Description
When turning off the ‘Show Default Login Form’ because we are using SAML, is there a hidden URL somewhere that would allow the local admin to login if SAML breaks? Or is there another way to gain access?
Server Setup Information
- Version of Rocket.Chat Server: 3.0.12
- Operating System: Linux
- Deployment Method: Docker
- Number of Running Instances: 1
- DB Replicaset Oplog: Enabled
- NodeJS Version: v12.14.0
- MongoDB Version: 4.0.17
- Proxy: nginx
- Firewalls involved: Yes, network perimeter. Server is NATed.
Any additional Information

Hi, any solution for this ? what if SAML does not work - how admin will login
Thanks
This would be a great feature. Has anyone figured this out?
You can have a fallback with LDAP but I am not sure with SAML.
A ‘hidden’ login is still available to anyone who knows and is really a security hole. I don’t believe there is this facility.
I guess ultimately you can get in to the DB and disable SAML?
How is this a security risk if it takes you to the local login prompt? You’d still need a username and password. It’s not a ‘backdoor’ to the administrator section with no authentication.
You do, but you bypass your SAML, and any other authent linked to it - eg does your SAML provider require it’s own 2FA (just thinking out loud here)?
I’m not sure if you can get in via the API to change the settings.
https://developer.rocket.chat/api/rest-api
And ultimately you could either disable SAML or enable Show Login Form in the DB.
I always flip on the local login box under Admin - > Accounts any time I do an upgrade. It’s my safety net to getting in in case things go sideways.
I know NextCloud does it with a ‘secret’ url that bypasses SAML.
Another option would be a .env type attribute that would alow you to flip the authentication type back to that default temporary.
I have a norther system I manage that does that, if a upgrade doesn’t let me log in after an upgrade, I can change a php file and allow the ‘local’ admin login.
Nice tips - I understand.
You could add a feature-request here: