diff --git a/services/jenkins/helmrelease.yaml b/services/jenkins/helmrelease.yaml
index d750b15..9d2e450 100644
--- a/services/jenkins/helmrelease.yaml
+++ b/services/jenkins/helmrelease.yaml
@@ -130,6 +130,23 @@ spec:
           }
       JCasC:
         configScripts:
+          security.yaml: |
+            jenkins:
+              securityRealm:
+                oic:
+                  clientId: "${OIDC_CLIENT_ID}"
+                  clientSecret: "${OIDC_CLIENT_SECRET}"
+                  wellKnownOpenIDConfigurationUrl: "${OIDC_ISSUER}/.well-known/openid-configuration"
+                  scopes: "openid profile email"
+                  userNameField: "preferred_username"
+                  fullNameFieldName: "name"
+                  emailFieldName: "email"
+                  groupsFieldName: "groups"
+                  logoutFromOpenidProvider: true
+                  rootURLFromRequest: true
+              authorizationStrategy:
+                loggedInUsersCanDoAnything:
+                  allowAnonymousRead: false
           creds.yaml: |
             credentials:
               system: