diff --git a/docs/helmchart.md b/docs/helmchart.md
index 1a18ac560220ab5e01bdcbdb10b1ad80cf35ee51..ae2aec0c6345e0077598e6ad82d21f5485cf36fd 100644
--- a/docs/helmchart.md
+++ b/docs/helmchart.md
@@ -1,4 +1,4 @@
-# Helm chart
+# Single Sign-on Helm chart
 
 Single sign-on adds an Authentication server to your k8s cluster, that can be used by
 applications within your cluster and by external applications to log in your users.
@@ -13,6 +13,10 @@ new users, assign roles to users and grant users access to applications.
  * helm 2.14.3+
  * ORY helm chart repository installed
    * `helm repo add ory https://k8s.ory.sh/helm/charts && helm repo update`
+ * A PostgreSQL database with 3 users and 3 databases called
+   - `stackspin`
+   - `hydra`
+   - `kratos`
 
 ## Configuration
 
diff --git a/helmchart/single-sign-on/templates/job-create-admin.yaml b/helmchart/single-sign-on/templates/job-initialize-sso.yaml
similarity index 81%
rename from helmchart/single-sign-on/templates/job-create-admin.yaml
rename to helmchart/single-sign-on/templates/job-initialize-sso.yaml
index 6e564e440c9ebc543d3ffa3b3c2f53d07f4e1973..bc0005096d83bca39b4a1f34f5d8ea874b100a23 100644
--- a/helmchart/single-sign-on/templates/job-create-admin.yaml
+++ b/helmchart/single-sign-on/templates/job-initialize-sso.yaml
@@ -5,7 +5,7 @@ metadata:
   labels:
 {{ include "single-sign-on.labels" . | indent 4 }}
   annotations:
-    "helm.sh/hook": post-install
+    "helm.sh/hook": post-install,post-upgrade
     "helm.sh/hook-weight": "-5"
     "helm.sh/hook-delete-policy": before-hook-creation
 spec:
@@ -31,6 +31,9 @@ spec:
             value: http://{{ .Release.Name }}-kratos-public:80
         command: ["/bin/bash", "-c"]
         args:
-          - flask user create $SETUP_USER;
-            flask user setpassword $SETUP_USER $SETUP_PASSWORD ;
+          - flask db upgrade;
+            {{- if .Release.IsInstall }}
+            flask user create $SETUP_USER;
+            flask user setpassword $SETUP_USER $SETUP_PASSWORD;
+            {{- end }}
 
