diff --git a/pages/database-management/authentication-and-authorization/auth-system-integrations.mdx b/pages/database-management/authentication-and-authorization/auth-system-integrations.mdx
index 1213de444..40df01554 100644
--- a/pages/database-management/authentication-and-authorization/auth-system-integrations.mdx
+++ b/pages/database-management/authentication-and-authorization/auth-system-integrations.mdx
@@ -470,6 +470,18 @@ You can determine token audiences by decoding tokens via tools like `jwt.io` and
  inspecting the `aud` field. In many cases, both tokens use the same audience
 (for example, Entra ID uses the client ID).
 
+{<h5 className="custom-header">Self-signed certificates</h5>}
+
+If your custom OIDC identity provider uses self-signed certificates, you can
+configure Memgraph to trust them by setting the `MEMGRAPH_SSO_CUSTOM_OIDC_EXTRA_CA_CERTS`
+environment variable. This variable should point to a file containing the CA
+certificates that should be trusted when connecting to your
+identity server.
+
+```bash
+MEMGRAPH_SSO_CUSTOM_OIDC_EXTRA_CA_CERTS=/path/to/ca-certificates
+```
+
 #### Connect via Neo4j drivers
 
 When connecting through a Neo4j driver, you can provide: