diff --git a/type/__matrix_synapse/files/homeserver.yaml.sh b/type/__matrix_synapse/files/homeserver.yaml.sh
index caf259b..2e7670e 100755
--- a/type/__matrix_synapse/files/homeserver.yaml.sh
+++ b/type/__matrix_synapse/files/homeserver.yaml.sh
@@ -1368,7 +1368,13 @@ allow_guest_access: ${ALLOW_GUEST_ACCESS:?}
 # (By default, no suggestion is made, so it is left up to the client.)
 #
 #default_identity_server: https://matrix.org
+EOF
 
+if [ -n "$DEFAULT_IDENTITY_SERVER" ]; then
+	echo "default_identity_server: \"$DEFAULT_IDENTITY_SERVER\""
+fi
+
+cat << EOF
 # Handle threepid (email/phone etc) registration and password resets through a set of
 # *trusted* identity servers. Note that this allows the configured identity server to
 # reset passwords for accounts!
diff --git a/type/__matrix_synapse/manifest b/type/__matrix_synapse/manifest
index c85e4fc..8ba9152 100755
--- a/type/__matrix_synapse/manifest
+++ b/type/__matrix_synapse/manifest
@@ -200,6 +200,11 @@ if [ -f "$__object/parameter/saml2-idp-metadata-url" ]; then
     export SAML2_IDP_METADATA_URL
 fi
 
+if [ -f "$__object/parameter/default-identity-server" ]; then
+    DEFAULT_IDENTITY_SERVER=$(cat "$__object/parameter/default-identity-server")
+    export DEFAULT_IDENTITY_SERVER
+fi
+
 # Federation.
 ALLOW_PUBLIC_ROOMS_OVER_FEDERATION=$(get_boolean_for 'allow-public-room-over-federation')
 ALLOW_PUBLIC_ROOMS_WITHOUT_AUTH=$(get_boolean_for 'allow-public-rooms-without-auth')
diff --git a/type/__matrix_synapse/parameter/optional b/type/__matrix_synapse/parameter/optional
index 0547e1a..599e00b 100644
--- a/type/__matrix_synapse/parameter/optional
+++ b/type/__matrix_synapse/parameter/optional
@@ -37,3 +37,4 @@ tls-cert
 tls-private-key
 registration-shared-secret
 saml2-idp-metadata-url
+default-identity-server