diff --git a/longhorn/templates/authentik-service.yaml b/longhorn/templates/authentik-service.yaml
new file mode 100644
index 0000000..47b728e
--- /dev/null
+++ b/longhorn/templates/authentik-service.yaml
@@ -0,0 +1,7 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: ak-outpost-authentik-embedded-outpost
+spec:
+  type: ExternalName
+  externalName: ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local        
\ No newline at end of file
diff --git a/longhorn/values.yaml b/longhorn/values.yaml
index 5d71595..54b1330 100644
--- a/longhorn/values.yaml
+++ b/longhorn/values.yaml
@@ -214,7 +214,15 @@ longhorn:
     ## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set
     annotations:
       cert-manager.io/cluster-issuer: letsencrypt-production
-  
+      nginx.ingress.kubernetes.io/auth-url: |-
+        http://ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx
+      nginx.ingress.kubernetes.io/auth-signin: |-
+          https://longhorn.durp.info/outpost.goauthentik.io/start?rd=$escaped_request_uri
+      nginx.ingress.kubernetes.io/auth-response-headers: |-
+          Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid
+      nginx.ingress.kubernetes.io/auth-snippet: |
+          proxy_set_header X-Forwarded-Host $http_host;
+
     secrets:
     ## If you're providing your own certificates, please use this to add the certificates as secrets
     ## key and certificate should start with -----BEGIN CERTIFICATE----- or