diff --git a/cmd/argocd/commands/login.go b/cmd/argocd/commands/login.go
index abb2b004291c..2b356706a079 100644
--- a/cmd/argocd/commands/login.go
+++ b/cmd/argocd/commands/login.go
@@ -31,6 +31,7 @@ import (
 	"github.com/argoproj/argo-cd/v2/util/localconfig"
 	oidcutil "github.com/argoproj/argo-cd/v2/util/oidc"
 	"github.com/argoproj/argo-cd/v2/util/rand"
+	oidcconfig "github.com/argoproj/argo-cd/v2/util/settings"
 )
 
 // NewLoginCommand returns a new instance of `argocd login` command
@@ -306,6 +307,7 @@ func oauth2Login(
 	fmt.Printf("Opening browser for authentication\n")
 
 	var url string
+	var oidcconfig oidcconfig.OIDCConfig
 	grantType := oidcutil.InferGrantType(oidcConf)
 	opts := []oauth2.AuthCodeOption{oauth2.AccessTypeOffline}
 	if claimsRequested := oidcSettings.GetIDTokenClaims(); claimsRequested != nil {
@@ -316,6 +318,9 @@ func oauth2Login(
 	case oidcutil.GrantTypeAuthorizationCode:
 		opts = append(opts, oauth2.SetAuthURLParam("code_challenge", codeChallenge))
 		opts = append(opts, oauth2.SetAuthURLParam("code_challenge_method", "S256"))
+		if oidcconfig.DomainHint != "" {
+			opts = append(opts, oauth2.SetAuthURLParam("domain_hint", oidcconfig.DomainHint))
+		}
 		url = oauth2conf.AuthCodeURL(stateNonce, opts...)
 	case oidcutil.GrantTypeImplicit:
 		url, err = oidcutil.ImplicitFlowURL(oauth2conf, stateNonce, opts...)
diff --git a/docs/operator-manual/user-management/auth0.md b/docs/operator-manual/user-management/auth0.md
index 411517df05e0..c20b5f5af30c 100644
--- a/docs/operator-manual/user-management/auth0.md
+++ b/docs/operator-manual/user-management/auth0.md
@@ -39,6 +39,7 @@ data:
     issuer: https://<yourtenant>.<eu|us>.auth0.com/
     clientID: <theClientId>
     clientSecret: <theClientSecret>
+    domain_hint: <theDomainHint>
     requestedScopes:
     - openid
     - profile
diff --git a/util/settings/settings.go b/util/settings/settings.go
index 45da68945a59..7068fda32b74 100644
--- a/util/settings/settings.go
+++ b/util/settings/settings.go
@@ -171,6 +171,7 @@ func (o *oidcConfig) toExported() *OIDCConfig {
 		LogoutURL:                o.LogoutURL,
 		RootCA:                   o.RootCA,
 		EnablePKCEAuthentication: o.EnablePKCEAuthentication,
+		DomainHint:               o.DomainHint,
 	}
 }
 
@@ -188,6 +189,7 @@ type OIDCConfig struct {
 	LogoutURL                string                 `json:"logoutURL,omitempty"`
 	RootCA                   string                 `json:"rootCA,omitempty"`
 	EnablePKCEAuthentication bool                   `json:"enablePKCEAuthentication,omitempty"`
+	DomainHint               string                 `json:"domainHint,omitempty"`
 }
 
 // DEPRECATED. Helm repository credentials are now managed using RepoCredentials