diff --git a/helm/optio/templates/_helpers.tpl b/helm/optio/templates/_helpers.tpl
index 71897217..0e09ef31 100644
--- a/helm/optio/templates/_helpers.tpl
+++ b/helm/optio/templates/_helpers.tpl
@@ -47,9 +47,9 @@ Called from secrets.yaml to fail early on misconfiguration.
   {{- if not .Values.publicUrl -}}
     {{- fail "publicUrl is required when auth is enabled. Set to the externally-reachable URL (e.g. https://optio.example.com)." -}}
   {{- else -}}
-    {{- $hasProvider := or .Values.auth.github.clientId (or .Values.auth.google.clientId .Values.auth.gitlab.clientId) -}}
+    {{- $hasProvider := or .Values.auth.github.clientId (or .Values.auth.google.clientId (or .Values.auth.gitlab.clientId .Values.auth.oidc.issuerUrl)) -}}
     {{- if not $hasProvider -}}
-      {{- fail "At least one OAuth provider must be configured when auth is enabled. Set auth.github.clientId, auth.google.clientId, or auth.gitlab.clientId (with corresponding clientSecret)." -}}
+      {{- fail "At least one OAuth provider must be configured when auth is enabled. Set auth.github.clientId, auth.google.clientId, auth.gitlab.clientId, or auth.oidc.issuerUrl (with corresponding clientId, clientSecret as needed)." -}}
     {{- end -}}
   {{- end -}}
 {{- end -}}