest
new file mode 100755
index 0000000..a4d1935
--- /dev/null
+++ b/type/__jitsi_meet_user/manifest
@@ -0,0 +1,15 @@
+#!/bin/sh -e
+
+PASSWD="$(cat "${__object}/parameter/password")"
+STATE="$(cat "${__object}/parameter/state")"
+
+USER="${__object_id}"
+FQDN="$(echo "${__target_host}" | sed 's/\./%2e/g' | sed 's/-/%2d/g')"
+FILENAME="/var/lib/prosody/${FQDN}/accounts/${USER}.dat"
+
+__file "${FILENAME}" --owner prosody --group prosody --mode 0440 \
+  --state "${STATE}" --source - <<EOF
+return {
+	["password"] = "${PASSWD}";
+};
+EOF
diff --git a/type/__jitsi_meet_user/parameter/default/state b/type/__jitsi_meet_user/parameter/default/state
new file mode 100644
index 0000000..e7f6134
--- /dev/null
+++ b/type/__jitsi_meet_user/parameter/default/state
@@ -0,0 +1 @@
+present
diff --git a/type/__jitsi_meet_user/parameter/optional b/type/__jitsi_meet_user/parameter/optional
new file mode 100644
index 0000000..ff72b5c
--- /dev/null
+++ b/type/__jitsi_meet_user/parameter/optional
@@ -0,0 +1 @@
+state
diff --git a/type/__jitsi_meet_user/parameter/required b/type/__jitsi_meet_user/parameter/required
new file mode 100644
index 0000000..f3097ab
--- /dev/null
+++ b/type/__jitsi_meet_user/parameter/required
@@ -0,0 +1 @@
+password