diff --git a/docs/configuring-playbook-synapse.md b/docs/configuring-playbook-synapse.md
index d5f126f57..54e5e6e31 100644
--- a/docs/configuring-playbook-synapse.md
+++ b/docs/configuring-playbook-synapse.md
@@ -27,8 +27,7 @@ matrix_synapse_password_config_enabled: true
 Add this to allow seamless forwarding to element web app and element android app. Without this setting matrix will ask the user if he trusts the app he tries to login.  
 
 ```yaml
-matrix_synapse_sso:
-  client_whitelist:
+matrix_synapse_sso_client_whitelist:
   - "https://element.{{ matrix_domain }}/"
   - element://element
 
diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml
index 6d1b4612c..b4e711441 100644
--- a/roles/matrix-synapse/defaults/main.yml
+++ b/roles/matrix-synapse/defaults/main.yml
@@ -463,6 +463,10 @@ matrix_synapse_oidc_config:
       display_name_template: "{{ matrix_synapse_oidc_display_name_template }}"
 
 # Set trusted SSO resources, e.g. [ "https://element.matrix.domain" ]
-matrix_synapse_sso:
-  client_whitelist: []
+matrix_synapse_sso_client_whitelist: |
+  {{
+    []
+    +
+    ([matrix_server_fqn_element, "element://element"] if matrix_client_element_enabled else [])
+  }}
 
diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2
index 5892bfa26..2505f058a 100644
--- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2
+++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2
@@ -1852,7 +1852,7 @@ sso:
     #
     # By default, this list is empty.
     #
-    client_whitelist: {{ matrix_synapse_sso.client_whitelist|to_json }}
+    client_whitelist: {{ matrix_synapse_sso_client_whitelist|to_json }}
     #  - https://riot.im/develop
     #  - https://my.custom.client/