diff --git a/docs/sources/setup/install/helm/reference.md b/docs/sources/setup/install/helm/reference.md
index 43669ccd0b96d..e4df436b3ba8b 100644
--- a/docs/sources/setup/install/helm/reference.md
+++ b/docs/sources/setup/install/helm/reference.md
@@ -3106,6 +3106,9 @@ null
     "labels": {},
     "nodeSelector": {},
     "priorityClassName": "",
+    "rbac": {
+      "create": true
+    },
     "securityContext": {
       "fsGroup": 10001,
       "runAsGroup": 10001,
@@ -3475,6 +3478,9 @@ null
   "labels": {},
   "nodeSelector": {},
   "priorityClassName": "",
+  "rbac": {
+    "create": true
+  },
   "securityContext": {
     "fsGroup": 10001,
     "runAsGroup": 10001,
@@ -3584,6 +3590,17 @@ true
 			<td><pre lang="json">
 ""
 </pre>
+</td>
+		</tr>
+		<tr>
+			<td>enterprise.tokengen.rbac</td>
+			<td>object</td>
+			<td>Whether to create a ServiceAccount, a (Cluster)Role and a (Cluster)RoleBinding for the tokengen Job - this allows the components to be created externally when needed</td>
+			<td><pre lang="json">
+{
+  "create": true
+}
+</pre>
 </td>
 		</tr>
 		<tr>
diff --git a/production/helm/loki/CHANGELOG.md b/production/helm/loki/CHANGELOG.md
index fd833cdcea660..575f17a4256b6 100644
--- a/production/helm/loki/CHANGELOG.md
+++ b/production/helm/loki/CHANGELOG.md
@@ -13,6 +13,8 @@ Entries should include a reference to the pull request that introduced the chang
 
 [//]: # (<AUTOMATED_UPDATES_LOCATOR> : do not remove this line. This locator is used by the CI pipeline to automatically create a changelog entry for each new Loki release. Add other chart versions and respective changelog entries bellow this line.)
 
+- [FEATURE] Added a Helm Chart value to disable the rbac resource creation for the tokengen job.
+
 ## 6.25.0
 
 - [BUGFIX] Removed minio-mc init container from admin-api.
diff --git a/production/helm/loki/templates/tokengen/clusterrole-tokengen.yaml b/production/helm/loki/templates/tokengen/clusterrole-tokengen.yaml
index d357622cb2246..0a792b2aa74af 100644
--- a/production/helm/loki/templates/tokengen/clusterrole-tokengen.yaml
+++ b/production/helm/loki/templates/tokengen/clusterrole-tokengen.yaml
@@ -1,4 +1,4 @@
-{{ if and .Values.enterprise.tokengen.enabled .Values.enterprise.enabled }}
+{{ if and .Values.enterprise.tokengen.enabled .Values.enterprise.enabled .Values.enterprise.tokengen.rbac.create }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: {{ if not .Values.rbac.namespaced }}Cluster{{ end }}Role
diff --git a/production/helm/loki/templates/tokengen/clusterrolebinding-tokengen.yaml b/production/helm/loki/templates/tokengen/clusterrolebinding-tokengen.yaml
index fb21d8f64a87f..768a4fabdda2c 100644
--- a/production/helm/loki/templates/tokengen/clusterrolebinding-tokengen.yaml
+++ b/production/helm/loki/templates/tokengen/clusterrolebinding-tokengen.yaml
@@ -1,4 +1,4 @@
-{{ if and .Values.enterprise.tokengen.enabled .Values.enterprise.enabled }}
+{{ if and .Values.enterprise.tokengen.enabled .Values.enterprise.tokengen.rbac.create .Values.enterprise.enabled }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: {{ if not .Values.rbac.namespaced }}Cluster{{ end }}RoleBinding
diff --git a/production/helm/loki/templates/tokengen/serviceaccount-tokengen.yaml b/production/helm/loki/templates/tokengen/serviceaccount-tokengen.yaml
index 6f0e5a3b99935..13018d45ff7b1 100644
--- a/production/helm/loki/templates/tokengen/serviceaccount-tokengen.yaml
+++ b/production/helm/loki/templates/tokengen/serviceaccount-tokengen.yaml
@@ -1,4 +1,4 @@
-{{ if and .Values.enterprise.tokengen.enabled .Values.enterprise.enabled }}
+{{ if and .Values.enterprise.tokengen.enabled .Values.enterprise.tokengen.rbac.create .Values.enterprise.enabled }}
 ---
 apiVersion: v1
 kind: ServiceAccount
diff --git a/production/helm/loki/values.yaml b/production/helm/loki/values.yaml
index 378e8b8c268fd..43219b41e7825 100644
--- a/production/helm/loki/values.yaml
+++ b/production/helm/loki/values.yaml
@@ -543,6 +543,9 @@ enterprise:
     targetModule: "tokengen"
     # -- Additional CLI arguments for the `tokengen` target
     extraArgs: []
+    # -- Whether to create a ServiceAccount, a (Cluster)Role and a (Cluster)RoleBinding for the tokengen Job - this allows the components to be created externally when needed
+    rbac:
+      create: true
     # -- Additional Kubernetes environment
     env: []
     # -- Additional labels for the `tokengen` Job