diff --git a/charts/argo/Chart.yaml b/charts/argo/Chart.yaml
index 28e783dc..b63d4b08 100644
--- a/charts/argo/Chart.yaml
+++ b/charts/argo/Chart.yaml
@@ -1,5 +1,5 @@
 apiVersion: v1
-appVersion: v2.8.0
+appVersion: v2.9.0
 description: A Helm chart for Argo Workflows
 name: argo
 version: 0.9.7
diff --git a/charts/argo/templates/workflow-controller-config-map.yaml b/charts/argo/templates/workflow-controller-config-map.yaml
index b6d56e64..6968bc5c 100644
--- a/charts/argo/templates/workflow-controller-config-map.yaml
+++ b/charts/argo/templates/workflow-controller-config-map.yaml
@@ -67,6 +67,7 @@ data:
     {{- if .Values.controller.workflowDefaults }}
     workflowDefaults:
 {{ toYaml .Values.controller.workflowDefaults | indent 6 }}{{- end }}
-    {{- with .Values.controller.sso }}
-    sso:
-{{ toYaml . | indent 6 }}{{- end }}
+    {{- with .Values.server.sso }}
+    server:
+      sso: {{- toYaml . | nindent 8 }}
+    {{- end }}
diff --git a/charts/argo/values.yaml b/charts/argo/values.yaml
index 2525b7bd..8cdc552a 100644
--- a/charts/argo/values.yaml
+++ b/charts/argo/values.yaml
@@ -4,7 +4,7 @@ images:
   server: argocli
   executor: argoexec
   pullPolicy: Always
-  tag: v2.7.6
+  tag: v2.9.0
 
 crdVersion: v1alpha1
 installCRD: true
@@ -202,6 +202,23 @@ server:
   clusterWorkflowTemplates:
     # Give the server permissions to edit ClusterWorkflowTemplates.
     enableEditing: true
+  sso:
+    # SSO configuration when SSO is specified as a server auth mode.
+    # All the values are requied. SSO is activated by adding --auth-mode=sso
+    # to the server command line.
+    #
+    # The root URL of the OIDC identity provider.
+    issuer: https://accounts.google.com
+    # Name of a secret and a key in it to retrieve the app OIDC client ID from.
+    clientId:
+      name: argo-server-sso
+      key: client-id
+    # Name of a secret and a key in it to retrieve the app OIDC client secret from.
+    clientSecret:
+      name: argo-server-sso
+      key: client-secret
+    # The OIDC redirect URL. Should be in the form <argo-root-url>/oauth2/callback.
+    redirectUrl: https://argo/oauth2/callback
 
 # Influences the creation of the ConfigMap for the workflow-controller itself.
 useDefaultArtifactRepo: false