diff --git a/docker/docker-compose.yml.m4 b/docker/docker-compose.yml.m4
index b88a442b6..69637ab42 100644
--- a/docker/docker-compose.yml.m4
+++ b/docker/docker-compose.yml.m4
@@ -99,6 +99,9 @@ services:
       << : *default-osserver-env
     secrets:
       - django
+      ifelse(read_env(`ENABLE_SAML'), `True',- saml_cert
+      - saml_key
+      - saml_config)
     ifelse(read_env(`OPENSLIDES_BACKEND_SERVICE_REPLICAS'),,,deploy:
       replicas: ifenvelse(`OPENSLIDES_BACKEND_SERVICE_REPLICAS', 1))
 
@@ -111,6 +114,9 @@ services:
       - django
       ifelse(ADMIN_SECRET_AVAILABLE, 0,- os_admin)
       ifelse(USER_SECRET_AVAILABLE, 0,- os_user)
+      ifelse(read_env(`ENABLE_SAML'), `True',- saml_cert
+      - saml_key
+      - saml_config)
     depends_on:
       - pgbouncer
       - redis
@@ -226,5 +232,11 @@ secrets:
     file: ./secrets/adminsecret.env)
   ifelse(USER_SECRET_AVAILABLE, 0,os_user:
     file: ./secrets/usersecret.env)
+  ifelse(read_env(`ENABLE_SAML'), `True', saml_cert:
+    file: ./secrets/saml/sp.crt
+  saml_key:
+    file: ./secrets/saml/sp.key
+  saml_config:
+    file: ./secrets/saml/saml_settings.json)
 
 # vim: set sw=2 et:
diff --git a/docker/docker-stack.yml.m4 b/docker/docker-stack.yml.m4
index a39c42232..acfb3a6d4 100644
--- a/docker/docker-stack.yml.m4
+++ b/docker/docker-stack.yml.m4
@@ -97,6 +97,9 @@ services:
       << : *default-osserver-env
     secrets:
       - django
+      ifelse(read_env(`ENABLE_SAML'), `True',- saml_cert
+      - saml_key
+      - saml_config)
     deploy:
       restart_policy:
         condition: on-failure
@@ -112,6 +115,9 @@ services:
       - django
       ifelse(ADMIN_SECRET_AVAILABLE, 0,- os_admin)
       ifelse(USER_SECRET_AVAILABLE, 0,- os_user)
+      ifelse(read_env(`ENABLE_SAML'), `True',- saml_cert
+      - saml_key
+      - saml_config)
 
   client:
     image: FRONTEND_IMAGE
@@ -260,5 +266,11 @@ secrets:
     file: ./secrets/adminsecret.env)
   ifelse(USER_SECRET_AVAILABLE, 0,os_user:
     file: ./secrets/usersecret.env)
+  ifelse(read_env(`ENABLE_SAML'), `True', saml_cert:
+    file: ./secrets/saml/sp.crt
+  saml_key:
+    file: ./secrets/saml/sp.key
+  saml_config:
+    file: ./secrets/saml/saml_settings.json)
 
 # vim: set sw=2 et:
diff --git a/server/docker/Dockerfile b/server/docker/Dockerfile
index e1c31a5a1..7b5d38484 100644
--- a/server/docker/Dockerfile
+++ b/server/docker/Dockerfile
@@ -50,8 +50,14 @@ RUN apt-get install --no-install-recommends -y \
 RUN rm -rf /var/lib/apt/lists/*
 
 COPY requirements /app/requirements
-RUN pip install -r requirements/production.txt -r requirements/big_mode.txt && \
-      rm -rf /root/.cache/pip
+RUN pip install -r requirements/production.txt -r requirements/big_mode.txt \
+    -r requirements/saml.txt && \
+    rm -rf /root/.cache/pip
+
+# SAML
+COPY docker/saml-setup.sh /usr/local/lib/
+RUN mkdir -p /app/personal_data/var/certs/ && \
+      chown -R openslides:openslides /app/personal_data/var/
 
 USER openslides
 # the `empty` folder is used for the dummy http server für the migrate entrypoint to serve no files.
diff --git a/server/docker/entrypoint b/server/docker/entrypoint
index 3400c503e..732209a9d 100755
--- a/server/docker/entrypoint
+++ b/server/docker/entrypoint
@@ -11,6 +11,9 @@ source /run/secrets/django
 }
 export SECRET_KEY="$DJANGO_SECRET_KEY"
 
+# SAML setup
+. /usr/local/lib/saml-setup.sh
+
 # TODO: env variable for this host
 wait-for-it -t 0 "server-setup:8000"
 
diff --git a/server/docker/entrypoint-db-setup b/server/docker/entrypoint-db-setup
index acd327e06..d2f70c464 100755
--- a/server/docker/entrypoint-db-setup
+++ b/server/docker/entrypoint-db-setup
@@ -82,5 +82,8 @@ if [[ -f /run/secrets/os_user ]]; then
   fi
 fi
 
+# SAML setup
+. /usr/local/lib/saml-setup.sh
+
 echo "Done migrating and setting up user accounts..."
 python -m http.server --directory /app/empty --bind 0.0.0.0 8000
diff --git a/server/docker/saml-setup.sh b/server/docker/saml-setup.sh
new file mode 100644
index 000000000..ec98ea461
--- /dev/null
+++ b/server/docker/saml-setup.sh
@@ -0,0 +1,10 @@
+# SAML setup
+if [[ "$ENABLE_SAML" = True ]]; then
+  echo "Setting up SAML"
+  for i in /run/secrets/saml_{cert,key,config}; do
+    [[ -f "$i" ]] || { echo "ERROR: $i not found!"; exit 3; }
+  done
+  ln -s /run/secrets/saml_cert   /app/personal_data/var/certs/sp.crt
+  ln -s /run/secrets/saml_key    /app/personal_data/var/certs/sp.key
+  ln -s /run/secrets/saml_config /app/personal_data/var/saml_settings.json
+fi
diff --git a/server/requirements/saml.txt b/server/requirements/saml.txt
new file mode 100644
index 000000000..835c2af51
--- /dev/null
+++ b/server/requirements/saml.txt
@@ -0,0 +1 @@
+python3-saml