diff --git a/vcluster/chart/templates/vcluster.yaml b/vcluster/chart/templates/vcluster.yaml
index 54e71848..e1a6daa8 100644
--- a/vcluster/chart/templates/vcluster.yaml
+++ b/vcluster/chart/templates/vcluster.yaml
@@ -31,7 +31,11 @@ spec:
             - name: K3S_DATASTORE_ENDPOINT
               value: "postgres://k3s:$(PG_PASSWORD)@{{ $fullname }}-db-rw:5432/k3s"
         {{ end }}
-
+            extraArgs:
+              - "--kube-apiserver-arg=oidc-client-id=9b6daef0-02fa-4574-8949-f7c1b5fccd15"
+              - "--kube-apiserver-arg=oidc-issuer-url=https://login.microsoftonline.com/3f737008-e9a0-4485-9d27-40329d288089/v2.0"
+              - "--kube-apiserver-arg=oidc-groups-claim=roles"
+              - "--kube-apiserver-arg=oidc-username-claim=sub"
           ingress:
             enabled: true
             ingressClassName: nginx
@@ -116,6 +120,18 @@ spec:
           init:
             manifests: |-
               ---
+              kind: ClusterRoleBinding
+              apiVersion: rbac.authorization.k8s.io/v1
+              metadata:
+                name: oidc-cluster-admin
+              roleRef:
+                apiGroup: rbac.authorization.k8s.io
+                kind: ClusterRole
+                name: cluster-admin
+              subjects:
+              - kind: Group
+                name: eb17a659-4ce6-41bc-9153-d9b117c44479
+              ---
               apiVersion: v1
               kind: ServiceAccount
               metadata: