diff --git a/selfservice/strategy/oidc/strategy_settings.go b/selfservice/strategy/oidc/strategy_settings.go
index a38e4e0b40d9..24623938fd87 100644
--- a/selfservice/strategy/oidc/strategy_settings.go
+++ b/selfservice/strategy/oidc/strategy_settings.go
@@ -164,6 +164,10 @@ func (s *Strategy) PopulateSettingsMethod(r *http.Request, id *identity.Identity
 	sr.UI.GetNodes().Remove("unlink", "link")
 	sr.UI.SetCSRF(s.d.GenerateCSRFToken(r))
 	for _, l := range linkable {
+		// We do not want to offer to link SSO providers in the settings.
+		if l.Config().OrganizationID != "" {
+			continue
+		}
 		sr.UI.GetNodes().Append(NewLinkNode(l.Config().ID))
 	}
 
diff --git a/selfservice/strategy/oidc/strategy_settings_test.go b/selfservice/strategy/oidc/strategy_settings_test.go
index a6b819c94202..753bae5321b8 100644
--- a/selfservice/strategy/oidc/strategy_settings_test.go
+++ b/selfservice/strategy/oidc/strategy_settings_test.go
@@ -62,12 +62,15 @@ func TestSettingsStrategy(t *testing.T) {
 	errTS := testhelpers.NewErrorTestServer(t, reg)
 	publicTS, adminTS := testhelpers.NewKratosServers(t)
 
+	orgSSO := newOIDCProvider(t, publicTS, remotePublic, remoteAdmin, "org-sso")
+	orgSSO.OrganizationID = "org-1"
 	viperSetProviderConfig(
 		t,
 		conf,
 		newOIDCProvider(t, publicTS, remotePublic, remoteAdmin, "ory"),
 		newOIDCProvider(t, publicTS, remotePublic, remoteAdmin, "google"),
 		newOIDCProvider(t, publicTS, remotePublic, remoteAdmin, "github"),
+		orgSSO,
 	)
 	testhelpers.InitKratosServers(t, reg, publicTS, adminTS)
 	testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/settings.schema.json")