diff --git a/generator/default_values.yaml b/generator/default_values.yaml
index e42565ae..233e9db9 100644
--- a/generator/default_values.yaml
+++ b/generator/default_values.yaml
@@ -578,6 +578,8 @@ deploykf_core:
       ##
       enableSignInPage: false
 
+      insecureAllowUnverifiedEmail: true
+
       ## oauth2-proxy cookie configs
       ##
       cookie:
diff --git a/generator/templates/manifests/deploykf-core/deploykf-auth/templates/oauth2-proxy/Secret-config.yaml b/generator/templates/manifests/deploykf-core/deploykf-auth/templates/oauth2-proxy/Secret-config.yaml
index 56491e1e..457caa22 100644
--- a/generator/templates/manifests/deploykf-core/deploykf-auth/templates/oauth2-proxy/Secret-config.yaml
+++ b/generator/templates/manifests/deploykf-core/deploykf-auth/templates/oauth2-proxy/Secret-config.yaml
@@ -107,6 +107,13 @@ skip_provider_button = false
 skip_provider_button = true
 {{- end }}
 
+
+{{- if .Values.oauth2Proxy.insecureAllowUnverifiedEmail }}
+insecure_oidc_allow_unverified_email = true
+{{- else }}
+insecure_oidc_allow_unverified_email = false
+{{- end }}
+
 ## oauth2-proxy sends "force" by default, which causes dex to always prompt for login
 ## https://github.com/dexidp/dex/pull/3086
 prompt = "none"
diff --git a/generator/templates/manifests/deploykf-core/deploykf-auth/values.yaml b/generator/templates/manifests/deploykf-core/deploykf-auth/values.yaml
index f862de11..22fbf862 100644
--- a/generator/templates/manifests/deploykf-core/deploykf-auth/values.yaml
+++ b/generator/templates/manifests/deploykf-core/deploykf-auth/values.yaml
@@ -177,6 +177,8 @@ oauth2Proxy:
   ## NOTE: this prevents background requests being redirected and accumulating CSRF cookies
   enableSignInPage: {{< .Values.deploykf_core.deploykf_auth.oauth2Proxy.enableSignInPage | conv.ToBool >}}
 
+  insecureAllowUnverifiedEmail: {{< .Values.deploykf_core.deploykf_auth.oauth2Proxy.insecureAllowUnverifiedEmail | conv.ToBool >}}
+
   ## OpenID configs for oauth2-proxy
   ##
   oidc: