diff --git a/box.js b/box.js
index 9f381c736..a7bfdde84 100755
--- a/box.js
+++ b/box.js
@@ -38,10 +38,11 @@ async function startServers() {
     await server.start(); // do this first since it also inits the database
     await proxyAuth.start();
     await ldap.start();
-    await oidc.start();
 
     const conf = await settings.getDirectoryServerConfig();
     if (conf.enabled) await directoryServer.start();
+
+    if (settings.dashboardFqdn()) await oidc.start();
 }
 
 async function main() {
@@ -74,6 +75,7 @@ async function main() {
         await server.stop();
         await directoryServer.stop();
         await ldap.stop();
+        await oidc.stop();
         setTimeout(process.exit.bind(process), 3000);
     });
 
diff --git a/src/cloudron.js b/src/cloudron.js
index 1cb6a7ed2..403688b09 100644
--- a/src/cloudron.js
+++ b/src/cloudron.js
@@ -44,6 +44,7 @@ const apps = require('./apps.js'),
     LogStream = require('./log-stream.js'),
     mail = require('./mail.js'),
     notifications = require('./notifications.js'),
+    oidc = require('./oidc.js'),
     path = require('path'),
     paths = require('./paths.js'),
     platform = require('./platform.js'),
@@ -273,6 +274,9 @@ async function setDashboardDomain(domain, auditSource) {
 
     await safe(appstore.updateCloudron({ domain }), { debug });
 
+    // this requires dashboardFqdn to be set
+    await oidc.start();
+
     await eventlog.add(eventlog.ACTION_DASHBOARD_DOMAIN_UPDATE, auditSource, { domain, fqdn });
 }
 
@@ -288,6 +292,9 @@ async function updateDashboardDomain(domain, auditSource) {
     await setDashboardDomain(domain, auditSource);
 
     safe(services.rebuildService('turn', auditSource), { debug }); // to update the realm variable
+
+    await oidc.stop();
+    await oidc.start();
 }
 
 async function renewCerts(options, auditSource) {