diff --git a/services/backup/src/config.rs b/services/backup/src/config.rs
--- a/services/backup/src/config.rs
+++ b/services/backup/src/config.rs
@@ -18,6 +18,10 @@
   #[arg(env = "BLOB_SERVICE_URL")]
   #[arg(long, default_value = DEFAULT_BLOB_SERVICE_URL)]
   pub blob_service_url: reqwest::Url,
+  /// Identity service endpoint
+  #[arg(env = "IDENTITY_SERVICE_ENDPOINT")]
+  #[arg(long, default_value = "http://localhost:50054")]
+  pub identity_endpoint: String,
 }
 
 /// Stores configuration parsed from command-line arguments
diff --git a/services/backup/src/http/mod.rs b/services/backup/src/http/mod.rs
--- a/services/backup/src/http/mod.rs
+++ b/services/backup/src/http/mod.rs
@@ -1,7 +1,7 @@
 use actix_web::{web, App, HttpResponse, HttpServer};
 use anyhow::Result;
 use comm_lib::{
-  blob::client::BlobServiceClient,
+  auth::AuthService, blob::client::BlobServiceClient,
   http::auth::get_comm_authentication_middleware,
 };
 use tracing::info;
@@ -16,6 +16,7 @@
 pub async fn run_http_server(
   db_client: DatabaseClient,
   blob_client: BlobServiceClient,
+  auth_service: AuthService,
 ) -> Result<()> {
   info!(
     "Starting HTTP server listening at port {}",
@@ -33,6 +34,7 @@
       ))
       .app_data(db.clone())
       .app_data(blob.clone())
+      .app_data(auth_service.to_owned())
       .route("/health", web::get().to(HttpResponse::Ok))
       .service(
         // Backup services that don't require authetication
diff --git a/services/backup/src/main.rs b/services/backup/src/main.rs
--- a/services/backup/src/main.rs
+++ b/services/backup/src/main.rs
@@ -1,5 +1,5 @@
 use anyhow::Result;
-use comm_lib::blob::client::BlobServiceClient;
+use comm_lib::{auth::AuthService, blob::client::BlobServiceClient};
 use tracing::Level;
 use tracing_subscriber::EnvFilter;
 
@@ -31,8 +31,9 @@
   let aws_config = config::load_aws_config().await;
   let db_client = database::DatabaseClient::new(&aws_config);
   let blob_client = BlobServiceClient::new(CONFIG.blob_service_url.clone());
+  let auth_service = AuthService::new(&aws_config, &CONFIG.identity_endpoint);
 
-  http::run_http_server(db_client, blob_client).await?;
+  http::run_http_server(db_client, blob_client, auth_service).await?;
 
   Ok(())
 }