diff --git a/coderd/apidoc/docs.go b/coderd/apidoc/docs.go
index 8dcd7d36bd..ce420cbf1a 100644
--- a/coderd/apidoc/docs.go
+++ b/coderd/apidoc/docs.go
@@ -12550,12 +12550,14 @@ const docTemplate = `{
                 "auto-fill-parameters",
                 "notifications",
                 "workspace-usage",
-                "web-push"
+                "web-push",
+                "oauth2"
             ],
             "x-enum-comments": {
                 "ExperimentAutoFillParameters": "This should not be taken out of experiments until we have redesigned the feature.",
                 "ExperimentExample": "This isn't used for anything.",
                 "ExperimentNotifications": "Sends notifications via SMTP and webhooks following certain events.",
+                "ExperimentOAuth2": "Enables OAuth2 provider functionality.",
                 "ExperimentWebPush": "Enables web push notifications through the browser.",
                 "ExperimentWorkspaceUsage": "Enables the new workspace usage tracking."
             },
@@ -12564,7 +12566,8 @@ const docTemplate = `{
                 "ExperimentAutoFillParameters",
                 "ExperimentNotifications",
                 "ExperimentWorkspaceUsage",
-                "ExperimentWebPush"
+                "ExperimentWebPush",
+                "ExperimentOAuth2"
             ]
         },
         "codersdk.ExternalAuth": {
diff --git a/coderd/apidoc/swagger.json b/coderd/apidoc/swagger.json
index 39c5b977f5..0cfb7944c7 100644
--- a/coderd/apidoc/swagger.json
+++ b/coderd/apidoc/swagger.json
@@ -11231,12 +11231,14 @@
 				"auto-fill-parameters",
 				"notifications",
 				"workspace-usage",
-				"web-push"
+				"web-push",
+				"oauth2"
 			],
 			"x-enum-comments": {
 				"ExperimentAutoFillParameters": "This should not be taken out of experiments until we have redesigned the feature.",
 				"ExperimentExample": "This isn't used for anything.",
 				"ExperimentNotifications": "Sends notifications via SMTP and webhooks following certain events.",
+				"ExperimentOAuth2": "Enables OAuth2 provider functionality.",
 				"ExperimentWebPush": "Enables web push notifications through the browser.",
 				"ExperimentWorkspaceUsage": "Enables the new workspace usage tracking."
 			},
@@ -11245,7 +11247,8 @@
 				"ExperimentAutoFillParameters",
 				"ExperimentNotifications",
 				"ExperimentWorkspaceUsage",
-				"ExperimentWebPush"
+				"ExperimentWebPush",
+				"ExperimentOAuth2"
 			]
 		},
 		"codersdk.ExternalAuth": {
diff --git a/coderd/oauth2.go b/coderd/oauth2.go
index e566fc1342..4f935e1f5b 100644
--- a/coderd/oauth2.go
+++ b/coderd/oauth2.go
@@ -37,11 +37,11 @@ const (
 	displaySecretLength = 6  // Length of visible part in UI (last 6 characters)
 )
 
-func (*API) oAuth2ProviderMiddleware(next http.Handler) http.Handler {
+func (api *API) oAuth2ProviderMiddleware(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
-		if !buildinfo.IsDev() {
+		if !api.Experiments.Enabled(codersdk.ExperimentOAuth2) && !buildinfo.IsDev() {
 			httpapi.Write(r.Context(), rw, http.StatusForbidden, codersdk.Response{
-				Message: "OAuth2 provider is under development.",
+				Message: "OAuth2 provider functionality requires enabling the 'oauth2' experiment.",
 			})
 			return
 		}
diff --git a/codersdk/deployment.go b/codersdk/deployment.go
index 229e62eac8..1421cd082e 100644
--- a/codersdk/deployment.go
+++ b/codersdk/deployment.go
@@ -3341,6 +3341,7 @@ const (
 	ExperimentNotifications      Experiment = "notifications"        // Sends notifications via SMTP and webhooks following certain events.
 	ExperimentWorkspaceUsage     Experiment = "workspace-usage"      // Enables the new workspace usage tracking.
 	ExperimentWebPush            Experiment = "web-push"             // Enables web push notifications through the browser.
+	ExperimentOAuth2             Experiment = "oauth2"               // Enables OAuth2 provider functionality.
 )
 
 // ExperimentsKnown should include all experiments defined above.
@@ -3350,6 +3351,7 @@ var ExperimentsKnown = Experiments{
 	ExperimentNotifications,
 	ExperimentWorkspaceUsage,
 	ExperimentWebPush,
+	ExperimentOAuth2,
 }
 
 // ExperimentsSafe should include all experiments that are safe for
diff --git a/docs/reference/api/schemas.md b/docs/reference/api/schemas.md
index 3611f391d9..618a462390 100644
--- a/docs/reference/api/schemas.md
+++ b/docs/reference/api/schemas.md
@@ -3039,6 +3039,7 @@ CreateWorkspaceRequest provides options for creating a new workspace. Only one o
 | `notifications`        |
 | `workspace-usage`      |
 | `web-push`             |
+| `oauth2`               |
 
 ## codersdk.ExternalAuth
 
diff --git a/site/src/api/typesGenerated.ts b/site/src/api/typesGenerated.ts
index bca8fe2a03..05adcd927b 100644
--- a/site/src/api/typesGenerated.ts
+++ b/site/src/api/typesGenerated.ts
@@ -795,6 +795,7 @@ export type Experiment =
 	| "auto-fill-parameters"
 	| "example"
 	| "notifications"
+	| "oauth2"
 	| "web-push"
 	| "workspace-usage";
 
@@ -802,6 +803,7 @@ export const Experiments: Experiment[] = [
 	"auto-fill-parameters",
 	"example",
 	"notifications",
+	"oauth2",
 	"web-push",
 	"workspace-usage",
 ];