diff --git a/docs/se/security/01_introduction.adoc b/docs/se/security/01_introduction.adoc
index c7d131c7fdd..525287191fe 100644
--- a/docs/se/security/01_introduction.adoc
+++ b/docs/se/security/01_introduction.adoc
@@ -1,6 +1,6 @@
 ///////////////////////////////////////////////////////////////////////////////
 
-    Copyright (c) 2018, 2021 Oracle and/or its affiliates.
+    Copyright (c) 2018, 2024 Oracle and/or its affiliates.
 
     Licensed under the Apache License, Version 2.0 (the "License");
     you may not use this file except in compliance with the License.
@@ -61,6 +61,8 @@ Helidon Security provides the following features
  logger called "AUDIT" (may be overridden through configuration). AuditProvider
  SPI may be implemented to support other auditing options.
 
+Each feature is implemented with the help of "xref:providers.adoc[Security Providers]".
+
 Security module is quite HTTP centric (as most common use cases are related to
  HTTP REST), though it is not HTTP specific (the security module may be used to
  secure even other transports, such as JMS, Kafka messages etc. if an appropriate
@@ -136,6 +138,13 @@ See <<_tools,Secure config>> for details about encrypting passwords in
 Security security = Security.create(config);
 ----
 
+As mentioned above, security features are implemented through providers, which are configured under key
+`security.providers`. Each element of the list is one security provider. The key of the provider must match
+its config key (as documented in xref:providers.adoc[Security Providers] for each supported provider).
+
+A key `enabled` can be used for each provider to provide fine control of which providers are enabled/disabled, for example
+to support different setup in testing and in production environments.
+
 [source,yaml]
 .Security from configuration - application.yaml
 ----
diff --git a/security/security/src/main/java/io/helidon/security/Security.java b/security/security/src/main/java/io/helidon/security/Security.java
index a520cf7983b..2392049f3f9 100644
--- a/security/security/src/main/java/io/helidon/security/Security.java
+++ b/security/security/src/main/java/io/helidon/security/Security.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018, 2022 Oracle and/or its affiliates.
+ * Copyright (c) 2018, 2024 Oracle and/or its affiliates.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -38,6 +38,7 @@
 import java.util.function.Consumer;
 import java.util.function.Function;
 import java.util.function.Supplier;
+import java.util.logging.Level;
 import java.util.logging.Logger;
 import java.util.stream.Collectors;
 
@@ -1294,6 +1295,22 @@ private void providerFromConfig(Map<String, SecurityProviderService> configKeyTo
                                         Map<String, SecurityProviderService> classNameToService,
                                         String knownKeys,
                                         Config pConf) {
+            boolean enabled = pConf.get("enabled").asBoolean().orElse(true);
+            if (!enabled) {
+                // this provider is marked as disabled, we will ignore it
+                // this is checking the top level provider configuration (see below check for provider specific)
+                // this section check (example):
+                /*
+                security.providers:
+                    - type: "some-type
+                      enabled: false
+                 */
+                if (LOGGER.isLoggable(Level.FINEST)) {
+                    LOGGER.finest("Provider with key: " + pConf.key() + " is disabled");
+                }
+                return;
+            }
+
             AtomicReference<SecurityProviderService> service = new AtomicReference<>();
             AtomicReference<Config> providerSpecific = new AtomicReference<>();
 
@@ -1323,6 +1340,26 @@ private void providerFromConfig(Map<String, SecurityProviderService> configKeyTo
             }
 
