diff --git a/helm/cosmo/charts/controlplane/README.md b/helm/cosmo/charts/controlplane/README.md
index 1a320488fd..4092ba75db 100644
--- a/helm/cosmo/charts/controlplane/README.md
+++ b/helm/cosmo/charts/controlplane/README.md
@@ -19,6 +19,7 @@ WunderGraph Cosmo Controlplane
 | commonLabels | object | `{}` | Add labels to all deployed resources |
 | configuration.allowedOrigins[0] | string | `"*"` |  |
 | configuration.authRedirectUri | string | `"http://controlplane.wundergraph.local/v1/auth/callback"` |  |
+| configuration.authSsoCookieDomain | string | `".wundergraph.local"` | The domain for the cookie used to store SSO authentication information |
 | configuration.cdnBaseUrl | string | `"http://cosmo-cdn:8787"` | URL of the CDN to use for serving router configs and persistent operations |
 | configuration.clickhouseDsn | string | `"http://default:changeme@cosmo-clickhouse:8123?database=cosmo"` |  |
 | configuration.clickhouseMigrationDsn | string | `"clickhouse://default:changeme@cosmo-clickhouse:9000?database=cosmo"` |  |
diff --git a/helm/cosmo/charts/controlplane/templates/deployment.yaml b/helm/cosmo/charts/controlplane/templates/deployment.yaml
index a79825c99f..5e14833c44 100644
--- a/helm/cosmo/charts/controlplane/templates/deployment.yaml
+++ b/helm/cosmo/charts/controlplane/templates/deployment.yaml
@@ -104,6 +104,11 @@ spec:
                 secretKeyRef:
                   name: {{ include "controlplane.secretName" . }}
                   key: jwtSessionSecret
+            - name: AUTH_SSO_COOKIE_DOMAIN
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "controlplane.secretName" . }}
+                  key: authSsoCookieDomain
             - name: DB_URL
               valueFrom:
                 secretKeyRef:
diff --git a/helm/cosmo/charts/controlplane/templates/secret.yaml b/helm/cosmo/charts/controlplane/templates/secret.yaml
index 1bba9daf65..6d6962c338 100644
--- a/helm/cosmo/charts/controlplane/templates/secret.yaml
+++ b/helm/cosmo/charts/controlplane/templates/secret.yaml
@@ -21,6 +21,7 @@ stringData:
   clickhouseDsn: "{{ .Values.configuration.clickhouseDsn }}"
   clickhouseMigrationDsn: "{{ .Values.configuration.clickhouseMigrationDsn }}"
   jwtSessionSecret: "{{ .Values.global.controlplane.jwtSecret }}"
+  authSsoCookieDomain: "{{ .Values.configuration.authSsoCookieDomain }}"
   keycloakAdminUser: "{{ .Values.global.keycloak.adminUser }}"
   keycloakAdminPassword: "{{ .Values.global.keycloak.adminPassword }}"
   webhookSecret: "{{ .Values.configuration.webhookSecret }}"
diff --git a/helm/cosmo/charts/controlplane/values.yaml b/helm/cosmo/charts/controlplane/values.yaml
index 2fd18684dd..82d16740b4 100644
--- a/helm/cosmo/charts/controlplane/values.yaml
+++ b/helm/cosmo/charts/controlplane/values.yaml
@@ -201,6 +201,8 @@ configuration:
   openAiApiKey: ''
   # -- URL of the CDN to use for serving router configs and persistent operations
   cdnBaseUrl: 'http://cosmo-cdn:8787'
+  # -- The domain for the cookie used to store SSO authentication information
+  authSsoCookieDomain: '.wundergraph.local'
 
   # -- Use this section to configure the smtp server.
   smtp: