diff --git a/oauth2-proxy/templates/deployment.yaml b/oauth2-proxy/templates/deployment.yaml
index 64dce2b466b4d0f5b7f7872185d71e402fd2b2b5..e23101a4dfe38792ceb37abcc2c838591dcb195c 100644
--- a/oauth2-proxy/templates/deployment.yaml
+++ b/oauth2-proxy/templates/deployment.yaml
@@ -47,9 +47,10 @@ spec:
                   key: cookie-secret
                   name: {{ include "oauth2-proxy-helm.fullname" . }}
           args:
-            {{ range .Values.roles }}
+            {{ range .Values.auth.roles }}
             - "--allowed-role={{ . }}"
             {{ end }}
+            - "--email-domain={{ .Values.auth.emailDomain }}"
             - "--redirect-url=https://{{ .Values.ingress.host }}{{ .Values.ingress.path }}oauth2/callback"
             - "--oidc-issuer-url={{ .Values.oidc.discoveryUrl }}"
             - "--upstream=file:///dev/null"
diff --git a/oauth2-proxy/values.yaml b/oauth2-proxy/values.yaml
index 275d82c3a7b81593f8934cadd99c68ad819acdce..aac0537be4867e83a38e5a26aa1f648006ec5f54 100644
--- a/oauth2-proxy/values.yaml
+++ b/oauth2-proxy/values.yaml
@@ -14,6 +14,10 @@ oidc:
   clientId: ""
   clientSecret: ""
 
+auth:
+  emailDomain: "*"
+  roles: [ ]
+
 cookieSecret: ""
 
 service:
@@ -22,7 +26,7 @@ service:
 ingress:
   host: "example.com"
   path: "/"
-  annotations: {}
+  annotations: { }
 
 podAnnotations: { }