diff --git a/google/auth/credentials.py b/google/auth/credentials.py
index 3ae9c4011..80a2a5c0b 100644
--- a/google/auth/credentials.py
+++ b/google/auth/credentials.py
@@ -54,6 +54,9 @@ def __init__(self):
         self._trust_boundary = None
         """Optional[str]: Encoded string representation of credentials trust
         boundary."""
+        self._universe_domain = "googleapis.com"
+        """Optional[str]: The universe domain value, default is googleapis.com
+        """
 
     @property
     def expired(self):
@@ -85,6 +88,11 @@ def quota_project_id(self):
         """Project to use for quota and billing purposes."""
         return self._quota_project_id
 
+    @property
+    def universe_domain(self):
+        """The universe domain value."""
+        return self._universe_domain
+
     @abc.abstractmethod
     def refresh(self, request):
         """Refreshes the access token.
diff --git a/google/oauth2/credentials.py b/google/oauth2/credentials.py
index 5becb7c1d..4643fdbea 100644
--- a/google/oauth2/credentials.py
+++ b/google/oauth2/credentials.py
@@ -173,6 +173,7 @@ def __setstate__(self, d):
         self._rapt_token = d.get("_rapt_token")
         self._enable_reauth_refresh = d.get("_enable_reauth_refresh")
         self._trust_boundary = d.get("_trust_boundary")
+        self._universe_domain = d.get("_universe_domain")
         # The refresh_handler setter should be used to repopulate this.
         self._refresh_handler = None
 
diff --git a/tests/oauth2/test_service_account.py b/tests/oauth2/test_service_account.py
index 058fc3f7d..b963b157c 100644
--- a/tests/oauth2/test_service_account.py
+++ b/tests/oauth2/test_service_account.py
@@ -70,7 +70,7 @@ def test_constructor_no_universe_domain(self):
         credentials = service_account.Credentials(
             SIGNER, self.SERVICE_ACCOUNT_EMAIL, self.TOKEN_URI, universe_domain=None
         )
-        assert credentials._universe_domain == service_account._DEFAULT_UNIVERSE_DOMAIN
+        assert credentials.universe_domain == service_account._DEFAULT_UNIVERSE_DOMAIN
 
     def test_from_service_account_info(self):
         credentials = service_account.Credentials.from_service_account_info(
@@ -88,7 +88,7 @@ def test_from_service_account_info_non_gdu(self):
             SERVICE_ACCOUNT_INFO_NON_GDU
         )
 
-        assert credentials._universe_domain == FAKE_UNIVERSE_DOMAIN
+        assert credentials.universe_domain == FAKE_UNIVERSE_DOMAIN
         assert credentials._always_use_jwt_access
 
     def test_from_service_account_info_args(self):
diff --git a/tests/test_credentials.py b/tests/test_credentials.py
index 594c3e58a..99235cda6 100644
--- a/tests/test_credentials.py
+++ b/tests/test_credentials.py
@@ -42,6 +42,7 @@ def test_credentials_constructor():
     assert not credentials.expiry
     assert not credentials.expired
     assert not credentials.valid
+    assert credentials.universe_domain == "googleapis.com"
 
 
 def test_expired_and_valid():
diff --git a/tests/test_external_account.py b/tests/test_external_account.py
index 9e9d1f58a..0b165bc70 100644
--- a/tests/test_external_account.py
+++ b/tests/test_external_account.py
@@ -498,6 +498,13 @@ def test_info(self):
             "universe_domain": "dummy_universe.com",
         }
 
+    def test_universe_domain(self):
+        credentials = self.make_credentials(universe_domain="dummy_universe.com")
+        assert credentials.universe_domain == "dummy_universe.com"
+
+        credentials = self.make_credentials()
+        assert credentials.universe_domain == external_account._DEFAULT_UNIVERSE_DOMAIN
+
     def test_info_workforce_pool(self):
         credentials = self.make_workforce_pool_credentials(
             workforce_pool_user_project=self.WORKFORCE_POOL_USER_PROJECT