github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-03-11 00:04:08 -05:00
Code Issues 308 Packages Projects Releases 100 Wiki Activity

feat: Allow to disable admin promotion on first login #5576

New Issue
Closed
opened 2025-11-11 16:25:02 -06:00 by GiteaMirror · 3 comments
GiteaMirror commented 2025-11-11 16:25:02 -06:00
Owner
Copy Link

Originally created by @infra823 on GitHub (Jun 17, 2025).

Check Existing Issues

  • I have searched the existing issues and discussions.

Problem Description

Hi,
We deploy standardized Open-webui instances with centralized authentication via an Oauth provider. The initial post-install login being promoted to admin results in regular users being granted admin permissions on the instance, which is not something we want.

Desired Solution you'd like

Provide a way to disable first login promotion to admin.

Alternatives Considered

Systematically disable admin promotion only for Oauth users by default (promote only for local login if enabled)

Additional Context

No response

Originally created by @infra823 on GitHub (Jun 17, 2025). ### Check Existing Issues - [x] I have searched the existing issues and discussions. ### Problem Description Hi, We deploy standardized Open-webui instances with centralized authentication via an Oauth provider. The initial post-install login being promoted to admin results in regular users being granted admin permissions on the instance, which is not something we want. ### Desired Solution you'd like Provide a way to disable first login promotion to admin. ### Alternatives Considered Systematically disable admin promotion only for Oauth users by default (promote only for local login if enabled) ### Additional Context _No response_
GiteaMirror commented 2025-11-11 16:25:03 -06:00
Author
Owner
Copy Link

@Classic298 commented on GitHub (Jun 17, 2025):

the first admin is always the primary admin or also super admin.

if you already automate your deployment, what would speak against adapting your automation to always create an initial super-admin user?

For Open WebUI, it would go against core principles to allow the first user to not be an admin.

For you it would be a modification to a script

@Classic298 commented on GitHub (Jun 17, 2025): the first admin is always the primary admin or also super admin. if you already automate your deployment, what would speak against adapting your automation to always create an initial super-admin user? For Open WebUI, it would go against core principles to allow the first user to not be an admin. For you it would be a modification to a script
GiteaMirror commented 2025-11-11 16:25:03 -06:00
Author
Owner
Copy Link

@infra823 commented on GitHub (Jun 18, 2025):

How would we do this ?
We have requirements to not create local accounts (hence why we only enable oauth), and going through the whole oauth process via script would not be trivial (and might not even be an option where MFA is used for auth).

@infra823 commented on GitHub (Jun 18, 2025): How would we do this ? We have requirements to not create local accounts (hence why we only enable oauth), and going through the whole oauth process via script would not be trivial (and might not even be an option where MFA is used for auth).
GiteaMirror commented 2025-11-11 16:25:03 -06:00
Author
Owner
Copy Link

@Classic298 commented on GitHub (Jun 18, 2025):

By logging in via OAUTH you are creating local accounts though!

You can create an initial admin account before enabling oauth, then enable oauth.

And that initial admin has randomly generated password and email making it unusable.

@Classic298 commented on GitHub (Jun 18, 2025): By logging in via OAUTH you are creating local accounts though! You can create an initial admin account before enabling oauth, then enable oauth. And that initial admin has randomly generated password and email making it unusable.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#5576
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?