diff --git a/cluster-scope/base/config.openshift.io/oauths/cluster/kustomization.yaml b/cluster-scope/base/config.openshift.io/oauths/cluster/kustomization.yaml
new file mode 100644
index 00000000..e7b18965
--- /dev/null
+++ b/cluster-scope/base/config.openshift.io/oauths/cluster/kustomization.yaml
@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+    - oauth.yaml
diff --git a/cluster-scope/base/config.openshift.io/oauths/cluster/oauth.yaml b/cluster-scope/base/config.openshift.io/oauths/cluster/oauth.yaml
new file mode 100644
index 00000000..1d4f914c
--- /dev/null
+++ b/cluster-scope/base/config.openshift.io/oauths/cluster/oauth.yaml
@@ -0,0 +1,9 @@
+apiVersion: config.openshift.io/v1
+kind: OAuth
+metadata:
+  annotations:
+    include.release.openshift.io/ibm-cloud-managed: "true"
+    include.release.openshift.io/self-managed-high-availability: "true"
+    include.release.openshift.io/single-node-developer: "true"
+    release.openshift.io/create-only: "true"
+  name: cluster
diff --git a/cluster-scope/base/rbac.authorization.k8s.io/clusterrolebindings/self-provisioners/clusterrolebinding.yaml b/cluster-scope/base/rbac.authorization.k8s.io/clusterrolebindings/self-provisioners/clusterrolebinding.yaml
new file mode 100644
index 00000000..e72df51e
--- /dev/null
+++ b/cluster-scope/base/rbac.authorization.k8s.io/clusterrolebindings/self-provisioners/clusterrolebinding.yaml
@@ -0,0 +1,11 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  annotations:
+    rbac.authorization.kubernetes.io/autoupdate: "false"
+  name: self-provisioners
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: self-provisioner
+subjects: []
diff --git a/cluster-scope/base/rbac.authorization.k8s.io/clusterrolebindings/self-provisioners/kustomization.yaml b/cluster-scope/base/rbac.authorization.k8s.io/clusterrolebindings/self-provisioners/kustomization.yaml
new file mode 100644
index 00000000..464a5f99
--- /dev/null
+++ b/cluster-scope/base/rbac.authorization.k8s.io/clusterrolebindings/self-provisioners/kustomization.yaml
@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+    - clusterrolebinding.yaml
diff --git a/cluster-scope/overlays/common/kustomization.yaml b/cluster-scope/overlays/common/kustomization.yaml
index c44cbcaf..95110c33 100644
--- a/cluster-scope/overlays/common/kustomization.yaml
+++ b/cluster-scope/overlays/common/kustomization.yaml
@@ -4,3 +4,5 @@ resources:
 - machineconfigs/99-master-ssh.yaml
 - machineconfigs/99-worker-ssh.yaml
 - ../../base/operators.coreos.com/subscriptions/external-secrets-operator
+- ../../base/config.openshift.io/oauths/cluster
+- ../../base/rbac.authorization.k8s.io/clusterrolebindings/self-provisioners
diff --git a/cluster-scope/overlays/nerc-ocp-infra/kustomization.yaml b/cluster-scope/overlays/nerc-ocp-infra/kustomization.yaml
index 020b0af7..d4fba761 100644
--- a/cluster-scope/overlays/nerc-ocp-infra/kustomization.yaml
+++ b/cluster-scope/overlays/nerc-ocp-infra/kustomization.yaml
@@ -6,3 +6,6 @@ resources:
 - ../../bundles/acm
 - ../../base/operators.coreos.com/subscriptions/cert-manager
 - clusterversion.yaml
+
+patches:
+  - path: oauths/cluster_patch.yaml
diff --git a/cluster-scope/overlays/nerc-ocp-infra/oauths/cluster_patch.yaml b/cluster-scope/overlays/nerc-ocp-infra/oauths/cluster_patch.yaml
new file mode 100644
index 00000000..701caff8
--- /dev/null
+++ b/cluster-scope/overlays/nerc-ocp-infra/oauths/cluster_patch.yaml
@@ -0,0 +1,15 @@
+apiVersion: config.openshift.io/v1
+kind: OAuth
+metadata:
+  name: cluster
+spec:
+  identityProviders:
+    - name: github
+      mappingMethod: claim
+      type: GitHub
+      github:
+        clientID: 77915cd4cdb5c4df7723
+        clientSecret:
+          name: github-client-secret
+        teams:
+          - ocp-on-nerc/nerc-ops