diff --git a/README.md b/README.md
index f2b83118..97ff3d92 100644
--- a/README.md
+++ b/README.md
@@ -940,6 +940,10 @@ Below is the complete list of available options that can be used to customize yo
 | `OAUTH_FACEBOOK_APP_SECRET` | Facebook App API secret. No defaults. |
 | `OAUTH_TWITTER_API_KEY` | Twitter App API key. No defaults. |
 | `OAUTH_TWITTER_APP_SECRET` | Twitter App API secret. No defaults. |
+| `OAUTH_AUTHENTIQ_CLIENT_ID` | authentiq Client ID. No defaults. |
+| `OAUTH_AUTHENTIQ_CLIENT_SECRET` | authentiq Client secret. No defaults. |
+| `OAUTH_AUTHENTIQ_SCOPE` | Scope of Authentiq Application Defaults to `'aq:name email~rs address aq:push'`|
+| `OAUTH_AUTHENTIQ_REDIRECT_URI` |  Callback URL for Authentiq. No defaults. |
 | `OAUTH_GITHUB_API_KEY` | GitHub App Client ID. No defaults. |
 | `OAUTH_GITHUB_APP_SECRET` | GitHub App Client secret. No defaults. |
 | `OAUTH_GITHUB_URL` | Url to the GitHub Enterprise server. Defaults to https://github.com |
diff --git a/assets/runtime/config/gitlabhq/gitlab.yml b/assets/runtime/config/gitlabhq/gitlab.yml
index e619c483..51643caf 100644
--- a/assets/runtime/config/gitlabhq/gitlab.yml
+++ b/assets/runtime/config/gitlabhq/gitlab.yml
@@ -371,6 +371,10 @@ production: &base
                   login_url: '{{OAUTH_CAS3_LOGIN_URL}}',
                   service_validate_url: '{{OAUTH_CAS3_VALIDATE_URL}}',
                   logout_url: '{{OAUTH_CAS3_LOGOUT_URL}}'} }
+       - { name: 'authentiq',
+          app_id: '{{OAUTH_AUTHENTIQ_CLIENT_ID}}',
+          app_secret: 'OAUTH_AUTHENTIQ_CLIENT_SECRET',
+          args: { scope: {{OAUTH_AUTHENTIQ_SCOPE}}, redirect_uri: '{{OAUTH_AUTHENTIQ_REDIRECT_URI}}' } }
       - { name: 'github',
           label: 'GitHub',
           app_id: '{{OAUTH_GITHUB_API_KEY}}',
diff --git a/assets/runtime/env-defaults b/assets/runtime/env-defaults
index d37939ce..92674d2b 100644
--- a/assets/runtime/env-defaults
+++ b/assets/runtime/env-defaults
@@ -266,6 +266,12 @@ OAUTH_FACEBOOK_APP_SECRET=${OAUTH_FACEBOOK_APP_SECRET:-}
 OAUTH_TWITTER_API_KEY=${OAUTH_TWITTER_API_KEY:-}
 OAUTH_TWITTER_APP_SECRET=${OAUTH_TWITTER_APP_SECRET:-}
 
+## Authentiq
+OAUTH_AUTHENTIQ_CLIENT_ID=${OAUTH_AUTHENTIQ_CLIENT_ID:-}
+OAUTH_AUTHENTIQ_CLIENT_SECRET=${OAUTH_AUTHENTIQ_CLIENT_SECRET:-}
+OAUTH_AUTHENTIQ_SCOPE=${OAUTH_AUTHENTIQ_SCOPE:-'aq:name email~rs address aq:push'}
+OAUTH_AUTHENTIQ_REDIRECT_URI=${OAUTH_AUTHENTIQ_REDIRECT_URI:-}
+
 ### GITHUB
 OAUTH_GITHUB_API_KEY=${OAUTH_GITHUB_API_KEY:-}
 OAUTH_GITHUB_APP_SECRET=${OAUTH_GITHUB_APP_SECRET:-}
diff --git a/assets/runtime/functions b/assets/runtime/functions
index 4b907c0c..478ac0f0 100644
--- a/assets/runtime/functions
+++ b/assets/runtime/functions
@@ -489,6 +489,20 @@ gitlab_configure_oauth_twitter() {
   fi
 }
 
+gitlab_configure_oauth_authentiq() {
+  if [[ -n ${OAUTH_AUTHENTIQ_CLIENT_ID} && -n ${OAUTH_AUTHENTIQ_CLIENT_SECRET} ]]; then
+    echo "Configuring gitlab::oauth::authentiq..."
+    OAUTH_ENABLED=${OAUTH_ENABLED:-true}
+    update_template ${GITLAB_CONFIG} \
+      OAUTH_AUTHENTIQ_CLIENT_ID \
+      OAUTH_AUTHENTIQ_CLIENT_SECRET \
+      OAUTH_AUTHENTIQ_SCOPE \
+      OAUTH_AUTHENTIQ_REDIRECT_URI 
+  else
+    exec_as_git sed -i "/name: 'authentiq'/,/{{OAUTH_AUTHENTIQ_SCOPE}}/d" ${GITLAB_CONFIG}
+  fi
+}
+
 gitlab_configure_oauth_github() {
   if [[ -n ${OAUTH_GITHUB_API_KEY} && -n ${OAUTH_GITHUB_APP_SECRET} ]]; then
     echo "Configuring gitlab::oauth::github..."