diff --git a/mmv1/products/workstations/WorkstationCluster.yaml b/mmv1/products/workstations/WorkstationCluster.yaml
index e7eb8669697a..3e027a403c17 100644
--- a/mmv1/products/workstations/WorkstationCluster.yaml
+++ b/mmv1/products/workstations/WorkstationCluster.yaml
@@ -65,6 +65,15 @@ examples:
     test_vars_overrides:
       'key_short_name': '"tf-test-key-" + acctest.RandString(t, 10)'
       'value_short_name': '"tf-test-value-" + acctest.RandString(t, 10)'
+samples:
+  - name: "workstation_cluster_urls"
+    primary_resource_id: "default"
+    steps:
+      - name: "workstation_cluster_custom_urls"
+        vars:
+          cluster_id: "custom-urls-cluster"
+        resource_id_vars:
+          cluster_network_name: "workstations-network"
 parameters:
   - name: 'workstationClusterId'
     type: String
@@ -120,6 +129,17 @@ properties:
     type: String
     description: |
       Human-readable name for this resource.
+  - name: 'workstationAuthorizationUrl'
+    type: String
+    default_from_api: true
+    description: |
+      Specifies the redirect URL for unauthorized requests received by workstation VMs in this cluster.
+      Redirects to this endpoint will send a base64 encoded `state` query param containing the target workstation name and original request hostname. The endpoint is responsible for retrieving a token using `GenerateAccessToken` and redirecting back to the original hostname with the token.
+  - name: 'workstationLaunchUrl'
+    type: String
+    description: |
+      Specifies the launch URL for workstations in this cluster. Requests sent to unstarted workstations will be redirected to this URL.
+      Requests redirected to the launch endpoint will be sent with a `workstation` query parameter containing the full workstation resource. The launch endpoint is responsible for starting the workstation, polling it until it reaches `STATE_RUNNING`, and then issuing a redirect to the workstation's host URL.
   - name: 'degraded'
     type: Boolean
     description: |
diff --git a/mmv1/templates/terraform/samples/services/workstations/workstation_cluster_custom_urls.tf.tmpl b/mmv1/templates/terraform/samples/services/workstations/workstation_cluster_custom_urls.tf.tmpl
new file mode 100644
index 000000000000..8f24353a3379
--- /dev/null
+++ b/mmv1/templates/terraform/samples/services/workstations/workstation_cluster_custom_urls.tf.tmpl
@@ -0,0 +1,24 @@
+resource "google_workstations_workstation_cluster" "{{$.PrimaryResourceId}}" {
+  workstation_cluster_id = "{{index $.Vars "cluster_id"}}"
+  network                = google_compute_network.default.id
+  subnetwork             = google_compute_subnetwork.default.id
+  location               = "us-central1"
+
+  workstation_authorization_url = "https://workstations.cloud.google.com/ui/auth"
+  workstation_launch_url        = "https://console.cloud.google.com/workstations/launch"
+}
+
+data "google_project" "project" {
+}
+
+resource "google_compute_network" "default" {
+  name                    = "{{index $.ResourceIdVars "cluster_network_name"}}"
+  auto_create_subnetworks = false
+}
+
+resource "google_compute_subnetwork" "default" {
+  name          = "{{index $.ResourceIdVars "cluster_network_name"}}"
+  ip_cidr_range = "10.0.0.0/24"
+  region        = "us-central1"
+  network       = google_compute_network.default.name
+}