diff --git a/flux2/core/base/single-sign-on/single-sign-on-values-configmap.yaml b/flux2/core/base/single-sign-on/single-sign-on-values-configmap.yaml
index 3238f62f623c02660a006eeaf812a6bf1563d41a..9ed40b2149d20d4cb5c92fa197248d198dc075db 100644
--- a/flux2/core/base/single-sign-on/single-sign-on-values-configmap.yaml
+++ b/flux2/core/base/single-sign-on/single-sign-on-values-configmap.yaml
@@ -39,6 +39,16 @@ data:
         # Let the backup system include nextcloud database data.
         backup.velero.io/backup-volumes: "database"
 
+    postgresql:
+      initdbScripts:
+        setup.sql: |
+          CREATE USER hydra WITH PASSWORD 'hydra';
+          CREATE USER kratos WITH PASSWORD '${kratos_postgresql_password}';
+          CREATE USER stackspin WITH PASSWORD '${hydra_postgresql_password}';
+          CREATE DATABASE kratos WITH OWNER kratos;
+          CREATE DATABASE hydra WITH OWNER hydra;
+          CREATE DATABASE stackspin WITH OWNER stackspin;
+
     hydra:
       hydra:
         config:
@@ -50,7 +60,7 @@ data:
           secrets:
             system:
               - "${hydra_system_secret}"
-          dsn: "memory"
+          dsn: "postgres://hydra:${hydra_postgresql_password}@single-sign-on-postgresql:5432/hydra"
       ingress:
         public:
           enabled: true
@@ -69,6 +79,10 @@ data:
         admin:
           enabled: false
 
+    kratos:
+      config:
+        dsn: "postgres://kratos:${kratos_postgresql_password}@single-sign-on-postgresql:5432/kratos"
+
     oAuthClients:
     - clientName: *USER_PANEL
       clientSecret: "${userpanel_oauth_client_secret}"