Hi there (Thanks for the fast help on the Openshift Catridge btw) In our scenarios, there is no intention for users to have a username and password within KeyCloak - hence just use identities from Identity Providers. Within the 'Authentication' settings, choose 'Browser' as flow type, I can see 'Username Password form', but it is always 'Required'. I can see that some kind of login form is needed (we will not have a default) so users choose IdP, but really don't want the username/password fields. Do I resort to just removing them from the login template? I ask because the setting is a bit odd to have if it is always 'Required', so I'm concerned that I'm missing a general issue which pushes me towards giving all of our users passwords for KC. Which I'm keen to avoid. Maybe the console setting could do with a rename? Regards, Simon _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user