diff --git a/app/controllers/admin/fasp/providers_controller.rb b/app/controllers/admin/fasp/providers_controller.rb
index ac5226d4380..29c23fdcebf 100644
--- a/app/controllers/admin/fasp/providers_controller.rb
+++ b/app/controllers/admin/fasp/providers_controller.rb
@@ -38,7 +38,7 @@ class Admin::Fasp::ProvidersController < Admin::BaseController
   private
 
   def provider_params
-    params.require(:provider).permit(enabled_capabilities: {})
+    params.expect(provider: [enabled_capabilities: {}])
   end
 
   def set_provider
diff --git a/app/controllers/api/fasp/registrations_controller.rb b/app/controllers/api/fasp/registrations_controller.rb
index 40e711bd0ca..fecc992fec5 100644
--- a/app/controllers/api/fasp/registrations_controller.rb
+++ b/app/controllers/api/fasp/registrations_controller.rb
@@ -20,7 +20,7 @@ class Api::Fasp::RegistrationsController < Api::Fasp::BaseController
     {
       faspId: current_provider.id.to_s,
       publicKey: current_provider.server_public_key_base64,
-      registrationCompletionUri: admin_fasp_provider_url(current_provider),
+      registrationCompletionUri: new_admin_fasp_provider_registration_url(current_provider),
     }
   end
 end
diff --git a/app/lib/fasp/request.rb b/app/lib/fasp/request.rb
index 25ea958329f..edb4d279d6c 100644
--- a/app/lib/fasp/request.rb
+++ b/app/lib/fasp/request.rb
@@ -21,6 +21,14 @@ class Fasp::Request
     response.parse if response.body.present?
   end
 
+  def delete(path, body: nil)
+    url = @provider.url(path)
+    body = body.to_json
+    response = HTTP.headers(headers('DELETE', url, body)).delete(url, body:)
+
+    response.parse if response.body.present?
+  end
+
   private
 
   def headers(verb, url, body = '')
diff --git a/app/models/fasp/provider.rb b/app/models/fasp/provider.rb
index 5a2057e9298..d0529059939 100644
--- a/app/models/fasp/provider.rb
+++ b/app/models/fasp/provider.rb
@@ -27,20 +27,27 @@ class Fasp::Provider < ApplicationRecord
   has_many :fasp_subscriptions, inverse_of: :fasp_provider, class_name: 'Fasp::Subscription', dependent: :delete_all
 
   before_create :create_keypair
+  after_commit :update_remote_capabilities
 
   def enabled_capabilities=(hash)
     capabilities.each do |capability|
       capability['enabled'] = hash[capability['id']] == '1'
     end
-    save!
   end
 
-  def capability?(capability_name, only_enabled: true)
+  def capability?(capability_name)
     return false unless confirmed?
 
     capabilities.present? && capabilities.any? do |capability|
-      capability['id'] == capability_name &&
-        (only_enabled ? capability['enabled'] : true)
+      capability['id'] == capability_name
+    end
+  end
+
+  def capability_enabled?(capability_name)
+    return false unless confirmed?
+
+    capabilities.present? && capabilities.any? do |capability|
+      capability['id'] == capability_name && capability['enabled']
     end
   end
 
@@ -97,4 +104,24 @@ class Fasp::Provider < ApplicationRecord
     self.server_private_key_pem =
       OpenSSL::PKey.generate_key('ed25519').private_to_pem
   end
+
+  def update_remote_capabilities
+    return unless saved_change_to_attribute?(:capabilities)
+
+    old, current = saved_change_to_attribute(:capabilities)
+    old ||= []
+    current.each do |capability|
+      update_remote_capability(capability) if capability.key?('enabled') && !old.include?(capability)
+    end
+  end
+
+  def update_remote_capability(capability)
+    version, = capability['version'].split('.')
+    path = "/capabilities/#{capability['id']}/#{version}/activation"
+    if capability['enabled']
+      Fasp::Request.new(self).post(path)
+    else
+      Fasp::Request.new(self).delete(path)
+    end
+  end
 end
diff --git a/app/views/admin/fasp/providers/_provider.html.haml b/app/views/admin/fasp/providers/_provider.html.haml
index e3527b4783e..d4b66389301 100644
--- a/app/views/admin/fasp/providers/_provider.html.haml
+++ b/app/views/admin/fasp/providers/_provider.html.haml
@@ -7,11 +7,13 @@
     - else
       = t('admin.fasp.providers.registration_requested')
   %td
-    - unless provider.confirmed?
+    - if provider.confirmed?
+      = table_link_to 'edit', t('admin.fasp.providers.edit'), edit_admin_fasp_provider_path(provider)
+    - else
       = table_link_to 'check', t('admin.fasp.providers.finish_registration'), new_admin_fasp_provider_registration_path(provider)
     - if provider.sign_in_url.present?
       = table_link_to 'open_in_new', t('admin.fasp.providers.sign_in'), provider.sign_in_url, target: '_blank'
-    - if provider.capability?('callback')
+    - if provider.capability_enabled?('callback')
       = table_link_to 'repeat', t('admin.fasp.providers.callback'), admin_fasp_provider_debug_calls_path(provider), data: { method: :post }
 
     = table_link_to 'close', t('admin.providers.delete'), admin_fasp_provider_path(provider), method: :delete, data: { confirm: t('admin.accounts.are_you_sure') }
diff --git a/app/views/admin/fasp/providers/edit.html.haml b/app/views/admin/fasp/providers/edit.html.haml
index ed9496b11cf..9d94357ff67 100644
--- a/app/views/admin/fasp/providers/edit.html.haml
+++ b/app/views/admin/fasp/providers/edit.html.haml
@@ -7,6 +7,7 @@
   %h4= t('admin.fasp.providers.select_capabilities')
 
   - f.object.capabilities.each do |capability|
+    - enabled = @provider.capability_enabled?(capability['id'])
     .fields-group
       .input.with_label.boolean.optional.field_with_hint
         .label_input
@@ -15,7 +16,7 @@
         .label_input__wrapper
           = hidden_field_tag "provider[enabled_capabilities][#{capability['id']}]", '0', id: false
           %label.checkbox
-            = check_box_tag "provider[enabled_capabilities][#{capability['id']}]", class: 'optional boolean'
+            = check_box_tag "provider[enabled_capabilities][#{capability['id']}]", checked: enabled, class: 'optional boolean'
 
   .actions
     = f.button :button, t('admin.fasp.providers.save'), type: :submit