diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
index 71ba3dfdd..db1f0ca8d 100755
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -5124,6 +5124,8 @@ matrix_synapse_admin_container_labels_traefik_docker_network: "{{ matrix_playboo
 matrix_synapse_admin_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
 matrix_synapse_admin_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"
 
+matrix_synapse_admin_config_externalAuthProvider: "{{ matrix_authentication_service_enabled | default(false) or matrix_synapse_ext_password_provider_ldap_enabled | default(false) }}"
+
 matrix_synapse_admin_config_asManagedUsers_auto: |
   {{
     ([
diff --git a/roles/custom/matrix-synapse-admin/defaults/main.yml b/roles/custom/matrix-synapse-admin/defaults/main.yml
index 756eb253a..f2709afa0 100644
--- a/roles/custom/matrix-synapse-admin/defaults/main.yml
+++ b/roles/custom/matrix-synapse-admin/defaults/main.yml
@@ -166,6 +166,8 @@ matrix_synapse_admin_path_prefix: /synapse-admin
 # This is unlike what it does when looking up YAML template files (no automatic parsing there).
 matrix_synapse_admin_configuration_default:
   restrictBaseUrl: "{{ matrix_synapse_admin_config_restrictBaseUrl }}"
+  externalAuthProvider: "{{ matrix_synapse_admin_config_externalAuthProvider }}"
+  corsCredentials: "{{ matrix_synapse_admin_config_corsCredentials }}"
   asManagedUsers: "{{ matrix_synapse_admin_config_asManagedUsers }}"
   menu: "{{ matrix_synapse_admin_config_menu }}"
 
@@ -199,6 +201,15 @@ matrix_synapse_admin_configuration: "{{ matrix_synapse_admin_configuration_defau
 # restricts the homeserver(s), so that the user can no longer define a homeserver manually during login.
 matrix_synapse_admin_config_restrictBaseUrl: "{{ matrix_homeserver_url }}"  # noqa var-naming
 
+# Controls the externalAuthProvider configuration setting, which, if defined,
+# enables a special compatibility mode that works better for external auth providers like LDAP, MAS, etc.
+matrix_synapse_admin_config_externalAuthProvider: false  # noqa var-naming
+
+# Controls the corsCredentials configuration setting, which, if defined,
+# allows including credentials (cookies, authorization headers, or TLS client certificates) in requests
+# ref: https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API/Using_Fetch#including_credentials
+matrix_synapse_admin_config_corsCredentials: "same-origin"  # noqa var-naming
+
 # Controls the menu configuration setting, which, if defined, adds new menu items to the Synapse Admin UI.
 # The format is a list of objects, where each object has the following keys:
 # - `label` (string): The label of the menu item.