Problem
Teleport lets admins quickly create users using tctl users add. This can be very handy when setting up the cluster, or adding a few Ops Admins. Once the team grows and Teleport is rolled out company wide it's preferred to login with an SSO provider. This results in a range of options for users, and for many they won't have a username, so it can be confusing.

Proposal
@benarent (1) is already available, set local_auth: false in file configuration. See the following PR: https://github.com/gravitational/teleport/pull/2575
For (2), when hitting the endpoint to fetch the login page, we can check if local auth is disabled and the number of local users. If local auth is disabled or no local users exist, we can show only local login. If local auth is not disabled and local users exist, we can show the current login page.
What do you think?
if local_auth is set to false why would we need to check for local users as well to hide these input fields?
@alex-kovoy If local auth is disabled or no users exists (local auth being on in this case).
@benarent (1) is already available, set
local_auth: falsein file configuration. See the following PR: #2575For (2), when hitting the endpoint to fetch the login page, we can check if local auth is disabled and the number of local users. If local auth is disabled or no local users exist, we can show only local login. If local auth is not disabled and local users exist, we can show the current login page.
What do you think?
where we set local_auth: false? i'm running teleport v3.2
tried to set local_auth: false under auth_service but seems it's not working after the service restart.
I am with Enterprise v4.0.0
# teleport version
Teleport Enterprise v4.0.0git:v4.0.0-0-gc7f55ac3 go1.12.1
tried to set
local_auth: falseunderauth_servicebut seems it's not working after the service restart.I am with Enterprise v4.0.0
# teleport version Teleport Enterprise v4.0.0git:v4.0.0-0-gc7f55ac3 go1.12.1
emm..not working at v3.2
This feature request has not been implemented yet, so it's not currently possible to _hide_ username/password input fields from web UI. So even if local auth is disabled on the server, the web UI will show these fields.
Thanks @alex-kovoy . That solves the myth.
FYI for anyone who discovers this, the syntax for the local_auth setting is:
auth_service:
authentication:
local_auth: false
As noted in other comments, however, it doesn't currently disable display of the login boxes - it just disables the ability to create and log in with local users.
Another request for this feature today.
We've a lot of changes coming in 4.2 but since we've just completely rebuilt the UI this should be easier for us to execute on. I'm going to put this into the 4.2 milestone.
We've another use case for https://github.com/gravitational/gravity/issues/1006, in which a customer simply wants to
I would like to be able to hide user/pw fields as well, while still allowing "robot" users to log in via tele login
This issue is closed, but the feature hasn't been rolled out. Is this specifically targetted to Teleport 5.0 only and we won't be adding it beforehand?
@webvictim yes, the PR got merged against hornet branch which is teleport v5.
Most helpful comment
@webvictim yes, the PR got merged against
hornetbranch which is teleport v5.