diff --git a/helmchart/single-sign-on/templates/job-migration-hydra.yaml b/helmchart/single-sign-on/templates/job-migration-hydra.yaml
deleted file mode 100644
index 671f6edc43f3532916417c0bd241a9831da50ae4..0000000000000000000000000000000000000000
--- a/helmchart/single-sign-on/templates/job-migration-hydra.yaml
+++ /dev/null
@@ -1,59 +0,0 @@
----
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: {{ include "single-sign-on.fullname" . }}-hydra-automigrate
-  {{- if .Release.Namespace }}
-  namespace: {{ .Release.Namespace }}
-  {{- end }}
-  labels:
-{{ include "single-sign-on.labels" . | indent 4 }}a
-    {{- with .Values.hydra.deployment.labels }}
-      {{- toYaml . | nindent 4 }}
-    {{- end }}
-  annotations:
-    {{- with .Values.hydra.job.annotations }}
-      {{- toYaml . | nindent 4 }}
-    {{- end }}
-    helm.sh/hook-weight: "1"
-    {{- if not .Release.IsInstall }}
-    helm.sh/hook: "pre-upgrade"
-    {{- end }}
-    helm.sh/hook-delete-policy: "before-hook-creation,hook-succeeded"
-spec:
-  template:
-    {{- with .Values.hydra.job.annotations }}
-    metadata: 
-      annotations:
-        {{- toYaml . | nindent 8 }}
-    {{- end }}
-    spec:
-      automountServiceAccountToken: {{ .Values.hydra.automountServiceAccountToken }}
-      containers:
-      - name: {{ .Chart.Name }}-hydra-automigrate
-        image: "{{ .Values.hydra.image.repository }}:{{ .Values.hydra.image.tag }}"
-        imagePullPolicy: {{ .Values.hydra.image.pullPolicy }}
-        command: ["hydra"]
-        args: ["migrate", "sql", "-e", "--yes"]
-        env:
-          - name: DSN
-            valueFrom:
-              secretKeyRef:
-                name: "single-sign-on-hydra" 
-                key: dsn
-        securityContext:
-          {{- toYaml .Values.hydra.securityContext | nindent 10 }}
-        {{- if .Values.hydra.deployment.extraVolumeMounts }}
-        volumeMounts:
-{{ toYaml .Values.hydra.deployment.extraVolumeMounts | indent 10 }}
-         {{- end }}
-      restartPolicy: Never
-      {{- if .Values.hydra.deployment.extraInitContainers }}
-      initContainers:
-{{ tpl .Values.hydra.deployment.extraInitContainers . | indent 8 }}
-      {{- end }}
-      {{- if .Values.hydra.deployment.extraVolumes }}
-      volumes:
-{{ toYaml .Values.hydra.deployment.extraVolumes | indent 8 }}
-      {{- end }}
-  backoffLimit: 10
diff --git a/helmchart/single-sign-on/templates/job-migration-kratos.yaml b/helmchart/single-sign-on/templates/job-migration-kratos.yaml
deleted file mode 100644
index dc5f43c2bc0a39017ff4e719ea804cd49525fb3c..0000000000000000000000000000000000000000
--- a/helmchart/single-sign-on/templates/job-migration-kratos.yaml
+++ /dev/null
@@ -1,57 +0,0 @@
----
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: {{ include "single-sign-on.fullname" . }}-kratos-automigrate
-  {{- if .Release.Namespace }}
-  namespace: {{ .Release.Namespace }}
-  {{- end }}
-  labels:
-{{ include "single-sign-on.labels" . | indent 4 }}
-  annotations:
-    {{- with .Values.kratos.job.annotations }}
-      {{- toYaml . | nindent 4 }}
-    {{- end }}
-    {{- if not .Release.IsInstall }}
-    helm.sh/hook: "pre-upgrade"
-    {{- end }}
-    helm.sh/hook-weight: "1"
-    helm.sh/hook-delete-policy: "before-hook-creation,hook-succeeded"
-spec:
-  template:
-    {{- with .Values.kratos.job.annotations }}
-    metadata: 
-      annotations:
-        {{- toYaml . | nindent 8 }}
-    {{- end }}
-    spec:
-      automountServiceAccountToken: {{ .Values.kratos.automountServiceAccountToken }}
-      containers:
-      - name: {{ .Chart.Name }}-kratos-automigrate
-        image: {{ include "kratos-migration-job.image" . }}
-        imagePullPolicy: {{ include "kratos-migration-job.imagePullPolicy" . }}
-        command: ["kratos"]
-        args: ["migrate", "sql", "-e", "--yes"]
-        env:
-          - name: DSN
-            valueFrom:
-              secretKeyRef:
-                name: "single-sign-on-kratos" 
-                # name: {{ include "kratos-migration-job.secretname" . }}
-                key: dsn
-        securityContext:
-          {{- toYaml .Values.kratos.securityContext | nindent 10 }}
-        {{- if .Values.kratos.deployment.extraVolumeMounts }}
-        volumeMounts:
-{{ toYaml .Values.kratos.deployment.extraVolumeMounts | indent 10 }}
-         {{- end }}
-      restartPolicy: Never
-      {{- if .Values.kratos.deployment.extraInitContainers }}
-      initContainers:
-{{ tpl .Values.kratos.deployment.extraInitContainers . | indent 8 }}
-      {{- end }}
-      {{- if .Values.kratos.deployment.extraVolumes }}
-      volumes:
-{{ toYaml .Values.kratos.deployment.extraVolumes | indent 8 }}
-      {{- end }}
-  backoffLimit: 10
diff --git a/helmchart/single-sign-on/values.yaml b/helmchart/single-sign-on/values.yaml
index 1d945de6b358affd45fd687764b5bf9d9146cf3c..075bae9225faf5cb716128d2fc3fb65b8750493a 100644
--- a/helmchart/single-sign-on/values.yaml
+++ b/helmchart/single-sign-on/values.yaml
@@ -91,7 +91,7 @@ kratos:
 
 
     # We included our own (forked) template to handle this job
-    autoMigrate: false
+    autoMigrate: true
 
 
     config:
@@ -155,7 +155,7 @@ hydra:
     dangerousForceHttp: true
 
     # We included our own (forked) template to handle this job
-    autoMigrate: false
+    autoMigrate: true
 
     config:
       dsn: postgres://hydra:hydra@single-sign-on-postgresql:5432/hydra