diff --git a/control-plane/src/modules/auth/auth.test.ts b/control-plane/src/modules/auth/auth.test.ts
index ec9d39f0..4e0bd865 100644
--- a/control-plane/src/modules/auth/auth.test.ts
+++ b/control-plane/src/modules/auth/auth.test.ts
@@ -499,7 +499,9 @@ describe("extractAuthState", () => {
 describe("extractCustomerAuthState", () => {
   let owner: Awaited<ReturnType<typeof createOwner>>;
   beforeEach(async () => {
-    owner = await createOwner();
+    owner = await createOwner({
+      enableCustomerAuth: true,
+    });
     jest.resetAllMocks();
   });
 
@@ -527,6 +529,19 @@ describe("extractCustomerAuthState", () => {
     });
   });
 
+  it("should throw if customer auth is not enabled for cluster", async () => {
+    owner = await createOwner({
+      enableCustomerAuth: false,
+    });
+
+    mockCustomer.verifyCustomerProvidedAuth.mockResolvedValue({
+      someAuthValue: "someValue",
+    });
+
+    await expect(extractCustomerAuthState("abc123", owner.clusterId)).rejects.toThrow("Customer auth is not enabled for this cluster");
+  });
+
+
   describe("isUser", () => {
     it("should throw", async () => {
       mockCustomer.verifyCustomerProvidedAuth.mockResolvedValue({
diff --git a/control-plane/src/modules/auth/auth.ts b/control-plane/src/modules/auth/auth.ts
index 77afb1ee..c904223a 100644
--- a/control-plane/src/modules/auth/auth.ts
+++ b/control-plane/src/modules/auth/auth.ts
@@ -370,6 +370,12 @@ export const extractCustomerAuthState = async (
     return undefined;
   }
 
+  if (!cluster.enable_customer_auth) {
+    throw new AuthenticationError(
+      "Customer auth is not enabled for this cluster",
+    );
+  }
+
   const context = await verifyCustomerProvidedAuth({
     token: token,
     clusterId: clusterId,
diff --git a/control-plane/src/modules/cluster.ts b/control-plane/src/modules/cluster.ts
index 172859aa..be6b1add 100644
--- a/control-plane/src/modules/cluster.ts
+++ b/control-plane/src/modules/cluster.ts
@@ -26,6 +26,7 @@ export const getClusterDetails = async (clusterId: string) => {
       id: data.clusters.id,
       name: data.clusters.name,
       description: data.clusters.description,
+      enable_customer_auth: data.clusters.enable_customer_auth,
       additional_context: data.clusters.additional_context,
       organization_id: data.clusters.organization_id,
       deleted_at: data.clusters.deleted_at,
diff --git a/control-plane/src/modules/test/util.ts b/control-plane/src/modules/test/util.ts
index 32e8613e..feab0400 100644
--- a/control-plane/src/modules/test/util.ts
+++ b/control-plane/src/modules/test/util.ts
@@ -3,6 +3,7 @@ import * as data from "../data";
 export const createOwner = async (params?: {
   clusterId?: string;
   organizationId?: string;
+  enableCustomerAuth?: boolean;
 }) => {
   const clusterId = params?.clusterId || `test-cluster-${Math.random()}`;
 
@@ -15,6 +16,7 @@ export const createOwner = async (params?: {
       id: clusterId,
       name: clusterId,
       organization_id: organizationId,
+      enable_customer_auth: params?.enableCustomerAuth ?? false,
     })
     .execute();