diff --git a/agent/auto-config/tls.go b/agent/auto-config/tls.go
index c152203082..ab647b515b 100644
--- a/agent/auto-config/tls.go
+++ b/agent/auto-config/tls.go
@@ -216,7 +216,7 @@ func (ac *AutoConfig) generateCSR() (csr string, key string, err error) {
 		Host:       unknownTrustDomain,
 		Datacenter: ac.config.Datacenter,
 		Agent:      ac.config.NodeName,
-		// TODO(rb)(partitions): populate the partition field from the agent config
+		Partition:  ac.config.PartitionOrDefault(),
 	}
 
 	caConfig, err := ac.config.ConnectCAConfiguration()
diff --git a/agent/connect/uri_agent_oss.go b/agent/connect/uri_agent_oss.go
index bf13697ee3..0936d680a2 100644
--- a/agent/connect/uri_agent_oss.go
+++ b/agent/connect/uri_agent_oss.go
@@ -2,7 +2,17 @@
 
 package connect
 
-import "fmt"
+import (
+	"fmt"
+
+	"github.com/hashicorp/consul/agent/structs"
+)
+
+// GetEnterpriseMeta will synthesize an EnterpriseMeta struct from the SpiffeIDAgent.
+// in OSS this just returns an empty (but never nil) struct pointer
+func (id SpiffeIDAgent) GetEnterpriseMeta() *structs.EnterpriseMeta {
+	return &structs.EnterpriseMeta{}
+}
 
 func (id SpiffeIDAgent) uriPath() string {
 	return fmt.Sprintf("/agent/client/dc/%s/id/%s", id.Datacenter, id.Agent)
diff --git a/agent/consul/connect_ca_endpoint.go b/agent/consul/connect_ca_endpoint.go
index c1f6a19be9..a08cf27cc5 100644
--- a/agent/consul/connect_ca_endpoint.go
+++ b/agent/consul/connect_ca_endpoint.go
@@ -186,8 +186,7 @@ func (s *ConnectCA) Sign(
 				"we are %s", serviceID.Datacenter, s.srv.config.Datacenter)
 		}
 	} else if isAgent {
-		// TODO(partitions): support auto-config in different partitions
-		structs.DefaultEnterpriseMetaInDefaultPartition().FillAuthzContext(&authzContext)
+		agentID.GetEnterpriseMeta().FillAuthzContext(&authzContext)
 		if authz.NodeWrite(agentID.Agent, &authzContext) != acl.Allow {
 			return acl.ErrPermissionDenied
 		}
diff --git a/agent/consul/leader_connect_ca.go b/agent/consul/leader_connect_ca.go
index ed4f30c6cc..78753b1541 100644
--- a/agent/consul/leader_connect_ca.go
+++ b/agent/consul/leader_connect_ca.go
@@ -1438,8 +1438,7 @@ func (c *CAManager) SignCertificate(csr *x509.CertificateRequest, spiffeID conne
 
 			csr.URIs = uris
 		}
-		// TODO(partitions): support auto-config in different partitions
-		entMeta.Merge(structs.DefaultEnterpriseMetaInDefaultPartition())
+		entMeta.Merge(agentID.GetEnterpriseMeta())
 	}
 
 	commonCfg, err := config.GetCommonConfig()