Add note about OIDC and LD_SUPERUSER_NAME combination (#992)

* docs: add note about OIDC and LD_SUPERUSER_NAME combination Resolves #988 * tweak text --------- Co-authored-by: Sascha Ißbrücker <sascha.issbruecker@gmail.com>
2025-08-07 18:58:30 +02:00 · 2025-02-18 21:45:26 +00:00
parent 1274a9ae0a
commit 9d61bdce52
1 changed files with 12 additions and 5 deletions
--- a/docs/src/content/docs/options.md
+++ b/docs/src/content/docs/options.md
@@ -127,6 +127,13 @@ The following options can be configured:
 - `OIDC_RP_SCOPES` - Scopes asked for on the authorization flow. Default is `oidc email profile`.
 - `OIDC_USERNAME_CLAIM` - A custom claim to used as username for new accounts, for example `preferred_username`. If the configured claim does not exist or is empty, the email claim is used as fallback. Default is `email`.

+#### `OIDC` and `LD_SUPERUSER_NAME`
+
+As noted above, OIDC matches users by email address, but `LD_SUPERUSER_NAME` will only set the username.
+Instead of setting `LD_SUPERUSER_NAME` it is recommended that you use the method described in [User setup](/installation#user-setup) to configure a superuser with both username and email address.
+This way when OIDC searches for a matching user it will find the superuser account you created.
+Note that you should create the superuser **before** logging in with OIDC for the first time.
+
 <details>

 <summary>Authelia Example</summary>