diff --git a/controllers/operator/ingress.go b/controllers/operator/ingress.go
index b81e2d3c..1f436ef8 100644
--- a/controllers/operator/ingress.go
+++ b/controllers/operator/ingress.go
@@ -35,6 +35,8 @@ var ingressList []string = []string{
 	"idmgmt-v2-api",
 	"platform-auth",
 	"platform-id-provider",
+	"platform-id-auth-block",
+	"platform-id-auth",
 	"platform-login",
 	"platform-oidc-block",
 	"platform-oidc",
@@ -94,6 +96,8 @@ func (r *AuthenticationReconciler) handleIngress(instance *operatorv1alpha1.Auth
 		idMgmtIngress,
 		idmgmtV2ApiIngress,
 		platformAuthIngress,
+		platformIdAuthBlockIngress,
+		platformIdAuthIngress,
 		platformIdProviderIngress,
 		platformLoginIngress,
 		platformOidcBlockIngress,
@@ -345,6 +349,113 @@ func platformAuthIngress(instance *operatorv1alpha1.Authentication, scheme *runt
 
 }
 
+
+func platformIdAuthBlockIngress(instance *operatorv1alpha1.Authentication, scheme *runtime.Scheme) *netv1.Ingress {
+	pathType := netv1.PathType("ImplementationSpecific")
+	reqLogger := log.WithValues("Instance.Namespace", instance.Namespace, "Instance.Name", instance.Name)
+	newIngress := &netv1.Ingress{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "platform-id-auth-block",
+			Namespace: instance.Namespace,
+			Labels:    map[string]string{"app": "platform-auth-service"},
+			Annotations: map[string]string{
+				"kubernetes.io/ingress.class":              "ibm-icp-management",
+				"icp.management.ibm.com/location-modifier": "=",
+				"icp.management.ibm.com/configuration-snippet": `
+					add_header 'X-XSS-Protection' '1' always;
+					`,
+			},
+		},
+		Spec: netv1.IngressSpec{
+			Rules: []netv1.IngressRule{
+				{
+					IngressRuleValue: netv1.IngressRuleValue{
+						HTTP: &netv1.HTTPIngressRuleValue{
+							Paths: []netv1.HTTPIngressPath{
+								{
+									Path:     "/idauth/oidc/endpoint",
+									PathType: &pathType,
+									Backend: netv1.IngressBackend{
+										Service: &netv1.IngressServiceBackend{
+											Name: "default-http-backend",
+											Port: netv1.ServiceBackendPort{
+												Number: 80,
+											},
+										},
+									},
+								},
+							},
+						},
+					},
+				},
+			},
+		},
+	}
+
+	// Set Authentication instance as the owner and controller of the Ingress
+	err := controllerutil.SetControllerReference(instance, newIngress, scheme)
+	if err != nil {
+		reqLogger.Error(err, "Failed to set owner for Ingress")
+		return nil
+	}
+	return newIngress
+
+}
+
+func platformIdAuthIngress(instance *operatorv1alpha1.Authentication, scheme *runtime.Scheme) *netv1.Ingress {
+	pathType := netv1.PathType("ImplementationSpecific")
+	reqLogger := log.WithValues("Instance.Namespace", instance.Namespace, "Instance.Name", instance.Name)
+	newIngress := &netv1.Ingress{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "platform-id-auth",
+			Namespace: instance.Namespace,
+			Labels:    map[string]string{"app": "platform-auth-service"},
+			Annotations: map[string]string{
+				"kubernetes.io/ingress.class":            "ibm-icp-management",
+				"icp.management.ibm.com/secure-backends": "true",
+				"icp.management.ibm.com/rewrite-target":  "/",
+				"icp.management.ibm.com/configuration-snippet": `
+					add_header 'X-Frame-Options' 'SAMEORIGIN' always;
+					add_header 'X-Content-Type-Options' 'nosniff';
+					`,
+			},
+		},
+		Spec: netv1.IngressSpec{
+			Rules: []netv1.IngressRule{
+				{
+					IngressRuleValue: netv1.IngressRuleValue{
+						HTTP: &netv1.HTTPIngressRuleValue{
+							Paths: []netv1.HTTPIngressPath{
+								{
+									Path:     "/idauth",
+									PathType: &pathType,
+									Backend: netv1.IngressBackend{
+										Service: &netv1.IngressServiceBackend{
+											Name: "platform-auth-service",
+											Port: netv1.ServiceBackendPort{
+												Number: 9443,
+											},
+										},
+									},
+								},
+							},
+						},
+					},
+				},
+			},
+		},
+	}
+
+	// Set Authentication instance as the owner and controller of the Ingress
+	err := controllerutil.SetControllerReference(instance, newIngress, scheme)
+	if err != nil {
+		reqLogger.Error(err, "Failed to set owner for Ingress")
+		return nil
+	}
+	return newIngress
+
+}
+
 func platformIdProviderIngress(instance *operatorv1alpha1.Authentication, scheme *runtime.Scheme) *netv1.Ingress {
 	pathType := netv1.PathType("ImplementationSpecific")
 	reqLogger := log.WithValues("Instance.Namespace", instance.Namespace, "Instance.Name", instance.Name)
diff --git a/controllers/operator/resourcestatus.go b/controllers/operator/resourcestatus.go
index 934f918b..11cfd52a 100644
--- a/controllers/operator/resourcestatus.go
+++ b/controllers/operator/resourcestatus.go
@@ -278,6 +278,7 @@ func (r *AuthenticationReconciler) getCurrentServiceStatus(ctx context.Context,
 		names: []string{
 			"id-mgmt",
 			"platform-auth",
+			"platform-id-auth",
 			"platform-id-provider",
 			"platform-login",
 			"platform-oidc",
diff --git a/controllers/operator/routes.go b/controllers/operator/routes.go
index 05e14006..bf370c5a 100644
--- a/controllers/operator/routes.go
+++ b/controllers/operator/routes.go
@@ -235,6 +235,18 @@ func (r *AuthenticationReconciler) getAllRoutesFields(authCR *operatorv1alpha1.A
 				DestinationCAcert: platformIdentityProviderCert,
 				ServiceName:       PlatformIdentityProviderServiceName,
 			},
+			"platform-id-auth": {
+				Annotations: map[string]string{
+					"haproxy.router.openshift.io/balance":        "source",
+					"haproxy.router.openshift.io/rewrite-target": "/",
+				},
+				Name:              "platform-id-auth",
+				RouteHost:         routeHost,
+				RoutePath:         "/idauth",
+				RoutePort:         9443,
+				DestinationCAcert: platformAuthCert,
+				ServiceName:       PlatformAuthServiceName,
+			},
 			"platform-id-provider": {
 				Annotations: map[string]string{
 					"haproxy.router.openshift.io/rewrite-target": "/",