diff --git a/clusters/cl01tl/helm/sonarr-4k/templates/middleware.yaml b/clusters/cl01tl/helm/sonarr-4k/templates/middleware.yaml
new file mode 100644
index 000000000..341764b57
--- /dev/null
+++ b/clusters/cl01tl/helm/sonarr-4k/templates/middleware.yaml
@@ -0,0 +1,26 @@
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: oidc-forward-auth
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: oidc-forward-auth
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  forwardAuth:
+    address: http://ak-outpost-traefik-proxy-auth.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik
+    trustForwardHeader: true
+    authResponseHeaders:
+      - X-authentik-username
+      - X-authentik-groups
+      - X-authentik-entitlements
+      - X-authentik-email
+      - X-authentik-name
+      - X-authentik-uid
+      - X-authentik-jwt
+      - X-authentik-meta-jwks
+      - X-authentik-meta-outpost
+      - X-authentik-meta-provider
+      - X-authentik-meta-app
+      - X-authentik-meta-version
diff --git a/clusters/cl01tl/helm/sonarr-4k/values.yaml b/clusters/cl01tl/helm/sonarr-4k/values.yaml
index 937732139..2e12b7f58 100644
--- a/clusters/cl01tl/helm/sonarr-4k/values.yaml
+++ b/clusters/cl01tl/helm/sonarr-4k/values.yaml
@@ -81,6 +81,12 @@ sonarr-4k:
           namespace: traefik
       hostnames:
         - sonarr-4k.alexlebens.net
+      filters:
+        - type: ExtensionRef
+          extensionRef:
+            group: traefik.io
+            kind: Middleware
+            name: oidc-forward-auth
       rules:
         - backendRefs:
             - group: ''