diff --git a/roles/synapse/defaults/main.yaml b/roles/synapse/defaults/main.yaml
index df88555..a31db76 100644
--- a/roles/synapse/defaults/main.yaml
+++ b/roles/synapse/defaults/main.yaml
@@ -18,3 +18,4 @@ synapse_auto_accept_invites:
 synapse_auto_join_rooms: []
 
 synapse_smtp_server: ""
+synapse_oidc_provider_client_id: ""
diff --git a/roles/synapse/meta/argument_specs.yaml b/roles/synapse/meta/argument_specs.yaml
index f03dc69..c961e2c 100644
--- a/roles/synapse/meta/argument_specs.yaml
+++ b/roles/synapse/meta/argument_specs.yaml
@@ -88,6 +88,29 @@ argument_specs:
         default: []
         elements: str
 
+      synapse_oidc_provider_client_id:
+        type: str
+        required: false
+        default: ""
+      synapse_oidc_provider_name:
+        description: Required if synapse_oidc_provider_client_id is set
+        type: str
+      synapse_oidc_provider_client_secret:
+        description: Required if synapse_oidc_provider_client_id is set
+        type: str
+      synapse_oidc_provider_issuer:
+        description: Required if synapse_oidc_provider_client_id is set
+        type: str
+      synapse_oidc_provider_scope:
+        description: Required if synapse_oidc_provider_client_id is set
+        type: list
+        elements: str
+      synapse_oidc_provider_mas_claims_imports:
+        description:
+          - Passed to matrix authentication service.
+          - See https://element-hq.github.io/matrix-authentication-service/setup/sso.html#user-attributes-mapping
+        type: dict
+
       synapse_postgres_tag:
         description: Postgres tag to use for synapse postgres container
         type: str
diff --git a/roles/synapse/tasks/main.yaml b/roles/synapse/tasks/main.yaml
index 099fe33..d36d300 100644
--- a/roles/synapse/tasks/main.yaml
+++ b/roles/synapse/tasks/main.yaml
@@ -75,3 +75,10 @@
     matrix_authentication_service_email_smtp_user: "{{ synapse_email_smtp_user }}"
     matrix_authentication_service_email_smtp_password: "{{ synapse_email_smtp_password }}"
     matrix_authentication_service_email_from: "{{ synapse_email_from | replace('%(app)s', synapse_email_app_name) }}"
+
+    matrix_authentication_service_upstream_oauth2_client_id: "{{ synapse_oidc_provider_client_id }}"
+    matrix_authentication_service_upstream_oauth2_client_secret: "{{ synapse_oidc_provider_client_secret }}"
+    matrix_authentication_service_upstream_oauth2_issuer: "{{ synapse_oidc_provider_issuer }}"
+    matrix_authentication_service_upstream_oauth2_scope: "{{ synapse_oidc_provider_scopes | join(' ') }}"
+    matrix_authentication_service_upstream_oauth2_claims_imports: "{{ synapse_oidc_provider_mas_claims_imports }}"
+    matrix_authentication_service_upstream_oauth2_human_name: "{{ synapse_oidc_provider_name }}"