Dashboard Authentication
This release is all about authentication. CrowdSec Web UI now has built-in protection for the browser UI and API routes, plus a new Settings page where authentication and user preferences can be managed from the UI.
New installs start with authentication enabled and show an initial setup flow for creating the first administrator account. Existing installs keep authentication disabled after upgrade unless you explicitly opt in, so current deployments continue working without surprise lockouts.
What's New
- Added a new Settings page for language, refresh interval, authentication, and preferences.
- Added password login, logout, signed sessions, and first-run setup.
- Added passkey registration and passkey login with WebAuthn.
- Added OIDC SSO with configurable issuer, client ID, client secret, group claim, admin groups, and read-only groups.
- Added Settings controls for password changes, passkey management, disabling password login, and OIDC configuration.
- Added admin and read-only access handling for authenticated users.
- Localized the new Settings and authentication copy across all supported UI languages.
- Updated documentation for dashboard authentication, file-backed auth secrets, and upgrade behavior.
- Bumped the local development toolchain to Node.js
24.18.0and pnpm11.9.0.
Upgrade Notes
Existing installs can enable dashboard authentication with:
CROWDSEC_AUTH_ENABLED=trueTo run without dashboard login, set:
CROWDSEC_AUTH_ENABLED=falseScreenshot
Changes
- Dashboard Authentication (#304)
- Add settings page for preferences
- Add dashboard authentication
- Show auth disabled hint in settings
- Bump Node and pnpm versions
- Refine password settings controls
- Translate settings authentication section
- Improve settings group editing and toasts
- Add passkey registration modal
- Refresh README screenshots (#305)
Contributors
Docker
docker pull ghcr.io/TheDuffman85/crowdsec-web-ui:2026.6.9