diff --git a/vaultwarden/docker-compose.sso.yml b/vaultwarden/docker-compose.sso.yml
new file mode 100644
index 0000000..939ebff
--- /dev/null
+++ b/vaultwarden/docker-compose.sso.yml
@@ -0,0 +1,25 @@
+---
+
+services:
+  vaultwarden:
+    environment:
+      SSO_ENABLED: ${SSO_ENABLED:-true}
+      SSO_ONLY: ${SSO_ONLY:-true}
+      SSO_SIGNUPS_MATCH_EMAIL: ${SSO_SIGNUPS_MATCH_EMAIL:-true}
+      SSO_AUTHORITY: ${SSO_AUTHORITY}
+      SSO_SCOPES: ${SSO_SCOPES:-email groups profile offline_access}
+      SSO_AUTHORIZE_EXTRA_PARAMS: ${SSO_AUTHORIZE_EXTRA_PARAMS:-}
+      SSO_PKCE: ${SSO_PKCE:-false}
+      SSO_CLIENT_ID: ${SSO_CLIENT_ID}
+      SSO_CLIENT_SECRET: ${SSO_CLIENT_SECRET}
+      SSO_MASTER_PASSWORD_POLICY: ${SSO_MASTER_PASSWORD_POLICY:-}
+      SSO_AUTH_ONLY_NOT_SESSION: ${SSO_AUTH_ONLY_NOT_SESSION:-false}
+      SSO_CLIENT_CACHE_EXPIRATION: ${SSO_CLIENT_CACHE_EXPIRATION:-0}
+      SSO_DEBUG_TOKENS: ${SSO_DEBUG_TOKENS:-false}
+
+      SSO_FRONTEND: ${SSO_FRONTEND:-override}
+      SSO_EXPERIMENTAL_NO_MASTER_PWD: ${SSO_EXPERIMENTAL_NO_MASTER_PWD:-false}
+      SSO_ROLES_ENABLED: ${SSO_ROLES_ENABLED:-false}
+      SSO_ROLES_DEFAULT_TO_USER: ${SSO_ROLES_DEFAULT_TO_USER:-false}
+
+      SSO_ORGANIZATIONS_INVITE: ${SSO_ORGANIZATIONS_INVITE:-false}