diff --git a/x-pack/plugins/fleet/server/services/epm/registry/proxy.test.ts b/x-pack/plugins/fleet/server/services/epm/registry/proxy.test.ts
index d6e60eb11b23..1d888bef69ee 100644
--- a/x-pack/plugins/fleet/server/services/epm/registry/proxy.test.ts
+++ b/x-pack/plugins/fleet/server/services/epm/registry/proxy.test.ts
@@ -67,4 +67,65 @@ describe('getProxyAgentOptions', () => {
       rejectUnauthorized: undefined,
     });
   });
+  describe('auth property', () => {
+    describe('present & correct if given username and password', () => {
+      test('proxy url is http', () => {
+        const httpProxyWithAuth = {
+          proxyUrl: 'http://user:pass@example.com:8080/p/a/t/h',
+          targetUrl: 'https://epr.elastic.co/',
+        };
+        expect(getProxyAgentOptions(httpProxyWithAuth)).toEqual({
+          auth: 'user:pass',
+          headers: { Host: 'epr.elastic.co' },
+          host: 'example.com',
+          port: 8080,
+          protocol: 'http:',
+          rejectUnauthorized: undefined,
+        });
+      });
+      test('proxy url is https', () => {
+        const httpsProxyWithAuth = {
+          proxyUrl: 'https://user:pass@example.com:8080/p/a/t/h',
+          targetUrl: 'https://epr.elastic.co/',
+        };
+        expect(getProxyAgentOptions(httpsProxyWithAuth)).toEqual({
+          auth: 'user:pass',
+          headers: { Host: 'epr.elastic.co' },
+          host: 'example.com',
+          port: 8080,
+          protocol: 'https:',
+          rejectUnauthorized: undefined,
+        });
+      });
+    });
+
+    describe('missing if not given username and password', () => {
+      test('proxy url is http', () => {
+        const httpProxyWithout = {
+          proxyUrl: 'http://example.com:8080/p/a/t/h',
+          targetUrl: 'https://epr.elastic.co/',
+        };
+        expect(getProxyAgentOptions(httpProxyWithout)).toEqual({
+          headers: { Host: 'epr.elastic.co' },
+          host: 'example.com',
+          port: 8080,
+          protocol: 'http:',
+          rejectUnauthorized: undefined,
+        });
+      });
+      test('proxy url is https', () => {
+        const httpsProxyWithoutAuth = {
+          proxyUrl: 'https://example.com:8080/p/a/t/h',
+          targetUrl: 'https://epr.elastic.co/',
+        };
+        expect(getProxyAgentOptions(httpsProxyWithoutAuth)).toEqual({
+          headers: { Host: 'epr.elastic.co' },
+          host: 'example.com',
+          port: 8080,
+          protocol: 'https:',
+          rejectUnauthorized: undefined,
+        });
+      });
+    });
+  });
 });
diff --git a/x-pack/plugins/fleet/server/services/epm/registry/proxy.ts b/x-pack/plugins/fleet/server/services/epm/registry/proxy.ts
index ae1c13761052..97be49d83c0a 100644
--- a/x-pack/plugins/fleet/server/services/epm/registry/proxy.ts
+++ b/x-pack/plugins/fleet/server/services/epm/registry/proxy.ts
@@ -38,11 +38,15 @@ export function getProxyAgent(options: GetProxyAgentParams): ProxyAgent {
 export function getProxyAgentOptions(options: GetProxyAgentParams): HttpsProxyAgentOptions {
   const endpointParsed = new URL(options.targetUrl);
   const proxyParsed = new URL(options.proxyUrl);
+  const authValue = proxyParsed.username
+    ? `${proxyParsed.username}:${proxyParsed.password}`
+    : undefined;
 
   return {
     host: proxyParsed.hostname,
     port: Number(proxyParsed.port),
     protocol: proxyParsed.protocol,
+    auth: authValue,
     // The headers to send
     headers: options.proxyHeaders || {
       // the proxied URL's host is put in the header instead of the server's actual host