             String name = resolveProviderName(pConf, className, providerSpecificConfig, providerService);
+
+            if (providerSpecificConfig != null && !providerSpecificConfig.get("enabled")
+                    .asBoolean()
+                    .orElse(true)) {
+                // this provider is marked as disabled, we will ignore it
+                // this is within the provider specific configuration, to support both simple lists (checked above)
+                // and nested provider configuration; this section check (example):
+                /*
+                security.providers:
+                    - oidc:
+                        enabled: false
+                 */
+
+                if (LOGGER.isLoggable(Level.FINEST)) {
+                    LOGGER.finest("Provider: " + name + " is disabled");
+                }
+
+                return;
+            }
+
             boolean isAuthn = pConf.get("is-authentication-provider").asBoolean().orElse(true);
             boolean isAuthz = pConf.get("is-authorization-provider").asBoolean().orElse(true);
             boolean isClientSec = pConf.get("is-client-security-provider").asBoolean().orElse(true);
diff --git a/tests/integration/mp-gh-8495/pom.xml b/tests/integration/mp-gh-8495/pom.xml
new file mode 100644
index 00000000000..0022adb484b
--- /dev/null
+++ b/tests/integration/mp-gh-8495/pom.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+    Copyright (c) 2024 Oracle and/or its affiliates.
+
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+        http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <groupId>io.helidon.tests.integration</groupId>
+        <artifactId>helidon-tests-integration</artifactId>
+        <version>2.6.7-SNAPSHOT</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>helidon-tests-integration-mp-gh-8495</artifactId>
+    <name>Helidon Tests Integration MP GH 8495</name>
+    <description>Reproducer for Github issue #8495 - SecurityCdiExtension fails with Oidc</description>
+
+    <dependencies>
+        <dependency>
+            <groupId>io.helidon.microprofile.server</groupId>
+            <artifactId>helidon-microprofile-server</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>io.helidon.microprofile</groupId>
+            <artifactId>helidon-microprofile-oidc</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>io.helidon.microprofile</groupId>
+            <artifactId>helidon-microprofile-security</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>io.helidon.logging</groupId>
+            <artifactId>helidon-logging-jul</artifactId>
+            <scope>runtime</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.junit.jupiter</groupId>
+            <artifactId>junit-jupiter-api</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.hamcrest</groupId>
+            <artifactId>hamcrest-all</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>io.helidon.microprofile.tests</groupId>
+            <artifactId>helidon-microprofile-tests-junit5</artifactId>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+</project>
\ No newline at end of file
diff --git a/tests/integration/mp-gh-8495/src/main/java/io/helidon/tests/integration/gh8495/Gh8495Resource.java b/tests/integration/mp-gh-8495/src/main/java/io/helidon/tests/integration/gh8495/Gh8495Resource.java
new file mode 100644
index 00000000000..2cb35cd0c5f
--- /dev/null
+++ b/tests/integration/mp-gh-8495/src/main/java/io/helidon/tests/integration/gh8495/Gh8495Resource.java
@@ -0,0 +1,31 @@
+/*
+ * Copyright (c) 2024 Oracle and/or its affiliates.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.helidon.tests.integration.gh8495;
+
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.MediaType;
+
+@Path("/greet")
+public class Gh8495Resource {
+    @GET
+    @Produces(MediaType.TEXT_PLAIN)
+    public String getDefaultMessage() {
+        return "Hello World!";
+    }
+}
diff --git a/tests/integration/mp-gh-8495/src/main/resources/META-INF/beans.xml b/tests/integration/mp-gh-8495/src/main/resources/META-INF/beans.xml
new file mode 100644
index 00000000000..52f89a20d18
--- /dev/null
+++ b/tests/integration/mp-gh-8495/src/main/resources/META-INF/beans.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+    Copyright (c) 2024 Oracle and/or its affiliates.
+
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+        http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+
+-->
+<beans xmlns="https://jakarta.ee/xml/ns/jakartaee"
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee
+                           https://jakarta.ee/xml/ns/jakartaee/beans_4_0.xsd"
+       version="4.0"
+       bean-discovery-mode="annotated">
+</beans>
diff --git a/tests/integration/mp-gh-8495/src/main/resources/application.yaml b/tests/integration/mp-gh-8495/src/main/resources/application.yaml
new file mode 100644
index 00000000000..4e4e355009d
--- /dev/null
+++ b/tests/integration/mp-gh-8495/src/main/resources/application.yaml
@@ -0,0 +1,20 @@
+#
+# Copyright (c) 2024 Oracle and/or its affiliates.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+security:
+  providers:
+    - oidc:
+        enabled: false
diff --git a/tests/integration/mp-gh-8495/src/main/resources/logging.properties b/tests/integration/mp-gh-8495/src/main/resources/logging.properties
new file mode 100644
index 00000000000..e50b6d44f81
--- /dev/null
+++ b/tests/integration/mp-gh-8495/src/main/resources/logging.properties
@@ -0,0 +1,23 @@
+#
+# Copyright (c) 2024 Oracle and/or its affiliates.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+handlers=io.helidon.logging.jul.HelidonConsoleHandler
+java.util.logging.SimpleFormatter.format=%1$tY.%1$tm.%1$td %1$tH:%1$tM:%1$tS %4$s %3$s !thread!: %5$s%6$s%n
+
+.level=WARNING
+
+io.helidon.level=INFO
+io.helidon.security.level=FINEST
\ No newline at end of file
diff --git a/tests/integration/mp-gh-8495/src/test/java/io/helidon/tests/integration/gh8495/Gh8495Test.java b/tests/integration/mp-gh-8495/src/test/java/io/helidon/tests/integration/gh8495/Gh8495Test.java
new file mode 100644
index 00000000000..9e877026ec2
--- /dev/null
+++ b/tests/integration/mp-gh-8495/src/test/java/io/helidon/tests/integration/gh8495/Gh8495Test.java
@@ -0,0 +1,46 @@
+/*
+ * Copyright (c) 2024 Oracle and/or its affiliates.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.helidon.tests.integration.gh8495;
+
+import io.helidon.microprofile.tests.junit5.HelidonTest;
+import org.junit.jupiter.api.Test;
+
+import javax.inject.Inject;
+import javax.ws.rs.client.WebTarget;
+
+import static org.hamcrest.CoreMatchers.is;
+import static org.hamcrest.MatcherAssert.assertThat;
+
+@HelidonTest
+public class Gh8495Test {
+    private final WebTarget target;
+
+    @Inject
+    public Gh8495Test(WebTarget target) {
+        this.target = target;
+    }
+
+    @Test
+    public void testServerStarted() {
+        String response = target
+                .path("/greet")
+                .request()
+                .get(String.class);
+
+        assertThat(response, is("Hello World!"));
+    }
+}
diff --git a/tests/integration/pom.xml b/tests/integration/pom.xml
index 13ef4dd99be..b7250f8dfce 100644
--- a/tests/integration/pom.xml
+++ b/tests/integration/pom.xml
@@ -51,6 +51,7 @@
         <module>mp-gh-4123</module>
         <module>mp-gh-4654</module>
         <module>mp-gh-8478</module>
+        <module>mp-gh-8495</module>
         <module>kafka</module>
         <module>jms</module>
         <module>config</module>