Control local login and authentik/OIDC. Settings are saved in the database; environment variables only fill blank fields as bootstrap defaults.
Cannot disable all login methods; at least one must remain enabled.
)} {cantDisableLocal && !wouldLockOut && (Cannot disable local login without authentik/OIDC configured, enabled, and mapped to an admin group.
)} {oidcEnabledButIncomplete && (authentik/OIDC needs {missingFields.join(', ')} before it can be enabled.
)} {data?.warnings?.map((w, i) => ({w}
))}Use the authentik provider issuer URL or full discovery URL, for example https://yourURL.com/application/o/bills/.well-known/openid-configuration.
{issuerEndpointWarning && (This looks like an authorization endpoint. In authentik, copy the provider issuer or OpenID Configuration URL.
)}Advanced. Keep client_secret_basic unless your authentik provider explicitly requires client_secret_post.
Add this exact URL to the Redirect URIs allowed by authentik.
Only users in this authentik group become app admins. Admin is never granted by default.
When enabled, valid authentik users are created in this app on first login.