diff --git a/flux2/core/base/single-sign-on/release.yaml b/flux2/core/base/single-sign-on/release.yaml
index fda4dbbb515726d684575e1b74a91192d6b3b5b1..212e6fba0366bb006affbd4a686a567be9e5f5a3 100644
--- a/flux2/core/base/single-sign-on/release.yaml
+++ b/flux2/core/base/single-sign-on/release.yaml
@@ -39,6 +39,8 @@ spec:
           description: "Communicate and collaborate using team chat and switch to video or audio calls with screen sharing for more efficient teamwork."
         - name: &GRAFANA grafana
           description: "Grafana allows you to query, visualize, alert on and understand metrics generated by OpenAppStack. It can be used to create explore and share dashboards."
+        - name: &WEKAN wekan
+          description: "Wekan Kanban board."
       username: "${userbackend_admin_username}"
       password: "${userbackend_admin_password}"
       email: "${admin_email}"
@@ -147,6 +149,22 @@ spec:
         - "authorization_code"
         - "refresh_token"
         - "client_credentials"
+    # https://github.com/wekan/wekan/wiki/Keycloak
+    - clientName: *WEKAN
+      clientSecret: "${wekan_oauth_client_secret}"
+      redirectUri: "https://wekan.${domain}/auth"
+      scopes: "openid profile email openappstack_roles"
+      clientUri: "https://wekan.${domain}"
+      clientLogoUri: "https://wekan.${domain}/wekan-logo-512.svg"
+      tokenEndpointAuthMethod: "client_secret_post"
+      responseTypes:
+        - "code"
+        - "id_token"
+      grantTypes:
+        - "authorization_code"
+        - "refresh_token"
+        - "client_credentials"
+        - "implicit"
   # Allow custom values either by configMap or by secret
   valuesFrom:
     - kind: ConfigMap