diff --git a/helmchart/single-sign-on/templates/cronjob-create-oauth-clients.yaml b/helmchart/single-sign-on/templates/cronjob-create-oauth-clients.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..932808325be1174ed5e06cfaf63f5dd5fbe05e20
--- /dev/null
+++ b/helmchart/single-sign-on/templates/cronjob-create-oauth-clients.yaml
@@ -0,0 +1,81 @@
+apiVersion: batch/v1beta1
+kind: CronJob
+metadata:
+  name: {{ include "single-sign-on.fullname" . }}-recreate-oauth2-clients
+  labels:
+{{ include "single-sign-on.labels" . | indent 4 }}
+spec:
+  schedule: "*/5 * * * *"
+  jobTemplate:
+    metadata:
+      labels:
+        app.kubernetes.io/managed-by: {{.Release.Service | quote }}
+        app.kubernetes.io/instance: {{.Release.Name | quote }}
+        helm.sh/chart: "{{.Chart.Name}}-{{.Chart.Version}}"
+    spec:
+      template:
+        spec:
+          restartPolicy: Never
+          containers:
+          {{- range .Values.oAuthClients }}
+          - name: {{ .clientName | quote }}
+            image: {{ $.Values.userbackend.image.repository }}:{{ $.Values.userbackend.image.tag }}
+            imagePullPolicy: {{ $.Values.userbackend.image.pullPolicy }}
+            env:
+            - name: CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: oauth2-clients
+                  key: {{ .clientName }}_client_id
+            - name: CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: oauth2-clients
+                  key: {{ .clientName }}_client_secret
+            - name: CLIENT_NAME
+              value: {{ .clientName | quote }}
+            - name: REDIRECT_URI
+              value: {{ .redirectUri | quote }}
+            - name: SCOPES
+              value: {{ .scopes | quote }}
+            - name: CLIENT_URI
+              value: {{ .clientUri | quote }}
+            - name: CLIENT_LOGO_URI
+              value: {{ .clientLogoUri | quote }}
+            - name: TOKEN_ENDPOINT_AUTH_METHOD
+              value: {{ .tokenEndpointAuthMethod | quote }}
+            - name: RESPONSE_TYPES
+              value: "{{- range .responseTypes }}\"{{ . }}\",{{- end }}"
+            - name: GRANT_TYPES
+              value: "{{- range .grantTypes }}\"{{ . }}\",{{- end }}"
+            command: ["/bin/bash", "-c"]
+            args:
+            - >
+              curl http://{{ $.Release.Name }}-hydra-admin:4445/health/ready \
+                  --silent \\
+                  --write-out "\nCheck Hydra health: HTTP %{http_code}" \
+                  | tail -1 | grep 200 && echo "Hydra is ready to accept requests." &&
+              curl http://{{ $.Release.Name }}-hydra-admin:4445/clients/$CLIENT_NAME \
+                  --silent \
+                  --write-out "\nRequesting oauth client $CLIENT_NAME: HTTP %{http_code}\n"  \
+                  | tail -1  \
+                  | grep 404 &&
+              curl --header "Content-Type: application/json" \
+                  --request POST \
+                  --data "{\"client_id\": \"$CLIENT_ID\",
+                            \"client_name\": \"$CLIENT_NAME\",
+                            \"client_secret\": \"$CLIENT_SECRET\",
+                            \"client_uri\": \"$CLIENT_URI\",
+                            \"logo_uri\": \"$CLIENT_LOGO_URI\",
+                            \"redirect_uris\": [\"$REDIRECT_URI\"],
+                            \"scope\": \"$SCOPES\",
+                            \"grant_types\": [$GRANT_TYPES\"\"],
+                            \"response_types\": [$RESPONSE_TYPES\"\"],
+                            \"token_endpoint_auth_method\": \"client_secret_post\"}" \
+                  http://{{ $.Release.Name }}-hydra-admin:4445/clients \
+                  --silent \
+                  --write-out "\nCreating oauth client $CLIENT_ID: HTTP(%{http_code})\n" \
+                  | tail -1  \
+                  | grep 201 &&
+              echo "Successfully created $CLIENT_ID"
+          {{- end }}