diff --git a/cmd/bridge/main.go b/cmd/bridge/main.go
index 731ecb0515e..50edd9d709e 100644
--- a/cmd/bridge/main.go
+++ b/cmd/bridge/main.go
@@ -381,24 +381,6 @@ func main() {
 		},
 	}
 
-	srv.MonitoringDashboardConfigMapLister = &server.ResourceLister{
-		BearerToken: k8sAuthServiceAccountBearerToken,
-		RequestURL: &url.URL{
-			Scheme: k8sEndpoint.Scheme,
-			Host:   k8sEndpoint.Host,
-			Path:   "/api/v1/namespaces/openshift-config-managed/configmaps",
-			RawQuery: url.Values{
-				"labelSelector": {"console.openshift.io/dashboard=true"},
-			}.Encode(),
-		},
-
-		Client: &http.Client{
-			Transport: &http.Transport{
-				TLSClientConfig: srv.K8sProxyConfig.TLSClientConfig,
-			},
-		},
-	}
-
 	switch *fUserAuth {
 	case "oidc", "openshift":
 		bridge.ValidateFlagNotEmpty("base-address", *fBaseAddress)
@@ -497,21 +479,43 @@ func main() {
 		bridge.FlagFatalf("user-auth", "must be one of: oidc, disabled")
 	}
 
+	var resourceListerToken string
 	switch *fK8sAuth {
 	case "service-account":
 		bridge.ValidateFlagIs("k8s-mode", *fK8sMode, "in-cluster")
 		srv.StaticUser = &auth.User{
 			Token: k8sAuthServiceAccountBearerToken,
 		}
+		resourceListerToken = k8sAuthServiceAccountBearerToken
 	case "bearer-token":
 		bridge.ValidateFlagNotEmpty("k8s-auth-bearer-token", *fK8sAuthBearerToken)
 		srv.StaticUser = &auth.User{
 			Token: *fK8sAuthBearerToken,
 		}
+		resourceListerToken = *fK8sAuthBearerToken
 	case "oidc", "openshift":
 		bridge.ValidateFlagIs("user-auth", *fUserAuth, "oidc", "openshift")
+		resourceListerToken = k8sAuthServiceAccountBearerToken
 	default:
-		bridge.FlagFatalf("k8s-mode", "must be one of: service-account, bearer-token, oidc")
+		bridge.FlagFatalf("k8s-mode", "must be one of: service-account, bearer-token, oidc, openshift")
+	}
+
+	srv.MonitoringDashboardConfigMapLister = &server.ResourceLister{
+		BearerToken: resourceListerToken,
+		RequestURL: &url.URL{
+			Scheme: k8sEndpoint.Scheme,
+			Host:   k8sEndpoint.Host,
+			Path:   "/api/v1/namespaces/openshift-config-managed/configmaps",
+			RawQuery: url.Values{
+				"labelSelector": {"console.openshift.io/dashboard=true"},
+			}.Encode(),
+		},
+
+		Client: &http.Client{
+			Transport: &http.Transport{
+				TLSClientConfig: srv.K8sProxyConfig.TLSClientConfig,
+			},
+		},
 	}
 
 	listenURL := bridge.ValidateFlagIsURL("listen", *fListen)