diff --git a/passbook/providers/proxy/api.py b/passbook/providers/proxy/api.py
index 63af2967a..42e1dfb75 100644
--- a/passbook/providers/proxy/api.py
+++ b/passbook/providers/proxy/api.py
@@ -57,6 +57,9 @@ class ProxyProviderSerializer(ModelSerializer):
             "internal_host_ssl_validation",
             "certificate",
             "skip_path_regex",
+            "basic_auth_enabled",
+            "basic_auth_password_attribute",
+            "basic_auth_user_attribute",
         ]
 
 
@@ -97,6 +100,9 @@ class ProxyOutpostConfigSerializer(ModelSerializer):
             "cookie_secret",
             "certificate",
             "skip_path_regex",
+            "basic_auth_enabled",
+            "basic_auth_password_attribute",
+            "basic_auth_user_attribute",
         ]
 
     @swagger_serializer_method(serializer_or_field=OpenIDConnectConfigurationSerializer)
diff --git a/passbook/providers/proxy/forms.py b/passbook/providers/proxy/forms.py
index de45349c8..e865c25a5 100644
--- a/passbook/providers/proxy/forms.py
+++ b/passbook/providers/proxy/forms.py
@@ -37,9 +37,14 @@ class ProxyProviderForm(forms.ModelForm):
             "external_host",
             "certificate",
             "skip_path_regex",
+            "basic_auth_enabled",
+            "basic_auth_user_attribute",
+            "basic_auth_password_attribute",
         ]
         widgets = {
             "name": forms.TextInput(),
             "internal_host": forms.TextInput(),
             "external_host": forms.TextInput(),
+            "basic_auth_user_attribute": forms.TextInput(),
+            "basic_auth_password_attribute": forms.TextInput(),
         }
diff --git a/passbook/providers/proxy/models.py b/passbook/providers/proxy/models.py
index 6f6c865db..cd68694c1 100644
--- a/passbook/providers/proxy/models.py
+++ b/passbook/providers/proxy/models.py
@@ -66,6 +66,31 @@ class ProxyProvider(OutpostModel, OAuth2Provider):
         ),
     )
 
+    basic_auth_enabled = models.BooleanField(
+        default=False,
+        verbose_name=_("Set HTTP-Basic Authentication"),
+        help_text=_(
+            "Set a custom HTTP-Basic Authentication header based on values from passbook."
+        ),
+    )
+    basic_auth_user_attribute = models.TextField(
+        blank=True,
+        verbose_name=_("HTTP-Basic Username"),
+        help_text=_(
+            (
+                "User Attribute used for the user part of the HTTP-Basic Header. "
+                "If not set, the user's Email address is used."
+            )
+        ),
+    )
+    basic_auth_password_attribute = models.TextField(
+        blank=True,
+        verbose_name=_("HTTP-Basic Password"),
+        help_text=_(
+            ("User Attribute used for the password part of the HTTP-Basic Header.")
+        ),
+    )
+
     certificate = models.ForeignKey(
         CertificateKeyPair, on_delete=models.SET_NULL, null=True, blank=True,
     )
diff --git a/swagger.yaml b/swagger.yaml
index b81b9023c..7dd6bd231 100755
--- a/swagger.yaml
+++ b/swagger.yaml
@@ -6216,7 +6216,7 @@ definitions:
         type: string
         minLength: 1
       internal_host_ssl_validation:
-        title: Internal host ssl validation
+        title: Internal host SSL Validation
         description: Validate SSL Certificates of upstream servers
         type: boolean
       client_id:
@@ -6244,6 +6244,20 @@ definitions:
         description: Regular expressions for which authentication is not required.
           Each new line is interpreted as a new Regular Expression.
         type: string
+      basic_auth_enabled:
+        title: Set HTTP-Basic Authentication
+        description: Set a custom HTTP-Basic Authentication header based on values
+          from passbook.
+        type: boolean
+      basic_auth_password_attribute:
+        title: HTTP-Basic Password
+        description: User Attribute used for the password part of the HTTP-Basic Header.
+        type: string
+      basic_auth_user_attribute:
+        title: HTTP-Basic Username
+        description: User Attribute used for the user part of the HTTP-Basic Header.
+          If not set, the user's Email address is used.
+        type: string
   Policy:
     type: object
     properties:
@@ -6705,7 +6719,7 @@ definitions:
         type: string
         minLength: 1
       internal_host_ssl_validation:
-        title: Internal host ssl validation
+        title: Internal host SSL Validation
         description: Validate SSL Certificates of upstream servers
         type: boolean
       certificate:
@@ -6718,6 +6732,20 @@ definitions:
         description: Regular expressions for which authentication is not required.
           Each new line is interpreted as a new Regular Expression.
         type: string
+      basic_auth_enabled:
+        title: Set HTTP-Basic Authentication
+        description: Set a custom HTTP-Basic Authentication header based on values
+          from passbook.
+        type: boolean
+      basic_auth_password_attribute:
+        title: HTTP-Basic Password
+        description: User Attribute used for the password part of the HTTP-Basic Header.
+        type: string
+      basic_auth_user_attribute:
+        title: HTTP-Basic Username
+        description: User Attribute used for the user part of the HTTP-Basic Header.
+          If not set, the user's Email address is used.
+        type: string
   SAMLProvider:
     required:
       - name