diff --git a/pallets/did/src/origin.rs b/pallets/did/src/origin.rs
index 92919482fc..e5ac0ba53a 100644
--- a/pallets/did/src/origin.rs
+++ b/pallets/did/src/origin.rs
@@ -18,7 +18,7 @@
 
 use frame_support::{
 	codec::{Decode, Encode},
-	traits::EnsureOrigin,
+	traits::{EnsureOrigin, EnsureOriginWithArg},
 };
 use kilt_support::traits::CallSources;
 use parity_scale_codec::MaxEncodedLen;
@@ -66,6 +66,38 @@ where
 	}
 }
 
+impl<OuterOrigin, DidIdentifier, AccountId> EnsureOriginWithArg<OuterOrigin, DidIdentifier>
+	for EnsureDidOrigin<DidIdentifier, AccountId>
+where
+	OuterOrigin: Into<Result<DidRawOrigin<DidIdentifier, AccountId>, OuterOrigin>>
+		+ From<DidRawOrigin<DidIdentifier, AccountId>>
+		+ Clone,
+	DidIdentifier: PartialEq<DidIdentifier> + Clone,
+	AccountId: Clone + Decode,
+{
+	type Success = DidRawOrigin<DidIdentifier, AccountId>;
+
+	fn try_origin(o: OuterOrigin, a: &DidIdentifier) -> Result<Self::Success, OuterOrigin> {
+		let did_origin: DidRawOrigin<DidIdentifier, AccountId> = o.clone().into()?;
+		if did_origin.id == *a {
+			Ok(did_origin)
+		} else {
+			Err(o)
+		}
+	}
+
+	#[cfg(feature = "runtime-benchmarks")]
+	fn try_successful_origin(a: &DidIdentifier) -> Result<OuterOrigin, ()> {
+		let zero_account_id = AccountId::decode(&mut sp_runtime::traits::TrailingZeroInput::zeroes())
+			.expect("infinite length input; no invalid inputs for type; qed");
+
+		Ok(OuterOrigin::from(DidRawOrigin {
+			id: a.clone(),
+			submitter: zero_account_id,
+		}))
+	}
+}
+
 impl<DidIdentifier: Clone, AccountId: Clone> CallSources<AccountId, DidIdentifier>
 	for DidRawOrigin<DidIdentifier, AccountId>
 {
diff --git a/pallets/pallet-dip-consumer/src/lib.rs b/pallets/pallet-dip-consumer/src/lib.rs
index e3a0a2133b..0c90942b23 100644
--- a/pallets/pallet-dip-consumer/src/lib.rs
+++ b/pallets/pallet-dip-consumer/src/lib.rs
@@ -31,7 +31,12 @@ pub use crate::{origin::*, pallet::*, traits::SuccessfulProofVerifier};
 pub mod pallet {
 	use super::*;
 
-	use frame_support::{dispatch::Dispatchable, pallet_prelude::*, traits::Contains, Twox64Concat};
+	use frame_support::{
+		dispatch::Dispatchable,
+		pallet_prelude::*,
+		traits::{Contains, EnsureOriginWithArg},
+		Twox64Concat,
+	};
 	use frame_system::pallet_prelude::*;
 	use parity_scale_codec::{FullCodec, MaxEncodedLen};
 	use scale_info::TypeInfo;
@@ -56,7 +61,11 @@ pub mod pallet {
 		/// computations.
 		type DipCallOriginFilter: Contains<RuntimeCallOf<Self>>;
 		/// The origin check for the `dispatch_as` call.
-		type DispatchOriginCheck: EnsureOrigin<<Self as frame_system::Config>::RuntimeOrigin, Success = Self::AccountId>;
+		type DispatchOriginCheck: EnsureOriginWithArg<
+			<Self as frame_system::Config>::RuntimeOrigin,
+			Self::Identifier,
+			Success = Self::AccountId,
+		>;
 		/// The identifier of a subject, e.g., a DID.
 		type Identifier: Parameter + MaxEncodedLen;
 		/// The details stored in this pallet associated with any given subject.
@@ -98,7 +107,7 @@ pub mod pallet {
 			proof: IdentityProofOf<T>,
 			call: Box<RuntimeCallOf<T>>,
 		) -> DispatchResult {
-			let submitter = T::DispatchOriginCheck::ensure_origin(origin)?;
+			let submitter = T::DispatchOriginCheck::ensure_origin(origin, &identifier)?;
 			ensure!(T::DipCallOriginFilter::contains(&*call), Error::<T>::Filtered);
 			let mut identity_entry = IdentityEntries::<T>::get(&identifier);
 			let proof_verification_result = T::ProofVerifier::verify_proof_for_call_against_details(
diff --git a/pallets/pallet-dip-provider/src/lib.rs b/pallets/pallet-dip-provider/src/lib.rs
index 45ac1d34da..b9819b51bd 100644
--- a/pallets/pallet-dip-provider/src/lib.rs
+++ b/pallets/pallet-dip-provider/src/lib.rs
@@ -31,7 +31,7 @@ pub use crate::{
 pub mod pallet {
 	use super::*;
 
-	use frame_support::{pallet_prelude::*, traits::EnsureOrigin};
+	use frame_support::{pallet_prelude::*, traits::EnsureOriginWithArg};
 	use frame_system::pallet_prelude::*;
 
 	use crate::traits::{IdentityCommitmentGenerator, IdentityProvider, ProviderHooks, SubmitterInfo};
@@ -47,7 +47,7 @@ pub mod pallet {
 
 	#[pallet::config]
 	pub trait Config: frame_system::Config {
-		type CommitOriginCheck: EnsureOrigin<Self::RuntimeOrigin, Success = Self::CommitOrigin>;
+		type CommitOriginCheck: EnsureOriginWithArg<Self::RuntimeOrigin, Self::Identifier, Success = Self::CommitOrigin>;
 		type CommitOrigin: SubmitterInfo<Submitter = Self::AccountId>;
 		type Identifier: Parameter + MaxEncodedLen;
 		type IdentityCommitmentGenerator: IdentityCommitmentGenerator<Self>;
@@ -103,8 +103,8 @@ pub mod pallet {
 			identifier: T::Identifier,
 			version: Option<IdentityCommitmentVersion>,
 		) -> DispatchResult {
-			let dispatcher =
-				T::CommitOriginCheck::ensure_origin(origin).map(|e: <T as Config>::CommitOrigin| e.submitter())?;
+			let dispatcher = T::CommitOriginCheck::ensure_origin(origin, &identifier)
+				.map(|e: <T as Config>::CommitOrigin| e.submitter())?;
 
 			let commitment_version = version.unwrap_or(LATEST_COMMITMENT_VERSION);
 			let identity = T::IdentityProvider::retrieve(&identifier)
@@ -148,8 +148,8 @@ pub mod pallet {
 			identifier: T::Identifier,
 			version: Option<IdentityCommitmentVersion>,
 		) -> DispatchResult {
-			let dispatcher =
-				T::CommitOriginCheck::ensure_origin(origin).map(|e: <T as Config>::CommitOrigin| e.submitter())?;
+			let dispatcher = T::CommitOriginCheck::ensure_origin(origin, &identifier)
+				.map(|e: <T as Config>::CommitOrigin| e.submitter())?;
 
 			let commitment_version = version.unwrap_or(LATEST_COMMITMENT_VERSION);
 			let commitment = Self::delete_identity_commitment_storage_entry(&identifier, commitment_version)?;