diff --git a/backend/src/main/java/com/unis/crm/config/WecomSsoSecurityConfig.java b/backend/src/main/java/com/unis/crm/config/WecomSsoSecurityConfig.java
new file mode 100644
index 00000000..c66dc4b3
--- /dev/null
+++ b/backend/src/main/java/com/unis/crm/config/WecomSsoSecurityConfig.java
@@ -0,0 +1,30 @@
+package com.unis.crm.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.annotation.Order;
+import org.springframework.security.config.Customizer;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.web.SecurityFilterChain;
+
+@Configuration
+public class WecomSsoSecurityConfig {
+
+    @Bean
+    public WebSecurityCustomizer wecomSsoWebSecurityCustomizer() {
+        return web -> web.ignoring().requestMatchers("/api/wecom/sso/**");
+    }
+
+    @Bean
+    @Order(0)
+    public SecurityFilterChain wecomSsoSecurityFilterChain(HttpSecurity http) throws Exception {
+        http.securityMatcher("/api/wecom/sso/**")
+                .csrf(csrf -> csrf.disable())
+                .cors(Customizer.withDefaults())
+                .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+                .authorizeHttpRequests(auth -> auth.anyRequest().permitAll());
+        return http.build();
+    }
+}