From 5ed12c64d0e975bdde78fcd39c9689e6b9ebc2d5 Mon Sep 17 00:00:00 2001 From: Bert-Jan Fikse Date: Wed, 14 Jan 2026 16:50:33 +0100 Subject: [PATCH] chore: add authentik_login_user_fields to allow showing custom fields, or removing them e.g when using social + local logins --- roles/authentik/defaults/main.yml | 6 ++++++ .../templates/blueprints/blueprint-login-sources.yaml.j2 | 9 +++++++-- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/roles/authentik/defaults/main.yml b/roles/authentik/defaults/main.yml index 85e8a15..5f88df1 100644 --- a/roles/authentik/defaults/main.yml +++ b/roles/authentik/defaults/main.yml @@ -99,6 +99,12 @@ authentik_login_source_ids: [] # - "source-entra-entra-id" authentik_identification_stage_name: default-authentication-identification +# Local login fields to show on login screen (username, email, upn) +# Set to empty list to hide local login form entirely +authentik_login_user_fields: + - username + - email + # Local users to provision authentik_local_users: [] # - username: admin diff --git a/roles/authentik/templates/blueprints/blueprint-login-sources.yaml.j2 b/roles/authentik/templates/blueprints/blueprint-login-sources.yaml.j2 index 9a7b76d..610dee8 100644 --- a/roles/authentik/templates/blueprints/blueprint-login-sources.yaml.j2 +++ b/roles/authentik/templates/blueprints/blueprint-login-sources.yaml.j2 @@ -4,14 +4,19 @@ metadata: name: "login-sources" labels: blueprints.goauthentik.io/instantiate: "true" - blueprints.goauthentik.io/description: "Set sources on the identification stage" + blueprints.goauthentik.io/description: "Set sources and user fields on the identification stage" entries: - model: authentik_stages_identification.identificationstage identifiers: name: "{{ authentik_identification_stage_name }}" attrs: - # NOTE: this SETS the sources list (it doesn’t append). + # Local login fields (username, email, upn) + user_fields: +{% for field in authentik_login_user_fields %} + - {{ field }} +{% endfor %} + # OAuth/social login sources sources: {% for src_id in authentik_login_source_ids %} - !KeyOf {{ src_id }}