diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index c11fd2a635..42abe99048 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -98,7 +98,7 @@ class ApplicationController < ActionController::Base
   end
 
   def after_sign_out_path_for(_resource_or_scope)
-    if ENV['OMNIAUTH_ONLY'] == 'true' && ENV['OIDC_ENABLED'] == 'true'
+    if ENV['OMNIAUTH_ONLY'] == 'true' && Rails.configuration.x.omniauth.oidc_enabled?
       '/auth/auth/openid_connect/logout'
     else
       new_user_session_path
diff --git a/config/application.rb b/config/application.rb
index 1195b9215c..82b08684ae 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -106,6 +106,7 @@ module Mastodon
     config.x.cache_buster = config_for(:cache_buster)
     config.x.captcha = config_for(:captcha)
     config.x.mastodon = config_for(:mastodon)
+    config.x.omniauth = config_for(:omniauth)
     config.x.translation = config_for(:translation)
     config.x.vapid = config_for(:vapid)
 
diff --git a/config/initializers/3_omniauth.rb b/config/initializers/3_omniauth.rb
index 607d9c15ba..1f6193abd1 100644
--- a/config/initializers/3_omniauth.rb
+++ b/config/initializers/3_omniauth.rb
@@ -10,7 +10,7 @@ end
 
 Devise.setup do |config|
   # CAS strategy
-  if ENV['CAS_ENABLED'] == 'true'
+  if Rails.configuration.x.omniauth.cas_enabled?
     cas_options = {}
     cas_options[:display_name] = ENV.fetch('CAS_DISPLAY_NAME', nil)
     cas_options[:url] = ENV['CAS_URL'] if ENV['CAS_URL']
@@ -39,7 +39,7 @@ Devise.setup do |config|
   end
 
   # SAML strategy
-  if ENV['SAML_ENABLED'] == 'true'
+  if Rails.configuration.x.omniauth.saml_enabled?
     saml_options = {}
     saml_options[:display_name] = ENV.fetch('SAML_DISPLAY_NAME', nil)
     saml_options[:assertion_consumer_service_url] = ENV['SAML_ACS_URL'] if ENV['SAML_ACS_URL']
@@ -71,7 +71,7 @@ Devise.setup do |config|
   end
 
   # OpenID Connect Strategy
-  if ENV['OIDC_ENABLED'] == 'true'
+  if Rails.configuration.x.omniauth.oidc_enabled?
     oidc_options = {}
     oidc_options[:display_name] = ENV.fetch('OIDC_DISPLAY_NAME', nil) # OPTIONAL
     oidc_options[:issuer] = ENV['OIDC_ISSUER'] if ENV['OIDC_ISSUER'] # NEED
diff --git a/config/omniauth.yml b/config/omniauth.yml
new file mode 100644
index 0000000000..a2aa692840
--- /dev/null
+++ b/config/omniauth.yml
@@ -0,0 +1,4 @@
+shared:
+  cas_enabled?: <%= ENV.fetch('CAS_ENABLED', 'false') == 'true' %>
+  oidc_enabled?: <%= ENV.fetch('OIDC_ENABLED', 'false') == 'true' %>
+  saml_enabled?: <%= ENV.fetch('SAML_ENABLED', 'false') == 'true' %>
diff --git a/spec/requests/omniauth_callbacks_spec.rb b/spec/requests/omniauth_callbacks_spec.rb
index c71d025f9f..1be0f9843f 100644
--- a/spec/requests/omniauth_callbacks_spec.rb
+++ b/spec/requests/omniauth_callbacks_spec.rb
@@ -129,15 +129,15 @@ RSpec.describe 'OmniAuth callbacks' do
     end
   end
 
-  describe '#openid_connect', if: ENV['OIDC_ENABLED'] == 'true' && ENV['OIDC_SCOPE'].present? do
+  describe '#openid_connect', if: Rails.configuration.x.omniauth.oidc_enabled? && ENV['OIDC_SCOPE'].present? do
     it_behaves_like 'omniauth provider callbacks', :openid_connect
   end
 
-  describe '#cas', if: ENV['CAS_ENABLED'] == 'true' do
+  describe '#cas', if: Rails.configuration.x.omniauth.cas_enabled? do
     it_behaves_like 'omniauth provider callbacks', :cas
   end
 
-  describe '#saml', if: ENV['SAML_ENABLED'] == 'true' do
+  describe '#saml', if: Rails.configuration.x.omniauth.saml_enabled? do
     it_behaves_like 'omniauth provider callbacks', :saml
   end
 end