diff --git a/README.md b/README.md
index 81ceacc918feeb275b6dd2db82a442fc9a40f447..a052a03b444d7fc84bddd7ff31029626d729aadc 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,9 @@
# Install
Installation should be done via the helm using the helmchart contained in `./helmchart`.
-Make sure to edit the values in `./helmchart/values.yaml` according to your needs
+Make sure to edit the values in `./helmchart/single-sign-on/values.yaml` according to your needs
+
+For Details on how to configure the chart. Refer to `./helmchart/single-sign-on/README.md`
# Using SSO
diff --git a/helmchart/single-sign-on/README.md b/helmchart/single-sign-on/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..332926e2692dc27f2587a9509dc10d0768970ba0
--- /dev/null
+++ b/helmchart/single-sign-on/README.md
@@ -0,0 +1,56 @@
+# Single sign-on
+
+Single sign-on adds an Authentication server to your k8s cluster, that can be used by
+application within your cluster and by external applications to log in your users.
+This chart also includes a minimalistic user-panel which can be used
+to create new users, assign roles to users and grant users access to applications.
+
+## Prerequisites
+
+ * Kubernetes 1.13+ with Beta APIs enabled
+ * helm 2.14.3+
+ * ORY helm chart repository installed
+ * `helm repo add ory https://k8s.ory.sh/helm/charts && helm repo update`
+
+## Installing and uninstalling the Chart
+
+To install the chart with the realease name `single-sign-on` first clone the repository,
+and then run helm install.
+
+```
+$ git clone https://open.greenhost.net/openappstack/single-sign-on
+$ cd single-sign-on/helmchart/single-sign-on/
+$ helm install -n single-sign-on .
+```
+
+The last command will deploy the single sign-on components on your server and applies a
+default configuration. You should change the default configuration before running the command.
+The [configuration](#configuration) section lists all configuration parameters.
+
+In case you already ran the install command, you can uninstall the deployment by executing:
+
+```
+$ helm list # [OPTIONAL] - Lists all deployed releases
+$ helm delete single-sign-on --purge
+```
+
+## Configuration
+
+The following table lists the configurable parameters of the single sign-on chart and their
+default values.
+
+| Parameter | Description | Default |
+| ------------------------------------ | --------------------------------------------------- | ------------------------- |
+| `userpanel.ingress.host` | [REQUIRED] FQDN of the userpanel | admin.oas.example.net |
+| `userpanel.oAuth.client_secret` | oAuth2 client secret | YouReallyNeedToChangeThis |
+| `userbackend.username` | Username of the admin user | admin |
+| `userbackend.password` | Password of the admin user | YouReallyNeedToChangeThis |
+| `userbackend.email` | Email address of the admin user | admin@example.net |
+| `userbackend.postgres.password` | Root pw of the psql DB | postgres |
+| `hydra.hydra.config.urls.self.issuer`| **Base URI of the oAuth server** | https://sso.oas.example.net |
+| `hydra.hydra.config.urls.login` | **URI that will be used for the login page** | https://sso.oas.example.net/login |
+| `hydra.hydra.config.urls.consent` | **URI that will be used for permission checks** | https://sso.oas.example.net/consent |
+| `hydra.hydra.config.secrets.system` | Secret that is used to generate secure tokens | YouReallyNeedToChangeThis |
+| `hydra.ingress.host` | **FQDN of the oAuth server** | sso.oas.example.net |
+| `hydra.ingress.public.hosts.host` | **FQDN of the oAuth server** | sso.oas.example.net |
+| `hydra.ingress.tls.hosts.host` | **FQDN of the oAuth server** | sso.oas.example.net |
diff --git a/helmchart/single-sign-on/values.yaml b/helmchart/single-sign-on/values.yaml
index 34b520ae976750fe313cd39bc511d123055d5cfb..0e7d725a5d4b8e9c8bee3dd2c81ae4155c4cb5de 100644
--- a/helmchart/single-sign-on/values.yaml
+++ b/helmchart/single-sign-on/values.yaml
@@ -6,7 +6,7 @@ userpanel:
userbackend:
username: "admin"
- password: "set admin password here"
+ password: "YouReallyNeedToChangeThis"
email: "admin@example.net"
postgres:
password: "postgres"