Hide (but not disable) local authentication

I am wondering if it is possible to hide the «Sign in with email» button on the front page? In the use case for which I am evaluating Firezone, all regular users are required to log in using Keycloak, so the presence of this button is just likely to cause confusion.

I do realise that the button goes away if I disable local authentication in the admin interface, but this has the rather unfortunate side effect of locking me out of the admin interface. Therefore I would like to keep local authentication enabled for the sole purpose of allowing admin access, but hidden for regular users. (The admin user could be required to go directly to a “secret” login URL, e.g., https://firezone/auth/identity/.) Is this possible somehow?

On a related note, I would like to remove the «Change password» button and the «Multi Factor Authication» section in the https://firezone/user_account page. Is this possible? Keycloak is responsible for user passwords and MFA methods, so the presence of these in the account settings page is completely pointless and only likely to cause confusion. (I have noticed that the «Change password» button does go away if local authentication is disabled, but I cannot do that for the reason detailed in the paragraph above.)


Hey Tore!

Thanks for all the detail. We have this issue open to track work on improving UX around local email/password authentication. We’re considering removing it altogether for security and UX improvements, using OIDC/SAML for auth and token-based auth fallback for admins.