diff --git a/docker-compose.yml b/docker-compose.yml
index 4ce9194..1fd7e7f 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -443,7 +443,33 @@ services:
       PAPERLESS_TIKA_ENABLED: 1
       PAPERLESS_TIKA_GOTENBERG_ENDPOINT: http://gotenberg:3000
       PAPERLESS_TIKA_ENDPOINT: http://tika:9998
-      PAPERLESS_URL: "https://paperless.${DOMAIN}"
+      PAPERLESS_URL: "https://paperless.${DOMAIN_LOCAL}"
+      PAPERLESS_APPS: allauth.socialaccount.providers.openid_connect
+      PAPERLESS_SOCIALACCOUNT_PROVIDERS: >
+          {
+            "openid_connect": {
+              "OAUTH_PKCE_ENABLED": true,
+              "APPS": [
+                {
+                  "provider_id": "authentik",
+                  "name": "authentik",
+                  "client_id": "h73QXG52ujoT2XuF6nIf7KaDk2swVbeMM6mHGDrj",
+                  "secret": "gQb5sAyoEeNDzT9MMELYN8dgIbXXyVVdFyudrHckanILu21baf3A1V9lzc29AH11YHsXK9ZJuNy6aaWWWWEVysImJ6MWRCTORfg3Fjhst1zDp9brr4QKpjzFUHMjaolK",
+                  "settings": {
+                    "server_url": "https://authentik.kucharczyk.xyz/application/o/paperless-ngx/.well-known/openid-configuration",
+                    "fetch_userinfo": true
+                  }
+                }
+              ],
+              "SCOPE": ["openid", "profile", "email"]
+            }
+          }
+      PAPERLESS_LOGOUT_REDIRECT_URL: "https://authentik.kucharczyk.xyz/application/o/paperless-ngx/end-session/"
+      # PAPERLESS_SOCIAL_AUTO_SIGNUP: true
+      # PAPERLESS_SOCIALACCOUNT_ALLOW_SIGNUPS: true
+      PAPERLESS_DISABLE_REGULAR_LOGIN: true
+      PAPERLESS_REDIRECT_LOGIN_TO_SSO: true
+
 
   gotenberg:
     image: docker.io/gotenberg/gotenberg:7.6