diff --git a/roles/docker-moodle/meta/schema.yml b/roles/docker-moodle/meta/schema.yml
index 7e95f55b..e783fcc5 100644
--- a/roles/docker-moodle/meta/schema.yml
+++ b/roles/docker-moodle/meta/schema.yml
@@ -3,7 +3,6 @@ credentials:
     description: "Password for the Moodle database user"
     algorithm: "bcrypt"
     validation: "^\\$2[aby]\\$.{56}$"
-
   user_password:
     description: "Initial password for the Moodle admin user"
     algorithm: "sha256"
diff --git a/roles/docker-moodle/tasks/main.yml b/roles/docker-moodle/tasks/main.yml
index 58d85582..7182b64e 100644
--- a/roles/docker-moodle/tasks/main.yml
+++ b/roles/docker-moodle/tasks/main.yml
@@ -12,3 +12,7 @@
 
 - name: "copy docker-compose.yml and env file"
   include_tasks: copy-docker-compose-and-env.yml
+
+- name: "Configure OIDC login for Moodle if enabled"
+  include_tasks: oidc.yml
+  when: applications | is_feature_enabled('oidc',application)
diff --git a/roles/docker-moodle/tasks/oidc.yml b/roles/docker-moodle/tasks/oidc.yml
new file mode 100644
index 00000000..5349809c
--- /dev/null
+++ b/roles/docker-moodle/tasks/oidc.yml
@@ -0,0 +1,33 @@
+---
+- name: "Ensure OIDC plugin is installed inside container"
+  command: >
+    docker exec {{ container_name }} bash -c '
+    set -e;
+    cd /bitnami/moodle;
+    if [ ! -d "auth/oidc" ]; then
+      git clone https://github.com/microsoft/moodle-auth_oidc.git auth/oidc;
+    fi'
+
+- name: "Upgrade Moodle to apply OIDC plugin"
+  command: "docker exec {{ container_name }} php admin/cli/upgrade.php --non-interactive"
+
+- name: "Set Moodle OIDC configuration via CLI"
+  loop:
+    - { name: "issuerurl", value: "{{ oidc.client.issuer_url }}" }
+    - { name: "clientid", value: "{{ oidc.client.id }}" }
+    - { name: "clientsecret", value: "{{ oidc.client.secret }}" }
+    - { name: "authmethod", value: "oidc" }
+    - { name: "loginflow", value: "authorization_code" }
+    - { name: "idpname", value: "Keycloak" }
+    - { name: "scopes", value: "openid profile email" }
+    - { name: "authenticationendpoint", value: "{{ oidc.client.authorize_url }}" }
+    - { name: "tokenendpoint", value: "{{ oidc.client.token_url }}" }
+    - { name: "userinfoendpoint", value: "{{ oidc.client.user_info_url }}" }
+  loop_control:
+    label: "{{ item.name }}"
+  command: >
+    docker exec {{ container_name }} php admin/cli/cfg.php --component=auth_oidc
+    --name={{ item.name }} --set="{{ item.value }}"
+
+- name: "Enable OIDC login"
+  command: "docker exec {{ container_name }} php admin/cli/cfg.php --name=auth --set=oidc"
diff --git a/roles/docker-moodle/templates/docker-compose.yml.j2 b/roles/docker-moodle/templates/docker-compose.yml.j2
index aac3e5b3..34dd495c 100644
--- a/roles/docker-moodle/templates/docker-compose.yml.j2
+++ b/roles/docker-moodle/templates/docker-compose.yml.j2
@@ -2,7 +2,7 @@ services:
 
 {% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
   moodle:
-    container_name: moodle
+    container_name: {{ container_name }}
     image: docker.io/bitnami/moodle:{{applications.moodle.version}}
     ports:
       - 127.0.0.1:{{ports.localhost.http[application_id]}}:8080
diff --git a/roles/docker-moodle/vars/configuration.yml b/roles/docker-moodle/vars/configuration.yml
index ff3c2472..34843923 100644
--- a/roles/docker-moodle/vars/configuration.yml
+++ b/roles/docker-moodle/vars/configuration.yml
@@ -9,6 +9,7 @@ features:
   css:                false
   portfolio_iframe:   false
   central_database:   true
+  oidc:               false
 csp:
   flags:
     script-src:
diff --git a/roles/docker-moodle/vars/main.yml b/roles/docker-moodle/vars/main.yml
index a87afd0d..d8f4d145 100644
--- a/roles/docker-moodle/vars/main.yml
+++ b/roles/docker-moodle/vars/main.yml
@@ -1,3 +1,4 @@
 ---
-application_id:     "moodle"
-database_type:      "mariadb"
\ No newline at end of file
+application_id: "moodle"
+database_type:  "mariadb"
+container_name: "{{ application_id }}"
\ No newline at end of file