diff --git a/docker/paperless/docker-compose.yml b/docker/paperless/docker-compose.yml
index 7327959..0cb0a16 100644
--- a/docker/paperless/docker-compose.yml
+++ b/docker/paperless/docker-compose.yml
@@ -48,3 +48,5 @@ services:
       PAPERLESS_ADMIN_USER: ${PAPERLESS_ADMIN_USER:-admin}
       PAPERLESS_ADMIN_MAIL: ${PAPERLESS_ADMIN_MAIL:-admin@fukurokuju.dev}
       PAPERLESS_ADMIN_PASSWORD: ${PAPERLESS_ADMIN_PASSWORD}
+      PAPERLESS_APPS: allauth.socialaccount.providers.openid_connect
+      PAPERLESS_SOCIALACCOUNT_PROVIDERS: ${PAPERLESS_SOCIALACCOUNT_PROVIDERS}
diff --git a/tofu/authentik/main.tf b/tofu/authentik/main.tf
index accccd8..e18ee31 100644
--- a/tofu/authentik/main.tf
+++ b/tofu/authentik/main.tf
@@ -102,3 +102,17 @@ module "portainer" {
   app_url         = "https://containers.fukurokuju.dev/"
   sub_mode        = "hashed_user_id"
 }
+
+module "paperless" {
+  source              = "../modules/authentik-oidc"
+  app_name            = "Paperless"
+  app_slug            = "paperless"
+  client_id           = var.paperless_client_id
+  client_secret       = var.paperless_client_secret
+  app_access_group_id = ""
+  redirect_uris       = ["https://paperless.roboces.dev/accounts/oidc/authentik/login/callback/"]
+  app_icon            = "https://paperless.roboces.dev/favicon.ico"
+  app_description     = "Document manager"
+  app_publisher       = "Paperless"
+  app_url             = "https://paperless.roboces.dev"
+}
diff --git a/tofu/authentik/vars.tf b/tofu/authentik/vars.tf
index 55bf825..8289ea7 100644
--- a/tofu/authentik/vars.tf
+++ b/tofu/authentik/vars.tf
@@ -47,3 +47,13 @@ variable "portainer_client_secret" {
   description = "Client secret"
   type        = string
 }
+
+variable "paperless_client_id" {
+  description = "Paperless client ID"
+  type        = string
+}
+
+variable "paperless_client_secret" {
+  description = "Paperless client secret"
+  type        = string
+}