diff --git a/src/Squidex/Areas/IdentityServer/Config/IdentityServerExtensions.cs b/src/Squidex/Areas/IdentityServer/Config/IdentityServerExtensions.cs
index d91a8c4b0..2164b97f8 100644
--- a/src/Squidex/Areas/IdentityServer/Config/IdentityServerExtensions.cs
+++ b/src/Squidex/Areas/IdentityServer/Config/IdentityServerExtensions.cs
@@ -33,6 +33,8 @@ namespace Squidex.Areas.IdentityServer.Config
         {
             var options = services.GetRequiredService<IOptions<MyIdentityOptions>>().Value;
 
+            IdentityModelEventSource.ShowPII = options.ShowPII;
+
             var userManager = services.GetRequiredService<UserManager<IdentityUser>>();
             var userFactory = services.GetRequiredService<IUserFactory>();
 
diff --git a/src/Squidex/Config/MyIdentityOptions.cs b/src/Squidex/Config/MyIdentityOptions.cs
index 3234337d8..4d6d7a33b 100644
--- a/src/Squidex/Config/MyIdentityOptions.cs
+++ b/src/Squidex/Config/MyIdentityOptions.cs
@@ -57,6 +57,8 @@ namespace Squidex.Config
 
         public bool NoConsent { get; set; }
 
+        public bool ShowPII { get; set; }
+
         public bool IsAdminConfigured()
         {
             return !string.IsNullOrWhiteSpace(AdminEmail) && !string.IsNullOrWhiteSpace(AdminPassword);
diff --git a/src/Squidex/appsettings.json b/src/Squidex/appsettings.json
index 20c442512..ab846360a 100644
--- a/src/Squidex/appsettings.json
+++ b/src/Squidex/appsettings.json
@@ -404,6 +404,10 @@
   },
 
   "identity": {
+    /*
+     * Set to true to show PII (Personally Identifiable Information) in the logs.
+     */
+    "showPII",
     /*
      * Enable password auth. Set this to false if you want to disable local login, leaving only 3rd party login options.
      */