diff --git a/ansible/roles/deploy_container_traefik/defaults/main.yml b/ansible/roles/deploy_container_traefik/defaults/main.yml
index 1eea22b..d11f345 100644
--- a/ansible/roles/deploy_container_traefik/defaults/main.yml
+++ b/ansible/roles/deploy_container_traefik/defaults/main.yml
@@ -8,6 +8,7 @@ container_traefik_san_domains:
   - "example.org"
 container_traefik_cloudflare_mail: "your-email@example.com"
 container_traefik_cloudflare_token: "your-cloudflare-token"
+container_traefik_auth: 'basic' # basic or sso
 container_traefik_basicauth_user: "admin"
 container_traefik_basicauth_password: "yourpassword"
 
diff --git a/ansible/roles/deploy_container_traefik/templates/docker-compose.yml.j2 b/ansible/roles/deploy_container_traefik/templates/docker-compose.yml.j2
index 90a5f2c..bd0bb2b 100644
--- a/ansible/roles/deploy_container_traefik/templates/docker-compose.yml.j2
+++ b/ansible/roles/deploy_container_traefik/templates/docker-compose.yml.j2
@@ -28,8 +28,6 @@ services:
       - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
       - "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
       - "traefik.http.routers.traefik-secure.entrypoints=https"
-      - "traefik.http.middlewares.basic-auth.basicauth.users=${TRAEFIK_BASICAUTH_USER}:${TRAEFIK_BASICAUTH_PASSWORD}"
-      - "traefik.http.routers.traefik-secure.middlewares=basic-auth"
       - "traefik.http.routers.traefik-secure.rule=Host(`${TRAEFIK_DOMAIN}`)"
       - "traefik.http.routers.traefik-secure.tls=true"
       - "traefik.http.routers.traefik-secure.tls.certresolver=cloudflare"
@@ -38,6 +36,12 @@ services:
       - "traefik.http.routers.traefik-secure.tls.domains[{{ loop.index0 }}].sans=*.{{ domain }}"
 {% endfor %}
       - "traefik.http.routers.traefik-secure.service=api@internal"
+{% if container_traefik_auth == 'sso' %}
+      - "traefik.http.routers.traefik-secure.middlewares=authelia@docker"
+{% elif container_traefik_auth == 'basic' or container_traefik_auth is not defined %}
+      - "traefik.http.routers.traefik-secure.middlewares=basic-auth"
+      - "traefik.http.middlewares.basic-auth.basicauth.users=${TRAEFIK_BASICAUTH_USER}:${TRAEFIK_BASICAUTH_PASSWORD}"
+{% endif %}
 
 networks:
   traefik: