diff --git a/hobo/agent/authentic2/provisionning.py b/hobo/agent/authentic2/provisionning.py
index 502d284..16b2421 100644
--- a/hobo/agent/authentic2/provisionning.py
+++ b/hobo/agent/authentic2/provisionning.py
@@ -213,7 +213,12 @@ class Provisionning(threading.local):
             })
 
     def notify_roles(self, ous, roles, mode='provision', full=False):
-        roles = set([role for role in roles if not role.slug.startswith('_')])
+        allowed_technical_roles_prefixes = getattr(settings, 'HOBO_PROVISION_ROLE_PREFIXES', []) or []
+
+        def is_forbidden_technical_role(role):
+            return role.slug.startswith('_') and not role.slug.startswith(tuple(allowed_technical_roles_prefixes))
+
+        roles = set([role for role in roles if not is_forbidden_technical_role(role)])
         if mode == 'provision':
             self.complete_roles(roles)