diff --git a/apps/emqx_dashboard/src/emqx_dashboard_schema.erl b/apps/emqx_dashboard/src/emqx_dashboard_schema.erl
index 7427e81da..59be9706e 100644
--- a/apps/emqx_dashboard/src/emqx_dashboard_schema.erl
+++ b/apps/emqx_dashboard/src/emqx_dashboard_schema.erl
@@ -68,7 +68,7 @@ fields("dashboard") ->
                     importance => ?IMPORTANCE_HIDDEN
                 }
             )}
-    ];
+    ] ++ sso_fields();
 fields("listeners") ->
     [
         {"http",
@@ -299,3 +299,18 @@ https_converter(Conf = #{}, _Opts) ->
     Conf1#{<<"ssl_options">> => SslOpts};
 https_converter(Conf, _Opts) ->
     Conf.
+
+-if(?EMQX_RELEASE_EDITION == ee).
+sso_fields() ->
+    [
+        {sso,
+            ?HOCON(
+                ?R_REF(emqx_dashboard_sso_schema, sso),
+                #{required => {false, recursively}}
+            )}
+    ].
+
+-else.
+sso_fields() ->
+    [].
+-endif.
diff --git a/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_api.erl b/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_api.erl
index c19d2b66e..986c28d67 100644
--- a/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_api.erl
+++ b/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_api.erl
@@ -40,6 +40,7 @@
 -define(BAD_REQUEST, 'BAD_REQUEST').
 -define(BACKEND_NOT_FOUND, 'BACKEND_NOT_FOUND').
 -define(TAGS, <<"Dashboard Single Sign-On">>).
+-define(MOD_KEY_PATH, [dashboard, sso]).
 
 namespace() -> "dashboard_sso".
 
@@ -139,7 +140,7 @@ fields(backend_status) ->
 %%--------------------------------------------------------------------
 
 running(get, _Request) ->
-    SSO = emqx:get_config([dashboard_sso], #{}),
+    SSO = emqx:get_config(?MOD_KEY_PATH, #{}),
     {200,
         lists:filtermap(
             fun
@@ -174,7 +175,7 @@ login(post, #{bindings := #{backend := Backend}} = Request) ->
     end.
 
 sso(get, _Request) ->
-    SSO = emqx:get_config([dashboard_sso], #{}),
+    SSO = emqx:get_config(?MOD_KEY_PATH, #{}),
     {200,
         lists:map(
             fun(Backend) ->
@@ -184,7 +185,7 @@ sso(get, _Request) ->
         )}.
 
 backend(get, #{bindings := #{backend := Type}}) ->
-    case emqx:get_config([dashboard_sso, Type], undefined) of
+    case emqx:get_config(?MOD_KEY_PATH ++ [Type], undefined) of
         undefined ->
             {404, #{code => ?BACKEND_NOT_FOUND, message => <<"Backend not found">>}};
         Backend ->
diff --git a/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_manager.erl b/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_manager.erl
index afa27cb47..71f2d92d8 100644
--- a/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_manager.erl
+++ b/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_manager.erl
@@ -40,7 +40,7 @@
 
 -import(emqx_dashboard_sso, [provider/1]).
 
--define(MOD_KEY_PATH, [dashboard_sso]).
+-define(MOD_KEY_PATH, [dashboard, sso]).
 -define(RESOURCE_GROUP, <<"emqx_dashboard_sso">>).
 -define(DEFAULT_RESOURCE_OPTS, #{
     start_after_created => false
@@ -66,7 +66,7 @@ running() ->
                 Acc
         end,
         [],
-        emqx:get_config([emqx_dashboard_sso])
+        emqx:get_config(?MOD_KEY_PATH)
     ).
 
 update(Backend, Config) ->
@@ -151,7 +151,7 @@ format_status(_Opt, Status) ->
 %% Internal functions
 %%------------------------------------------------------------------------------
 start_backend_services() ->
-    Backends = emqx_conf:get([dashboard_sso], #{}),
+    Backends = emqx_conf:get(?MOD_KEY_PATH, #{}),
     lists:foreach(
         fun({Backend, Config}) ->
             Provider = provider(Backend),
@@ -174,7 +174,7 @@ start_backend_services() ->
     ).
 
