diff --git a/abra.sh b/abra.sh
index f4b12f2..af39f71 100644
--- a/abra.sh
+++ b/abra.sh
@@ -159,6 +159,23 @@ set_authentik() {
     run_occ 'config:system:set lost_password_link --value=disabled'
 }
 
+set_user_oidc() {
+    install_apps user_oidc
+    USER_OIDC_SECRET=$(cat /run/secrets/user_oidc_secret)
+    run_occ "user_oidc:provider \
+            --clientid=${USER_OIDC_ID} \
+            --clientsecret=${USER_OIDC_SECRET} \
+            --discoveryuri=${USER_OIDC_DISCOVERY_URI} \
+            --endsessionendpointuri=${USER_OIDC_END_SESSION_URI} \
+            --postlogouturi=https://${DOMAIN} \
+            --scope='openid email profile' \
+            ${USER_OIDC_PROVIDER}"
+    # disable non user_oidc login
+    if [[ ${USER_OIDC_LOGIN_ONLY:-false} = "true" ]]; then
+        run_occ "config:app:set --value=0 user_oidc allow_multiple_user_backends"
+    fi
+}
+
 disable_skeletondirectory() {
     run_occ "config:system:set skeletondirectory --value ''"
 }