diff --git a/changelog/23119.txt b/changelog/23119.txt
new file mode 100644
index 000000000..fd5f694db
--- /dev/null
+++ b/changelog/23119.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+ui: Added allowed_domains_template field for CA type role in SSH engine
+```
diff --git a/ui/app/models/role-ssh.js b/ui/app/models/role-ssh.js
index f66e3b93b..2371d4661 100644
--- a/ui/app/models/role-ssh.js
+++ b/ui/app/models/role-ssh.js
@@ -31,6 +31,7 @@ const CA_FIELDS = [
   'allowedUsers',
   'allowedUsersTemplate',
   'allowedDomains',
+  'allowedDomainsTemplate',
   'ttl',
   'maxTtl',
   'allowedCriticalOptions',
@@ -76,12 +77,16 @@ export default Model.extend({
   }),
   allowedUsersTemplate: attr('boolean', {
     helpText:
-      'Specifies that Allowed users can be templated e.g. {{identity.entity.aliases.mount_accessor_xyz.name}}',
+      'Specifies that Allowed Users can be templated e.g. {{identity.entity.aliases.mount_accessor_xyz.name}}',
   }),
   allowedDomains: attr('string', {
     helpText:
       'List of domains for which a client can request a certificate (e.g. `example.com`, or `*` to allow all)',
   }),
+  allowedDomainsTemplate: attr('boolean', {
+    helpText:
+      'Specifies that Allowed Domains can be set using identity template policies. Non-templated domains are also permitted.',
+  }),
   cidrList: attr('string', {
     helpText: 'List of CIDR blocks for which this role is applicable',
   }),