 update_config(Backend, UpdateReq) ->
-    case emqx_conf:update([dashboard_sso], UpdateReq, #{override_to => cluster}) of
+    case emqx_conf:update(?MOD_KEY_PATH, UpdateReq, #{override_to => cluster}) of
         {ok, UpdateResult} ->
             #{post_config_update := #{?MODULE := Result}} = UpdateResult,
             ?SLOG(info, #{
@@ -194,10 +194,10 @@ update_config(Backend, UpdateReq) ->
 
 pre_config_update(_Path, {update, Backend, Config}, OldConf) ->
     BackendBin = bin(Backend),
-    {ok, OldConf#{BackendBin => Config}};
+    {ok, update_raw_sso_cfg(OldConf, BackendBin, Config)};
 pre_config_update(_Path, {delete, Backend}, OldConf) ->
     BackendBin = bin(Backend),
-    case maps:find(BackendBin, OldConf) of
+    case find_raw_sso_cfg(BackendBin, OldConf) of
         error ->
             throw(not_exists);
         {ok, _} ->
@@ -267,3 +267,13 @@ on_backend_updated(Error, _) ->
 bin(A) when is_atom(A) -> atom_to_binary(A, utf8);
 bin(L) when is_list(L) -> list_to_binary(L);
 bin(X) -> X.
+
+update_raw_sso_cfg(undefined, Backend, BackendCfg) ->
+    #{Backend => BackendCfg};
+update_raw_sso_cfg(RAW_SSOCfg, Backend, BackendCfg) ->
+    RAW_SSOCfg#{Backend => BackendCfg}.
+
+find_raw_sso_cfg(_Backend, undefined) ->
+    error;
+find_raw_sso_cfg(Backend, RAW_SSOCfg) ->
+    maps:find(Backend, RAW_SSOCfg).
diff --git a/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_schema.erl b/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_schema.erl
index b45bca8e5..92f9ba519 100644
--- a/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_schema.erl
+++ b/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_schema.erl
@@ -8,33 +8,32 @@
 -include_lib("typerefl/include/types.hrl").
 
 %% Hocon
--export([namespace/0, roots/0, fields/1, tags/0, desc/1]).
+-export([fields/1, desc/1]).
+
 -export([
     common_backend_schema/1,
     backend_schema/1,
     username_password_schema/0
 ]).
+
 -import(hoconsc, [ref/2, mk/2, enum/1]).
 
 %%------------------------------------------------------------------------------
 %% Hocon Schema
 %%------------------------------------------------------------------------------
-namespace() -> dashboard_sso.
-
-tags() ->
-    [<<"Dashboard Single Sign-On">>].
-
-roots() -> [dashboard_sso].
-
-fields(dashboard_sso) ->
+fields(sso) ->
     lists:map(
         fun({Type, Module}) ->
-            {Type, mk(emqx_dashboard_sso:hocon_ref(Module), #{required => {false, recursively}})}
+            {Type,
+                mk(
+                    emqx_dashboard_sso:hocon_ref(Module),
+                    #{required => {false, recursively}}
+                )}
         end,
         maps:to_list(emqx_dashboard_sso:backends())
     ).
 
-desc(dashboard_sso) ->
+desc(sso) ->
     "Dashboard Single Sign-On";
 desc(_) ->
     undefined.
diff --git a/apps/emqx_dashboard_sso/test/emqx_dashboard_sso_ldap_SUITE.erl b/apps/emqx_dashboard_sso/test/emqx_dashboard_sso_ldap_SUITE.erl
index 85cb23693..671276e59 100644
--- a/apps/emqx_dashboard_sso/test/emqx_dashboard_sso_ldap_SUITE.erl
+++ b/apps/emqx_dashboard_sso/test/emqx_dashboard_sso_ldap_SUITE.erl
@@ -29,7 +29,7 @@ all() ->
 
 init_per_suite(Config) ->
     _ = application:load(emqx_conf),
-    emqx_config:save_schema_mod_and_names(emqx_dashboard_sso_schema),
+    emqx_config:save_schema_mod_and_names(emqx_dashboard_schema),
     emqx_mgmt_api_test_util:init_suite([emqx_dashboard, emqx_dashboard_sso]),
     Config.
 
diff --git a/apps/emqx_enterprise/src/emqx_enterprise_schema.erl b/apps/emqx_enterprise/src/emqx_enterprise_schema.erl
index c238dcea4..a801825e0 100644
--- a/apps/emqx_enterprise/src/emqx_enterprise_schema.erl
+++ b/apps/emqx_enterprise/src/emqx_enterprise_schema.erl
@@ -11,8 +11,7 @@
 -define(EE_SCHEMA_MODULES, [
     emqx_license_schema,
     emqx_schema_registry_schema,
-    emqx_ft_schema,
-    emqx_dashboard_sso_schema
+    emqx_ft_schema
 ]).
 
 namespace() ->