Login form

The login form allows users to sign in to Sourcegraph using configured auth providers.

login form screenshot

Configuration

Supported for Sourcegraph versions 5.1 or more.

These options do not apply to builtin and http-header auth providers.

  • The builtin auth provider has its own login form.
  • The HTTP header auth provider does not appear on the login form as it is applied on every request if configured.

Change order of auth providers

When multiple auth providers are configured, the login form displays a login button for each of them. Default order of auth providers is hardcoded in the application.

The default order can be overriden with an optional order parameter. It is an integer and items will be sorted in natural order (1, 2, 3, ...).

Example site configuration:

JSON
{
  "auth.providers": {
    "builtin": {
      {
        "type": "builtin",
        "allowSignup": false
      },
    },
    {
      "type": "github",
      "order": 2
    },
    {
      "type": "gitlab",
      "order": 1
    }
  }
}

In this case, the GitLab auth provider will be shown above the GitHub auth provider on the login page.

login form auth providers order screenshot

Auth providers without order parameter will be put at the end of the auth providers list.

Limit count of login options

By default, the login form shows up to 5 primary auth provider buttons on the page. Other auth providers can be reached with the Other login methods button.

This default can be changed, e.g. in case there are 1 or 2 preferred methods for users to login with. For example there might be a different auth provider setup for regular engineers and a different one for site admins. It makes sense to only show the default one to engineers to reduce confusion of regular users.

There is a site configuration parameter auth.primaryLoginProvidersCount:

JSON
{
  "auth.primaryLoginProvidersCount": 1,
  // ...
}

In the example above, there will be only 1 primary provider, all the other providers will be shown on the next screen, when the Other login methods button is clicked.

login form limit auth providers

Change label of auth provider button

By default Sourcegraph shows a button for each auth provider, such as Continue with GitHub. The text label for the button is created from 2 parts: Continue with prefix and Github. These can be controlled with displayPrefix and displayName optional parameters of auth provider in site configuration:

Example site configuration:

JSON
{
  "auth.providers": [
    {
      "type": "github",
      "displayName": "GitHub Enterprise",
      "displayPrefix": "Login with"
    },
    {
      "type": "gitlab",
      "displayName": "GitLab",
      "displayPrefix": "Login with"
    }
  ]
}

The example configuration above will render 2 buttons, Login with GitHub Enterprise and Login with GitLab.

login form button label

By default, the displayPrefix will be Continue with and displayName will be infered from the auth provider type.

Use only SSO for sign-in, but keep permissions syncing

Sourcegraph requires users to connect their external accounts to Sourcegraph so that Sourcegraph can sync user permissions from code hosts. This is usually done by having the code host as a sign-in provider. However, in some cases, it might be desirable to use only SSO for sign-in, but still sync permissions from code hosts. This can be done by setting "noSignIn": true on the code host auth providers required for permissions syncing. This will hide the code host auth providers from the login form, but will still allow users to connect their external accounts from their User Settings > Account Security page. Users will also be presented with a modal upon sign-in, asking them to connect these external accounts.

Example site configuration:

JSON
{
  "auth.providers": [
    {
      // SSO sign-in provider
    },
    // Providers required for permissions syncing
    {
      "type": "github",
      "displayName": "GitHub Enterprise",
      "noSignIn": true
    },
    {
      "type": "gitlab",
      "displayName": "GitLab",
      "noSignIn": true
    }
  ]
}

Hide auth provider

NOTE: Hiding an auth provider is mostly useful for development purposes and special cases.

It is also possible to hide the auth provider from the login form completely. Auth providers have a hidden boolean property. See the site configuration example below:

JSON
{
  "auth.providers": [
    {
      "type": "github",
      "hidden": true,
      // ...
    },
    {
      "type": "gitlab",
      // ...
    }
  ]
}

In this example, the GitHub auth provider will not be shown on the login form at all. Only the GitLab auth provider will be shown.