diff --git a/src/main/helm/templates/keycloak-client-crd.yaml b/src/main/helm/templates/keycloak-client-crd.yaml
index 76bcea6d052afbfb6275b7db4e3d9bb324dc234a..309d37aec26a335d160324d876ceb62a9b464df1 100644
--- a/src/main/helm/templates/keycloak-client-crd.yaml
+++ b/src/main/helm/templates/keycloak-client-crd.yaml
@@ -9,9 +9,16 @@ metadata:
 spec:
   keep_after_delete: {{ $.Values.sso.keep_after_delete | default false }}
   client_name: {{ $client.client_name }}
-  client_base_url: https://{{ include "app.baseDomain" $ }}
+  client_base_url: https://{{ include "app.baseDomain" $ }}  
+{{- if $client.client_web_origins }}
+  client_web_origins:
+    {{- with $client.client_web_origins }}
+{{ toYaml . | indent 4 }}
+    {{- end }}
+{{- else }}
   client_web_origins:
     - https://{{ include "app.baseDomain" $ }}
+{{- end }}
   client_redirect_uris:
     - https://{{ include "app.baseDomain" $ }}
     - https://{{ include "app.baseDomain" $ }}/*
diff --git a/src/test/helm/keycloak_client_crd_test.yaml b/src/test/helm/keycloak_client_crd_test.yaml
index 2d2138cbacb2abd6a0dd8a8c20b06ef45beb9e4a..08ee90860870a6e80d40170688e02a963cdf093c 100644
--- a/src/test/helm/keycloak_client_crd_test.yaml
+++ b/src/test/helm/keycloak_client_crd_test.yaml
@@ -114,6 +114,20 @@ tests:
           value:
             - https://helm-admin.ozg-sh.de
             - https://helm-admin.ozg-sh.de/*
+  - it: should override client web origins
+    set:
+      sso:
+        keycloak_clients:
+          - client_name: admin
+            spec.client_web_origins:
+              - https://some.origin.de
+              - https://some.other.origin.de
+    asserts:
+      - equal:
+          path: spec.client_redirect_uris
+          value:
+            - https://some.origin.de
+            - https://some.other.origin.de
   - it: should use additional redirect uris for client web origins
     set:
       sso: