diff --git a/clientapi/auth/sso/oidc.go b/clientapi/auth/sso/oidc.go
index 708993bad..d1e28a736 100644
--- a/clientapi/auth/sso/oidc.go
+++ b/clientapi/auth/sso/oidc.go
@@ -35,7 +35,7 @@ type oidcIdentityProvider struct {
 	mu   sync.Mutex
 }
 
-func newOIDCIdentityProvider(cfg *config.IdentityProvider, hc *http.Client) (*oidcIdentityProvider, error) {
+func newOIDCIdentityProvider(cfg *config.IdentityProvider, hc *http.Client) *oidcIdentityProvider {
 	return &oidcIdentityProvider{
 		oauth2IdentityProvider: &oauth2IdentityProvider{
 			cfg: cfg,
@@ -48,7 +48,7 @@ func newOIDCIdentityProvider(cfg *config.IdentityProvider, hc *http.Client) (*oi
 			displayNamePath:     "name",
 			suggestedUserIDPath: "preferred_username",
 		},
-	}, nil
+	}
 }
 
 func (p *oidcIdentityProvider) AuthorizationURL(ctx context.Context, callbackURL, nonce string) (string, error) {
diff --git a/clientapi/auth/sso/sso.go b/clientapi/auth/sso/sso.go
index e97eb69a3..862da6dc9 100644
--- a/clientapi/auth/sso/sso.go
+++ b/clientapi/auth/sso/sso.go
@@ -46,11 +46,7 @@ func NewAuthenticator(ctx context.Context, cfg *config.SSO) (*Authenticator, err
 
 		switch pcfg.Type {
 		case config.SSOTypeOIDC:
-			p, err := newOIDCIdentityProvider(&pcfg, hc)
-			if err != nil {
-				return nil, fmt.Errorf("failed to create OpenID Connect provider %q: %w", pcfg.ID, err)
-			}
-			a.providers[pcfg.ID] = p
+			a.providers[pcfg.ID] = newOIDCIdentityProvider(&pcfg, hc)
 		case config.SSOTypeGitHub:
 			a.providers[pcfg.ID] = newGitHubIdentityProvider(&pcfg, hc)
 		default: