Disable password login and enforce SSO/OIDC-only authentication

[dregini]

Hi!
I’d like to request the ability to disable local password-based login and allow only SSO/OIDC authentication, along with an option to redirect users directly to the identity provider without showing the login page.
This would be especially useful in self-hosted setups where non-technical family members are already used to authenticating exclusively through a single sign-on provider across all apps — the password form just creates unnecessary confusion.
Expected Behavior

1. Admin enables “SSO-only mode” via ENV variable (using an ENV rather than an in-app toggle ensures the admin can still revert access if the identity provider is unreachable or the admin account is not linked to an OIDC user)
2. Any unauthenticated user visiting the app is immediately redirected to the configured identity provider (e.g. Keycloak)
3. After successful authentication, the user is redirected back to the app as usual
4. The local login form is never shown
   Thanks!

[afairgiant]

I can look into doing that once I get some bugs and other things squared away