diff --git a/hosts/defiant/services/matrix/synapse.nix b/hosts/defiant/services/matrix/synapse.nix
index 6dc2397..0c846d6 100644
--- a/hosts/defiant/services/matrix/synapse.nix
+++ b/hosts/defiant/services/matrix/synapse.nix
@@ -6,6 +6,12 @@
     group = "matrix-synapse";
   };
 
+  sops.secrets."matrix/synapse/oidcsecret" = {
+    restartUnits = [ "matrix-synapse.service" ];
+    owner = "matrix-synapse";
+    group = "matrix-synapse";
+  };
+
   services.matrix-synapse-next = {
     enable = true;
     enableNginx = true;
@@ -69,6 +75,21 @@
       tls_certificate_path = "/etc/ssl-snakeoil/matrix_feal_no.crt";
       tls_private_key_path = "/etc/ssl-snakeoil/matrix_feal_no.key";
 
+      oidc_providers = [
+        {
+          idp_id = "keycloak";
+          idp_name = "Keycloak";
+          issuer = "https://iam.feal.no/realms/feal.no";
+          client_id = "matrix-synapse";
+          client_secret_path = config.sops.secrets."matrix/synapse/oidcsecret".path;
+          user_mapping_provicer.config = {
+            localpart_template = "{{ user.preferred_username }}";
+            display_name_template = "{{ user.name }}";
+          };
+          backchannel_logout_enabled = true;
+          enable_registration = false;
+        }
+      ];
     };
   };
 
diff --git a/secrets/defiant/defiant.yaml b/secrets/defiant/defiant.yaml
index 31ee357..e51f3b6 100644
--- a/secrets/defiant/defiant.yaml
+++ b/secrets/defiant/defiant.yaml
@@ -1,6 +1,7 @@
 matrix:
     synapse:
-        registrationsecret: ENC[AES256_GCM,data:6gRW6t080VSyNRAmIrMqXL/oj7dj0JbcQekG3lac7zcdvJbgkUaqEGoWdrym2XiEOSLBOVMthnpLdalC2wcyJdmxB7xMNsYS4RfjR3PMKIo1Ap7JSmuKBl3eeaOalHk=,iv:dZl4/qFMoqEbSwL4JF/sjG21e6DuKVxbXwrGHkxfW4U=,tag:LWdCcmUUeTO4YAHkHOSJuw==,type:str]
+        registrationsecret: ENC[AES256_GCM,data:bWxzNB3c7GL6A4evVMoYJ2/q5TKyeSZzk05lUTMMDLBf3w/ks028oKjntGWbAvpSbnYPAO5wGPPKrvh8TnMVfjuBVrBtL8Vmt10t7YU/e15Xo0WvtwuAtjF6AWiGbV8=,iv:/KW9n2wuVua6zsmMZ/tq7J3wgmtrkLsh6aOWX0Z+fqo=,tag:aoIpD0JgsVnhlyDcsjx1eg==,type:str]
+        oidcsecret: ENC[AES256_GCM,data:AKUTKQStFwioRaRYnrFbL/kJM0ZO/ZPLumG+770+A7U=,iv:jSpL6dY27zwctra5w56loVR9rRETWe5eIeMnAn9f6S0=,tag:IoEP8UzoZK7B5LtTu9Ebsw==,type:str]
 hedgedoc:
     env: ENC[AES256_GCM,data:30kDNwJA/nL2/l1gSVPWgFYIrrxnhKbsQPaS1MqeaggjDpPxyNOhSLf5/p5Z5S/jDuJapevpQR70hfAM8g3gLRNIFtP38V/8w0lUngpuz6MzL7THdNfbabOKsHpNht+nxwGXE1YSd0D4OuX5ll5pLWT8nQtNhhOzuYmDIJ/Xc01lmcGc2ThsA0GlkWZxUw==,iv:ht6BiCYJReWFoR1zpo/X0bcgMV9tYfXUM7Re2ngEk4M=,tag:XrlYHyhVujhhWul3czSTDg==,type:str]
 vaultwarden:
@@ -36,8 +37,8 @@ sops:
             RXcvQU1JYnl0bUtocTZuNkRxcGQwR2MKnyAYtF2y7XBmNuIYi6RzqEJEPPg7B22A
             fQVeDfIhiNSVva784KTU+y4TU1UPxumriRrLRFPF3h42ZEq2zQAgrQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-06-10T09:40:44Z"
-    mac: ENC[AES256_GCM,data:HgzZvi14Dgacvax54pqeGXowfiFAZIaLhkmJZieL+pUMiZKKp5vo8M4j2ZyM4DB/a9j58Ao1xlykCnit/vfUgeRJlqZsGedMDLtDvW6mEwHNwZwxvX3Zmsykl/Nt4FZS47jdB5J/1r/vAjtVos7K9UWBfiQUH0EJp6OpVWrWzrc=,iv:64G2tA5tqeJjZPunGFJYhP4z4di0PTCqVzA7QlvTETY=,tag:O2zaf0qRwiSwcrfMQE2uKA==,type:str]
+    lastmodified: "2024-06-10T17:02:13Z"
+    mac: ENC[AES256_GCM,data:vHwX4i0SqiMI+laj079uNvO/6QKzqAoS4JmhUIW/1F7xjtd/Wv5Ia/00EexMMw59cvaDW/k7QB13xyHNixloFhH5aXi3bF8b8uIP6U3K0nlbIYp2tVRU3m/FtkhabzIuP5o/sfoO+gfcuHfTQxjwcap8Tx3VsecjJO0PaR9+EHU=,iv:6c0hRRRddD535GH9zGWnaBnq0jcSlyN0dPIEW+ldGew=,tag:185qSz+tgfXg/f65sf/y+Q==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1