diff --git a/docs/features/sso.md b/docs/features/sso.md
index 0c764e4..42218bc 100644
--- a/docs/features/sso.md
+++ b/docs/features/sso.md
@@ -21,6 +21,9 @@ There are several global configuration options for OAuth:
 1. `ENABLE_OAUTH_SIGNUP` - if `true`, allows accounts to be created when logging in with OAuth. Distinct from `ENABLE_SIGNUP`.
 1. `OAUTH_MERGE_ACCOUNTS_BY_EMAIL` - allows logging into an account that matches the email address provided by the OAuth provider.
     - This is considered insecure as not all OAuth providers verify email addresses, and may allow accounts to be hijacked.
+1. `OAUTH_UPDATE_PICTURE_ON_LOGIN` - if `true`, users will have OAuth-provided profile pictures updated on login.
+    - If the OAuth picture claim is disabled by setting `OAUTH_PICTURE_CLAIM` to the empty string, this configuration will be ignored.
+1. `OAUTH_PICTURE_CLAIM` - can be used to customize or disable profile picture storage. The default, `picture`, will work for most providers; if set to the empty string, all users will receive the default person profile picture.
 
 ### Google
 
diff --git a/docs/getting-started/env-configuration.md b/docs/getting-started/env-configuration.md
index a4d8f6e..66a6fc9 100644
--- a/docs/getting-started/env-configuration.md
+++ b/docs/getting-started/env-configuration.md
@@ -2391,6 +2391,13 @@ address. This is considered unsafe as not all OAuth providers will verify email
 potential account takeovers.
 - Persistence: This environment variable is a `PersistentConfig` variable.
 
+#### `OAUTH_UPDATE_PICTURE_ON_LOGIN`
+
+- Type: `bool`
+- Default: `False`
+- Description: If enabled, updates the local user profile picture with the OAuth-provided picture on login.
+- Persistence: This environment variable is a `PersistentConfig` variable.
+
 #### `WEBUI_AUTH_TRUSTED_EMAIL_HEADER`
 
 - Type: `str`