diff --git a/internalproxy/templates/heimdall.yaml b/internalproxy/templates/heimdall.yaml
index 3ca9f1f..ecebdef 100644
--- a/internalproxy/templates/heimdall.yaml
+++ b/internalproxy/templates/heimdall.yaml
@@ -35,6 +35,16 @@ metadata:
     kubernetes.io/ingress.class: nginx
     cert-manager.io/cluster-issuer: letsencrypt-production 
     nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+    nginx.ingress.kubernetes.io/configuration-snippet: |
+          more_set_headers "X-Forwarded-For $http_x_forwarded_for";    
+    nginx.ingress.kubernetes.io/auth-url: |-
+        http://ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx
+    nginx.ingress.kubernetes.io/auth-signin: |-
+        https://heimdall.durp.info/outpost.goauthentik.io/start?rd=$escaped_request_uri
+    nginx.ingress.kubernetes.io/auth-response-headers: |-
+        Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid
+    nginx.ingress.kubernetes.io/auth-snippet: |
+        proxy_set_header X-Forwarded-Host $http_host;    
 spec:
   rules:
   - host: heimdall.durp.info
@@ -46,7 +56,14 @@ spec:
           service:
             name: heimdall
             port: 
-              number: 8443         
+              number: 8443      
+      - path: /outpost.goauthentik.io
+        pathType: Prefix
+        backend:
+          service:
+            name: ak-outpost-authentik-embedded-outpost
+            port: 
+              number: 9000                 
   tls:
     - hosts: 
       - heimdall.durp.info