diff --git a/pkg/apis/options/legacy_options.go b/pkg/apis/options/legacy_options.go
index 392e1a6a..d232ed82 100644
--- a/pkg/apis/options/legacy_options.go
+++ b/pkg/apis/options/legacy_options.go
@@ -39,9 +39,10 @@ func NewLegacyOptions() *LegacyOptions {
 		},
 
 		LegacyHeaders: LegacyHeaders{
-			PassBasicAuth:        true,
-			PassUserHeaders:      true,
-			SkipAuthStripHeaders: true,
+			PassBasicAuth:           true,
+			PassUserHeaders:         true,
+			SkipAuthStripHeaders:    true,
+			AuthorizationHeaderName: "Authorization",
 		},
 
 		LegacyServer: LegacyServer{
@@ -89,6 +90,7 @@ func (l *LegacyOptions) ToOptions() (*Options, error) {
 	l.Options.Server, l.Options.MetricsServer = l.LegacyServer.convert()
 
 	l.Options.LegacyPreferEmailToUser = l.LegacyHeaders.PreferEmailToUser
+
 	l.Options.AuthorizationHeaderName = l.LegacyHeaders.AuthorizationHeaderName
 
 	providers, err := l.LegacyProvider.convert()
diff --git a/pkg/apis/options/load_test.go b/pkg/apis/options/load_test.go
index 06123c37..42854e19 100644
--- a/pkg/apis/options/load_test.go
+++ b/pkg/apis/options/load_test.go
@@ -25,9 +25,10 @@ var _ = Describe("Load", func() {
 		},
 
 		LegacyHeaders: LegacyHeaders{
-			PassBasicAuth:        true,
-			PassUserHeaders:      true,
-			SkipAuthStripHeaders: true,
+			PassBasicAuth:           true,
+			PassUserHeaders:         true,
+			AuthorizationHeaderName: "Authorization",
+			SkipAuthStripHeaders:    true,
 		},
 
 		LegacyServer: LegacyServer{
@@ -48,6 +49,7 @@ var _ = Describe("Load", func() {
 
 		Options: Options{
 			BearerTokenLoginFallback: true,
+			AuthorizationHeaderName:  "Authorization",
 			ProxyPrefix:              "/oauth2",
 			PingPath:                 "/ping",
 			ReadyPath:                "/ready",
diff --git a/pkg/apis/options/options.go b/pkg/apis/options/options.go
index 98a59769..8a8d2ea3 100644
--- a/pkg/apis/options/options.go
+++ b/pkg/apis/options/options.go
@@ -100,6 +100,7 @@ func (o *Options) SetRealClientIPParser(s ipapi.RealClientIPParser)       { o.re
 func NewOptions() *Options {
 	return &Options{
 		BearerTokenLoginFallback: true,
+		AuthorizationHeaderName:  "Authorization",
 		ProxyPrefix:              "/oauth2",
 		Providers:                providerDefaults(),
 		PingPath:                 "/ping",
@@ -131,6 +132,7 @@ func NewFlagSet() *pflag.FlagSet {
 	flagSet.Bool("skip-auth-preflight", false, "will skip authentication for OPTIONS requests")
 	flagSet.Bool("ssl-insecure-skip-verify", false, "skip validation of certificates presented when using HTTPS providers")
 	flagSet.Bool("skip-jwt-bearer-tokens", false, "will skip requests that have verified JWT bearer tokens (default false)")
+	flagSet.String("authorization-header-name", "Authorization", "name of the authorization header to use instead of Authorization")
 	flagSet.Bool("bearer-token-login-fallback", true, "if skip-jwt-bearer-tokens is set, fall back to normal login redirect with an invalid JWT. If false, 403 instead")
 	flagSet.Bool("force-json-errors", false, "will force JSON errors instead of HTTP error pages or redirects")
 	flagSet.Bool("encode-state", false, "will encode oauth state with base64")