# Login form

The login form allows users to sign in to Sourcegraph using [configured auth providers](/admin/auth/).

![login form screenshot](https://sourcegraphstatic.com/docs/images/administration/auth/login_form.png)

## Configuration

<Callout type="info">Supported for Sourcegraph versions 5.1 or more.</Callout>

These options do not apply to [`builtin`](/admin/auth/#builtin-password-authentication) and
[`http-header`](/admin/auth/#http-authentication-proxies) auth providers.

-   The builtin auth provider has its own login form.
-   The HTTP header auth provider does not appear on the login form as it is applied on every request if configured.

### Change order of auth providers

When multiple auth providers are configured, the login form displays a login button for each of them. Default order
of auth providers is hardcoded in the application.

The default order can be overriden with an optional `order` parameter. It is an integer and items
will be sorted in natural order (1, 2, 3, ...).

Example [site configuration](/admin/config/site-config):

```json
{
  "auth.providers": {
    "builtin": {
      {
        "type": "builtin",
        "allowSignup": false
      },
    },
    {
      "type": "github",
      "order": 2
    },
    {
      "type": "gitlab",
      "order": 1
    }
  }
}
```

In this case, the GitLab auth provider will be shown above the GitHub auth provider on the login page.

![login form auth providers order screenshot](https://sourcegraphstatic.com/docs/images/administration/auth/login_form_order.png)

Auth providers without `order` parameter will be put at the end of the auth providers list.

### Limit count of login options

By default, the login form shows up to 5 primary auth provider buttons on the page. Other auth providers can be reached
with the `Other login methods` button.

This default can be changed, e.g. in case there are 1 or 2 preferred methods for users to login with.
For example there might be a different auth provider setup for regular engineers and a different one for site admins.
It makes sense to only show the default one to engineers to reduce confusion of regular users.

There is a [site configuration](/admin/config/site-config) parameter `auth.primaryLoginProvidersCount`:

```json
{
	"auth.primaryLoginProvidersCount": 1
	// ...
}
```

In the example above, there will be only 1 primary provider, all the other providers will be shown on the next screen,
when the `Other login methods` button is clicked.

![login form limit auth providers](https://sourcegraphstatic.com/docs/images/administration/auth/login_form_limit.png)

### Change label of auth provider button

By default Sourcegraph shows a button for each auth provider, such as `Continue with GitHub`. The text label for the button
is created from 2 parts: `Continue with` prefix and `Github`. These can be controlled with `displayPrefix` and `displayName`
optional parameters of auth provider in [site configuration](/admin/config/site-config):

Example [site configuration](/admin/config/site-config):

```json
{
	"auth.providers": [
		{
			"type": "github",
			"displayName": "GitHub Enterprise",
			"displayPrefix": "Login with"
		},
		{
			"type": "gitlab",
			"displayName": "GitLab",
			"displayPrefix": "Login with"
		}
	]
}
```

The example configuration above will render 2 buttons, `Login with GitHub Enterprise` and `Login with GitLab`.

![login form button label](https://sourcegraphstatic.com/docs/images/administration/auth/login_form_label.png)

By default, the `displayPrefix` will be `Continue with` and `displayName` will be infered from the auth provider type.

### Use only SSO for sign-in, but keep permissions syncing

Sourcegraph requires users to connect their external accounts to Sourcegraph so that Sourcegraph can sync user permissions from code hosts.
This is usually done by having the code host as a sign-in provider. However, in some cases, it might be desirable to use only SSO for sign-in,
but still sync permissions from code hosts. This can be done by setting `"noSignIn": true` on the code host auth providers required for permissions syncing.
This will hide the code host auth providers from the login form, but will still allow users to connect their external accounts from their
User Settings > Account Security page. Users will also be presented with a modal upon sign-in, asking them to connect these external accounts.

Example [site configuration](/admin/config/site-config):

```json
{
	"auth.providers": [
		{
			// SSO sign-in provider
		},
		// Providers required for permissions syncing
		{
			"type": "github",
			"displayName": "GitHub Enterprise",
			"noSignIn": true
		},
		{
			"type": "gitlab",
			"displayName": "GitLab",
			"noSignIn": true
		}
	]
}
```

### Hide auth provider

> NOTE: Hiding an auth provider is mostly useful for development purposes and special cases.

It is also possible to hide the auth provider from the login form completely. Auth providers have a `hidden` boolean property.
See the [site configuration](/admin/config/site-config) example below:

```json
{
	"auth.providers": [
		{
			"type": "github",
			"hidden": true
			// ...
		},
		{
			"type": "gitlab"
			// ...
		}
	]
}
```

In this example, the GitHub auth provider will not be shown on the login form at all. Only the GitLab auth provider will be shown.