diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
index 7805d30bf..c6623070c 100644
--- a/config/manager/manager.yaml
+++ b/config/manager/manager.yaml
@@ -25,6 +25,9 @@ spec:
       containers:
       - command:
         - /manager
+        env:
+        - name: MANUAL_CSR_APPROVAL
+          value: '${MANUAL_CSR_APPROVAL}'
         args:
         - --enable-leader-election
         - "--metrics-bind-addr=127.0.0.1:8080"
diff --git a/docs/getting_started.md b/docs/getting_started.md
index dfa2f4ec2..58f00a6cd 100644
--- a/docs/getting_started.md
+++ b/docs/getting_started.md
@@ -48,6 +48,7 @@ into a management cluster by using `clusterctl init`.
 ```shell
 clusterctl init --infrastructure byoh
 ```
+Note: By default, CSRs generated by BYOH host agents are automatically approved during registration. If we want to disable automatic approval, then set variable `MANUAL_CSR_APPROVAL: "true"` in clusterctl config file. Reference for setting variables in clusterctl can be found [here](https://cluster-api.sigs.k8s.io/clusterctl/configuration.html#variables).
 
 ## Creating a BYOH workload cluster
  
diff --git a/test/e2e/config/provider.yaml b/test/e2e/config/provider.yaml
index 5f6a5e678..c8751a03a 100644
--- a/test/e2e/config/provider.yaml
+++ b/test/e2e/config/provider.yaml
@@ -100,6 +100,7 @@ variables:
   INIT_WITH_BINARY: "https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.1.3/clusterctl-{OS}-{ARCH}"
   BUNDLE_LOOKUP_TAG: "v1.23.5"
   CONTROL_PLANE_ENDPOINT_IP: ""
+  MANUAL_CSR_APPROVAL: "abcd"
 
 intervals:
   default/wait-controllers: ["3m", "10s"]