diff --git a/management/internals/server/boot.go b/management/internals/server/boot.go
index 5233359a6..66d651c69 100644
--- a/management/internals/server/boot.go
+++ b/management/internals/server/boot.go
@@ -184,7 +184,7 @@ func (s *BaseServer) proxyOIDCConfig() nbgrpc.ProxyOIDCConfig {
 		return nbgrpc.ProxyOIDCConfig{
 			Issuer: s.Config.HttpConfig.AuthIssuer,
 			// todo: double check auth clientID value
-			ClientID:     s.Config.HttpConfig.AuthAudience, // Reuse dashboard client
+			ClientID:     s.Config.HttpConfig.AuthClientID, // Reuse dashboard client
 			Scopes:       []string{"openid", "profile", "email"},
 			CallbackURL:  callbackURL,
 			HMACKey:      []byte(s.Config.DataStoreEncryptionKey), // Use the datastore encryption key for OIDC state HMACs, this should ensure all management instances are using the same key.
diff --git a/management/internals/server/config/config.go b/management/internals/server/config/config.go
index 7b8783943..884d243c7 100644
--- a/management/internals/server/config/config.go
+++ b/management/internals/server/config/config.go
@@ -100,6 +100,8 @@ type HttpServerConfig struct {
 	CertFile string
 	// CertKey is the location of the certificate private key
 	CertKey string
+	// AuthClientID is the client id used for proxy SSO auth
+	AuthClientID string
 	// AuthAudience identifies the recipients that the JWT is intended for (aud in JWT)
 	AuthAudience string
 	// CLIAuthAudience identifies the client app recipients that the JWT is intended for (aud in JWT)