diff --git a/helmchart/single-sign-on/templates/job-create-oauth2-client-userpanel.yaml b/helmchart/single-sign-on/templates/job-create-oauth2-client-userpanel.yaml
index 5e4e67a1ed30f090144a0ddd64b58f232942c347..b27efc1506d1ef960ba3849aa10295aca55fb1c8 100644
--- a/helmchart/single-sign-on/templates/job-create-oauth2-client-userpanel.yaml
+++ b/helmchart/single-sign-on/templates/job-create-oauth2-client-userpanel.yaml
@@ -1,11 +1,11 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: {{ include "single-sign-on.fullname" . }}-create-oauth2-client
+  name: {{ include "single-sign-on.fullname" . }}-create-oauth2-clients
   labels:
 {{ include "single-sign-on.labels" . | indent 4 }}
   annontations:
-    "helm.sh/hook": post-install
+    "helm.sh/hook": post-install,post-upgrade
     "helm.sh/hook-weight": "-4"
     "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
 spec:
@@ -18,40 +18,41 @@ spec:
     spec:
       restartPolicy: Never
       containers:
-      - name: user-panel
-        image: {{ .Values.userbackend.image.repository }}:{{ .Values.userbackend.image.tag }}
-        imagePullPolicy: {{ .Values.userbackend.image.pullPolicy }}
+      {{- range .Values.oAuthClients }}
+      - name: {{ .clientName | quote }}
+        image: {{ $.Values.userbackend.image.repository }}:{{ $.Values.userbackend.image.tag }}
+        imagePullPolicy: {{ $.Values.userbackend.image.pullPolicy }}
         env:
         - name: CLIENT_ID
           valueFrom:
             secretKeyRef:
-              name: userpanel-oauth2-client
-              key: client_id
+              name: oauth2-clients
+              key: {{ .clientName }}.client_id
         - name: CLIENT_SECRET
           valueFrom:
             secretKeyRef:
-              name: userpanel-oauth2-client
-              key: client_secret
+              name: oauth2-clients
+              key: {{ .clientName }}.client_secret
         - name: CLIENT_NAME
-          value: user-panel
+          value: {{ .clientName | quote }}
         - name: REDIRECT_URI
-          value: "https://{{ .Values.userpanel.ingress.host }}/callback"
+          value: {{ .redirectUri | quote }}
         - name: SCOPES
-          value: "openid profile email openappstack_roles"
+          value: {{ .scopes | quote }}
         - name: CLIENT_URI
-          value: "https://{{ .Values.userpanel.ingress.host }}"
+          value: {{ .clientUri | quote }}
         - name: CLIENT_LOGO_URI
-          value: "https://{{ .Values.userpanel.ingress.host }}/favicon.ico"
+          value: {{ .clientLogoUri | quote }}
         - name: TOKEN_ENDPOINT_AUTH_METHOD
-          value: client_secret_basic
+          value: {{ .tokenEndpointAuthMethod | quote }}
         - name: RESPONSE_TYPES
-          value: token
+          value: {{ .responseTypes | quote }}
         - name: GRANT_TYPES
-          value: implicit
+          value: {{ .grantTypes | quote }}
         command: ["/bin/bash", "-c"]
         args:
         - >
-          curl http://{{ .Release.Name }}-hydra-admin:4445/clients &&
+          curl http://{{ $.Release.Name }}-hydra-admin:4445/clients &&
           curl --header "Content-Type: application/json" \
                --request POST \
                --data "{\"client_id\": \"$CLIENT_ID\",
@@ -64,4 +65,5 @@ spec:
                         \"grant_types\": [\"$GRANT_TYPES\"],
                         \"response_types\": [\"$RESPONSE_TYPES\"],
                         \"token_endpoint_auth_method\": \"client_secret_post\"}" \
-               http://{{ .Release.Name }}-hydra-admin:4445/clients
+               http://{{ $.Release.Name }}-hydra-admin:4445/clients
+      {{- end }}
diff --git a/helmchart/single-sign-on/templates/secret-oauth2-client-userpanel.yaml b/helmchart/single-sign-on/templates/secret-oauth2-client-userpanel.yaml
index b29fcb593db7968df3a9535aceca0623e8e9392d..88b708e6f5893d436217f439079194cf4f15a99c 100644
--- a/helmchart/single-sign-on/templates/secret-oauth2-client-userpanel.yaml
+++ b/helmchart/single-sign-on/templates/secret-oauth2-client-userpanel.yaml
@@ -1,8 +1,11 @@
 apiVersion: v1
 kind: Secret
 metadata:
-    name: userpanel-oauth2-client
+    name: oauth2-clients
 type: Opaque
 data:
-  client_id: {{ "user-panel" | b64enc }}
-  client_secret: {{ .Values.userpanel.oAuthClientSecret |  b64enc }}
+  {{- range .Values.oAuthCLients }}
+  {{ .clientName }}:
+    client_id: {{ .clientName | b64enc }}
+    client_secret: {{ .clientSecret |  b64enc }}
+  {{- end }}
diff --git a/helmchart/single-sign-on/values.yaml b/helmchart/single-sign-on/values.yaml
index 17d5eab62dea208926c7aa5dc896cede56aed96b..fc40409fcb6684f2abd3035ebcaf72a0e0b48088 100644
--- a/helmchart/single-sign-on/values.yaml
+++ b/helmchart/single-sign-on/values.yaml
@@ -1,6 +1,5 @@
 replicaCount: 1
 
-
 consentProviderImage:
     # consentProviderImage.tag and consentProviderImage.pullPolicy should be the same as
     # loginProviderImage.tag and loginProviderImage.pullPolicy as the images are released
@@ -26,9 +25,6 @@ userpanel:
   ingress:
     # userpanel.ingress.host is the FQDN of the userpanel application
     host: admin.oas.example.net
-  # userpanel.oauthClientSecret is the secret the userpanel application will use to make
-  # oauth requests to the hydra service.
-  oAuthClientSecret: "YouReallyNeedToChangeThis"
 
 userbackend:
   image:
@@ -37,6 +33,9 @@ userbackend:
   # userbackend.username is the username of the admin user that will be create
   # after the installation of the user backend.
   username: "admin"
+  applications:
+    - name: &user-panel user-panel
+      desctiption: Administration interface to manage user accounts
   # username.password is the password of the admin user
   password: "YouReallyNeedToChangeThis"
   # username.email is email address of the admin user
@@ -54,7 +53,6 @@ userbackend:
       storageClass: "-"
     # existingClaim:
 
-
 hydra:
   hydra:
     # hydra.hydra.dangerousForceHttp allows access to the hydra admin API over http. The
@@ -102,3 +100,34 @@ hydra:
     # hydra.ingress.public using a different FQDN
     admin:
       enabled: false
+
+# oAuthClients is a list of clients that are created during the installation process
+# for a detailed list of the options available here, refer to
+# https://www.ory.sh/docs/hydra/sdk/api#create-an-oauth-20-client
+oAuthClients:
+  # oauthClients[].clientName is the name of the oauth client that needs to be the same as
+  # the application name in userbackend.applications[].name
+- clientName: *user-panel
+  # oauthClients[].clientSecret is the secret the client uses to authenticate
+- clientSecret: "YouReallyNeedToChangeThis"
+  # oAuthClients[].redirectUri is the url the user will be redirected to by hydra when the
+  # authentication process is completed
+  redirectUri: "https://admin.oas.example.net/callback"
+  # oAuthClients[].scopes is a list of scopes the client need access to
+  scopes: "openid profile email openappstack_roles"
+  # oAuthClients[].clientUri is a url that is displayed for the user to navigate to the
+  # application
+  clientUri: "https://admin.oas.example.net"
+  # oAuthClients[].clientLogoUri is a url that points to a logo that will be displayed
+  # whenever refering to the application
+  clientLogoUri: "https://admin.oas.example.net/favicon.ico"
+  # oAuthClients[].tokenEndpointAuthMethod sets the method that the oAUth client uses to
+  # authenticate agains the oAuth server i.e. to retrieve tokens or userinfo
+  tokenEndpointAuthMethod: "client_secret_basic"
+  # oAuthClients[].responseTypes specifies the type of ressource an oAuth client uses to perform
+  # authentication and userinfo requests
+  responseTypes: "token"
+  # oAuthClients[].grantTypes specifies the way in which the client retrieves an access token
+  # from the oAuth server
+  grantTypes: "implicit"
+