diff --git a/flux2/core/base/single-sign-on/single-sign-on-values-configmap.yaml b/flux2/core/base/single-sign-on/single-sign-on-values-configmap.yaml
index 5f1c178a455728960780af0d0c91fa641a03c763..5c30933011363195507c7564531c9b6dd6786b9b 100644
--- a/flux2/core/base/single-sign-on/single-sign-on-values-configmap.yaml
+++ b/flux2/core/base/single-sign-on/single-sign-on-values-configmap.yaml
@@ -59,6 +59,16 @@ data:
       kratos:
         config:
           dsn: "postgres://kratos:${kratos_postgresql_password}@single-sign-on-postgresql:5432/kratos"
+        courier:
+          smtp:
+            connection_uri: smtp://${outgoing_mail_smtp_user}:${outgoing_mail_smtp_password}@${outgoing_mail_smtp_host}:${outgoing_mail_smtp_port}/
+            from_address: ${outgoing_mail_from_address}
+        serve:
+          public:
+            base_url: https://sso.${domain}/api/
+        secrets:
+          session:
+            - "${kratos_session_secret}"
         selfservice:
           flows:
             recovery:
@@ -69,6 +79,8 @@ data:
               ui_url: https://sso.${domain}/login/settings
             registration:
               ui_url: https://sso.${domain}/login/registration
+        default_browser_return_url: https://dashboard.${domain}/
+
 
     oAuthClients:
     - clientName: nextcloud
diff --git a/install/templates/stackspin-single-sign-on-variables.yaml.jinja b/install/templates/stackspin-single-sign-on-variables.yaml.jinja
index 31502141f88b0966a2efa4ec4aef6cfb0dec2cc1..56ccc93f9bc7c944bc362d67afa7c01d83cb28f5 100644
--- a/install/templates/stackspin-single-sign-on-variables.yaml.jinja
+++ b/install/templates/stackspin-single-sign-on-variables.yaml.jinja
@@ -4,9 +4,10 @@ kind: Secret
 metadata:
   name: stackspin-single-sign-on-variables
 data:
-  userbackend_admin_password: "{{ 32 | generate_password | b64encode }}"
-  userbackend_postgres_password: "{{ 32 | generate_password | b64encode }}"
-  hydra_system_secret: "{{ 32 | generate_password | b64encode }}"
+  dashboard_postgresql_password: "{{ 32 | generate_password | b64encode }}"
   hydra_postgresql_password: "{{ 32 | generate_password | b64encode }}"
+  hydra_system_secret: "{{ 32 | generate_password | b64encode }}"
   kratos_postgresql_password: "{{ 32 | generate_password | b64encode }}"
-  dashboard_postgresql_password: "{{ 32 | generate_password | b64encode }}"
+  kratos_session_secret: "{{ 32 | generate_password | b64encode }}"
+  userbackend_admin_password: "{{ 32 | generate_password | b64encode }}"
+  userbackend_postgres_password: "{{ 32 | generate_password | b64encode }}"