Immich app blocks normal login after enabling SSO
Some users who turned on SSO in Immich — a self-hosted photo app — found they could no longer log in with a regular username and password. If SSO is enforced, anyone without access to the SSO system gets locked out.
Immich is a photo backup and management app you install on your own server instead of using a cloud service. SSO (Single Sign-On) lets one account unlock multiple apps at once — often set up with tools like Keycloak or Authelia on a home server.
The issue is that after enabling SSO, Immich may hide or disable the standard login form, leaving no easy way back in without going through the SSO system. If you run Immich on a Mac mini server, it's worth double-checking that your admin account can still log in locally before enabling SSO — otherwise a misconfiguration could lock you out of your own photos.
Key points
- Enabling SSO can remove the normal username/password login screen
- Verify your admin account supports local login before turning SSO on
- Check the 'Password login' toggle in Immich settings before enabling SSO
- Recovery options include editing the database directly or disabling SSO via environment variables
Quick term guide
- self-hosted
- Run on your own server instead of managed by another company.
- self-host
- To run a website, app, or service on your own server instead of using a hosted provider.
- home server
- A personal computer setup at home used to run services or store files instead of regular daily use.
- Mac mini server
- A Mac mini used as an always-on computer for files, apps, backups, or automation.
- Mac mini
- A small desktop computer made by Apple.
- locally
- Running on your own computer or server instead of a remote company server.
- options
- Financial contracts that give you the right to buy or sell an asset at a set price and time.
- database
- A large collection of organized data used for search and analysis.