diff --git a/tempest/templates/configmap-etc.yaml b/tempest/templates/configmap-etc.yaml
index d3ff5552b3..2860279e65 100644
--- a/tempest/templates/configmap-etc.yaml
+++ b/tempest/templates/configmap-etc.yaml
@@ -37,6 +37,25 @@ limitations under the License.
 {{- $_ := set .Values.conf.tempest.identity "region" .Values.endpoints.identity.auth.admin.region_name -}}
 {{- end -}}
 
+
+{{- if empty .Values.conf.tempest.dashboard.dashboard_url -}}
+{{- $endpointScheme := tuple "dashboard" "public" "web" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" }}
+{{- $endpointHost := tuple "dashboard" "public" . | include "helm-toolkit.endpoints.endpoint_host_lookup" }}
+{{- $endpointPort := tuple "dashboard" "public" "web" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+{{- $endpointPath := tuple "dashboard" "public" "web" . | include "helm-toolkit.endpoints.keystone_endpoint_path_lookup" }}
+    # When CSRF protection is enabled Refferer and Host header should match.
+    # Common browsers doesn't add default ports like 80 and 443 to the headers
+    # Use the same logic here to make sure test passed when CSRF protection is enabled and
+    # we using default port numbers. More info may be found here:
+    # * https://code.djangoproject.com/ticket/26037
+    # * https://stackoverflow.com/questions/27533011/django-csrf-error-casused-by-nginx-x-forwarded-host
+    {{- if eq $endpointPort "80" "443" }}
+        {{- printf "%s://%s%s" $endpointScheme $endpointHost $endpointPath | set .Values.conf.tempest.dashboard "dashboard_url" }}
+    {{- else }}
+        {{- printf "%s://%s:%s%s" $endpointScheme $endpointHost $endpointPort $endpointPath | set .Values.conf.tempest.dashboard "dashboard_url" }}
+    {{- end }}
+{{- end -}}
+
 ---
 apiVersion: v1
 kind: Secret
diff --git a/tempest/values.yaml b/tempest/values.yaml
index d9317063e1..c9da33b4ef 100644
--- a/tempest/values.yaml
+++ b/tempest/values.yaml
@@ -135,6 +135,7 @@ conf:
       # admin_domain_name value set by configmap-etc
       admin_domain_name: null
       use_dynamic_credentials: true
+    dashboard: {}
     identity:
       admin_domain_scope: false
       auth_version: v3
@@ -296,6 +297,27 @@ endpoints:
       api:
         default: 80
         internal: 5000
+  dashboard:
+    name: horizon
+    hosts:
+      default: horizon-int
+      public: horizon
+    host_fqdn_override:
+      default: null
+      # NOTE(portdirect): this chart supports TLS for fqdn over-ridden public
+      # endpoints using the following format:
+      # public:
+      #   host: null
+      #   tls:
+      #     crt: null
+      #     key: null
+    path:
+      default: null
+    scheme:
+      default: http
+    port:
+      web:
+        default: 80
 
 manifests:
   configmap_bin: true