diff --git a/roles/ezproxy/tasks/main.yml b/roles/ezproxy/tasks/main.yml
index 76483de6d..42daf8205 100644
--- a/roles/ezproxy/tasks/main.yml
+++ b/roles/ezproxy/tasks/main.yml
@@ -150,6 +150,14 @@
     owner: root
     group: root
 
+- name: Ezproxy | add shib config user
+  ansible.builtin.template:
+    src: "princeton_allow.txt.j2"
+    dest: /var/local/ezproxy/princeton_allow.txt
+    mode: "0644"
+    owner: root
+    group: root
+
 - name: Ezproxy | copy a systemd service
   ansible.builtin.template:
     src: "ezproxy.service.j2"
diff --git a/roles/ezproxy/templates/config.txt.j2 b/roles/ezproxy/templates/config.txt.j2
index d8de2e38b..94a0df010 100644
--- a/roles/ezproxy/templates/config.txt.j2
+++ b/roles/ezproxy/templates/config.txt.j2
@@ -46,7 +46,7 @@ IncludeFile config/current/admin/non_proxy_stanzas.txt
 ###### Now add the default Group for all other databases #################################
 Group Default
 # Excluded campus IP ranges from proxying
-# IncludeFile princeton_allow.txt (this file does not exist)
+IncludeFile princeton_allow.txt
 
 # Stanzas that must appear at start of config
 IncludeFile config/current/includes/positiondependent.txt
diff --git a/roles/ezproxy/templates/princeton_allow.txt.j2 b/roles/ezproxy/templates/princeton_allow.txt.j2
new file mode 100644
index 000000000..03ad2757c
--- /dev/null
+++ b/roles/ezproxy/templates/princeton_allow.txt.j2
@@ -0,0 +1,10 @@
+# {{ ansible_managed | comment }}
+Group Default
+# Excluded campus IP ranges from proxying
+IncludeIP 0.0.0.0 - 255.255.255.255
+ExcludeIP 128.112.0.0 - 128.112.255.255
+ExcludeIP 140.180.0.0 - 140.180.255.255
+ExcludeIP 198.35.0.0 - 198.35.15.255
+ExcludeIP 198.125.224.0 - 198.125.239.255
+### Permitted for Anywhere Access Support - Autologin is not otherwise used
+AutoLoginIP 35.153.163.236