diff --git a/lib/utils/oidc/openidconfig.go b/lib/utils/oidc/openidconfig.go
index 7561ab7becfbf..88b6c6e0182dc 100644
--- a/lib/utils/oidc/openidconfig.go
+++ b/lib/utils/oidc/openidconfig.go
@@ -40,6 +40,6 @@ func OpenIDConfigurationForIssuer(issuer, jwksURI string) OpenIDConfiguration {
 		IdTokenSigningAlgValuesSupported: []string{"RS256"},
 		ResponseTypesSupported:           []string{"id_token"},
 		ScopesSupported:                  []string{"openid"},
-		SubjectTypesSupported:            []string{"public", "pair-wise"},
+		SubjectTypesSupported:            []string{"public"},
 	}
 }
diff --git a/lib/utils/oidc/openidconfig_test.go b/lib/utils/oidc/openidconfig_test.go
index 8796a978d0e1e..f16eb3e97c36f 100644
--- a/lib/utils/oidc/openidconfig_test.go
+++ b/lib/utils/oidc/openidconfig_test.go
@@ -32,7 +32,7 @@ func TestOpenIDConfigurationForIssuer(t *testing.T) {
 		IdTokenSigningAlgValuesSupported: []string{"RS256"},
 		ResponseTypesSupported:           []string{"id_token"},
 		ScopesSupported:                  []string{"openid"},
-		SubjectTypesSupported:            []string{"public", "pair-wise"},
+		SubjectTypesSupported:            []string{"public"},
 	}
 
 	got := OpenIDConfigurationForIssuer("https://localhost:8080", "https://localhost:8080/.well-known/jwks")
diff --git a/lib/web/oidcidp_test.go b/lib/web/oidcidp_test.go
index acd47a17d3475..8197240b0c1ee 100644
--- a/lib/web/oidcidp_test.go
+++ b/lib/web/oidcidp_test.go
@@ -67,7 +67,7 @@ func TestOIDCIdPPublicEndpoints(t *testing.T) {
 		Claims:                           []string{"iss", "sub", "obo", "aud", "jti", "iat", "exp", "nbf"},
 		ResponseTypesSupported:           []string{"id_token"},
 		ScopesSupported:                  []string{"openid"},
-		SubjectTypesSupported:            []string{"public", "pair-wise"},
+		SubjectTypesSupported:            []string{"public"},
 	}
 	require.Equal(t, expectedConfiguration, gotConfiguration)