diff --git a/roles/authentik/defaults/main.yml b/roles/authentik/defaults/main.yml
index 8213b4d..8ac0785 100644
--- a/roles/authentik/defaults/main.yml
+++ b/roles/authentik/defaults/main.yml
@@ -98,3 +98,16 @@ authentik_entra_sources: []
 authentik_login_source_ids: []
 # - "source-entra-entra-id"
 authentik_identification_stage_name: default-authentication-identification
+
+# Local users to provision
+authentik_local_users: []
+# - username: admin
+#   name: "Admin User"
+#   email: "admin@example.com"
+#   password_env: AUTHENTIK_ADMIN_PASSWORD  # reference env var in authentik_blueprint_env
+#   is_active: true
+#   groups:
+#     - authentik Admins
+#   attributes:
+#     settings:
+#       locale: en
diff --git a/roles/authentik/tasks/main.yml b/roles/authentik/tasks/main.yml
index fa5caed..49cacb7 100644
--- a/roles/authentik/tasks/main.yml
+++ b/roles/authentik/tasks/main.yml
@@ -77,6 +77,14 @@
     mode: "0644"
   register: login_bp
 
+- name: Render local users blueprint
+  ansible.builtin.template:
+    src: blueprints/blueprint-local-users.yaml.j2
+    dest: "{{ authentik_docker_volume_dir }}/blueprints/05-local-users.yaml"
+    mode: "0644"
+  when: authentik_local_users | length > 0
+  register: local_users_bp
+
 - name: Create docker-compose file for authentik
   template:
     src: docker-compose.yml.j2
@@ -95,5 +103,6 @@
          or (outpost_bp is defined and (outpost_bp.results | selectattr('changed') | list | length > 0))
          or (entra_bp is defined and (entra_bp.results | selectattr('changed') | list | length > 0))
          or (login_bp is defined and login_bp.changed)
+         or (local_users_bp.changed | default(false))
         ) | ternary('always','auto')
       }}
diff --git a/roles/authentik/templates/blueprints/blueprint-local-users.yaml.j2 b/roles/authentik/templates/blueprints/blueprint-local-users.yaml.j2
new file mode 100644
index 0000000..d40454b
--- /dev/null
+++ b/roles/authentik/templates/blueprints/blueprint-local-users.yaml.j2
@@ -0,0 +1,34 @@
+# yaml-language-server: $schema=https://goauthentik.io/blueprints/schema.json
+version: 1
+metadata:
+  name: "local-users"
+  labels:
+    blueprints.goauthentik.io/instantiate: "true"
+    blueprints.goauthentik.io/description: "Local user accounts"
+
+entries:
+{% for user in authentik_local_users %}
+  - model: authentik_core.user
+    id: user-{{ user.username }}
+    identifiers:
+      username: {{ user.username }}
+    attrs:
+      username: {{ user.username }}
+      name: "{{ user.name | default(user.username) }}"
+      email: "{{ user.email | default('') }}"
+      is_active: {{ user.is_active | default(true) | lower }}
+{% if user.password_env is defined %}
+      password: !Env {{ user.password_env }}
+{% endif %}
+{% if user.groups is defined and user.groups | length > 0 %}
+      groups:
+{% for group in user.groups %}
+        - !Find [authentik_core.group, [name, {{ group }}]]
+{% endfor %}
+{% endif %}
+{% if user.attributes is defined %}
+      attributes:
+{{ user.attributes | to_nice_yaml(indent=2) | indent(8, first=true) }}
+{% endif %}
+
+{% endfor %}
\ No newline at end of file