diff --git a/bootstrap.docker-compose.yml b/bootstrap.docker-compose.yml
index ef51835..dbfa3f8 100644
--- a/bootstrap.docker-compose.yml
+++ b/bootstrap.docker-compose.yml
@@ -37,6 +37,8 @@ services:
         target: /etc/traefik/dynamic/tls.yml
       - source: traefik_hsts
         target: /etc/traefik/dynamic/hsts.yml
+      - source: traefik_authentik
+        target: /etc/traefik/dynamic/authentik.yml
     secrets:
       - traefik_password # TODO: Replace with SSO
       - traefik_tls_cert
@@ -104,6 +106,8 @@ configs:
     file: ${NASCOMPOSE_SERVICES?}/configs/traefik/dynamic/tls.yml
   traefik_hsts:
     file: ${NASCOMPOSE_SERVICES?}/configs/traefik/dynamic/hsts.yml
+  traefik_authentik:
+    file: ${NASCOMPOSE_SERVICES?}/configs/traefik/dynamic/authentik.yml
 
 secrets:
   traefik_password:
diff --git a/docker/configs/traefik/dynamic/authentik.yml b/docker/configs/traefik/dynamic/authentik.yml
new file mode 100644
index 0000000..6ff0621
--- /dev/null
+++ b/docker/configs/traefik/dynamic/authentik.yml
@@ -0,0 +1,18 @@
+http:
+    middlewares:
+        authentik:
+            forwardAuth:
+                address: http://authentik:9000/outpost.goauthentik.io/auth/traefik
+                trustForwardHeader: true
+                authResponseHeaders:
+                    - X-authentik-username
+                    - X-authentik-groups
+                    - X-authentik-email
+                    - X-authentik-name
+                    - X-authentik-uid
+                    - X-authentik-jwt
+                    - X-authentik-meta-jwks
+                    - X-authentik-meta-outpost
+                    - X-authentik-meta-provider
+                    - X-authentik-meta-app
+                    - X-authentik-meta-version