(settings to) force users to use Emby Connect

[brothom 177]

I've only just noticed that connecting a user to an Emby Connect emailaddress and leaving their password empty, allows them to login via the server's web app without any password at all.

My understanding was that users wouldn't be able to log in directly if they didn't have a password but apparently I was mistaken.\

I'd rather not have to manage my users passwords because I prefer them to login via Emby Connect anyway. Isn't there a way to "force login via Emby Connect" or provide a setting to disable them logging in directly?

Edited December 9, 2025 by brothom

[darkassassin07 652]

Set their local password, don't give that to them, disable password changing. Now their only option is Connect.

[brothom 177]

1 minute ago, darkassassin07 said:

Set their local password, don't give that to them, disable password changing. Now their only option is Connect.

That's not what I'm asking for though. I would want the ability to log in with their users via the login form to be completely impossible to improve security, otherwise I'll just give bruteforce bots more points of entries.

[Q-Droid 989]

Are you asking to completely disable the login page for external users?

If a user doesn't know their password then they can't login. Unfortunately Emby user management is not enforcing or warning when a Connect user doesn't have a local password. Some server owners have suffered breaches as a result.

 

[brothom 177]

2 minutes ago, Q-Droid said:

Are you asking to completely disable the login page for external users?

If a user doesn't know their password then they can't login. Unfortunately Emby user management is not enforcing or warning when a Connect user doesn't have a local password. Some server owners have suffered breaches as a result.

 

Yep that's also what I mean. It would be nice if we could offload the entire login procedure to Emby Connect and not store passwords locally at all. Now all we can do is generate a 256 character password but that kind of defeats the purpose in my opionion. It's a workaround more than anything really.

[Q-Droid 989]

Emby Connect is a convenience feature that many don't use or want to use. It's the opposite of having full control and privacy of your users on your server to exclude 3rd parties. But for those who want to have a Connect only environment being able to turn off the login page would be a nice feature.

 

Edited December 9, 2025 by Q-Droid

[brothom 177]

4 minutes ago, Q-Droid said:

Emby Connect is a convenience feature that many don't use or want to use. It's the opposite of having full control and privacy of your users on your server to exclude 3rd parties. But for those who want to have a Connect only environment being able to turn off the login page would be a nice feature.

 

Yep. I can see why people would want to keep user management to themselves, but in my case the convience of Emby Connect outweighs having to manage my user's credentials manually. They decide their own (Emby Connect) password, use it to log into the service and that's it. All the admin has to do is grant the correct permission(s).

[Neminem 1518]

Yes is convenient, but what if its was hacked?

And emby's forum account and password where reveled.

And it was unnoticed, then bad actors would then have a list to access everything.

Since its tiet you your server via user email  

Edited December 9, 2025 by Neminem

[brothom 177]

11 minutes ago, Neminem said:

Yes is convenient, but what if its was hacked?

And emby's forum account and password where reveled.

And it was unnoticed, then bad actors would then have a list to access everything.

Since its tiet you your server via user email  

That's why we can do both. Local-only users already works. It's just that in the case of users like me, it would be "more convenient" if the local login could be disabled for specific users.

[Neminem 1518]

Sadly it can't right now

But great request

That would help someone out there, that thinking its safe without a password

Edited December 9, 2025 by Neminem

[Q-Droid 989]

23 minutes ago, brothom said:

That's why we can do both. Local-only users already works. It's just that in the case of users like me, it would be "more convenient" if the local login could be disabled for specific users.

Just for clarity, I can understand a request to disable local authentication for connect users and a request to disable the external web app login page for all users. Two different things and one might be easier to implement than the other. Which are you asking for?

Not knowing the password is effectively the same as disabling local authentication. 

 

 

[Neminem 1518]

Since the user account is setup by Emby's local admin (you) and then connected to Emby connect / forum account after the user creation.

How would this work?

What comes first ? chicken (admin) or egg (emby connect)?

 

[brothom 177]

16 hours ago, Neminem said:

Since the user account is setup by Emby's local admin (you) and then connected to Emby connect / forum account after the user creation.

How would this work?

What comes first ? chicken (admin) or egg (emby connect)?

Nothing really changes here. The user is created locally and an Emby Connect emailaddress is tied in with it. 

 

17 hours ago, Q-Droid said:

Just for clarity, I can understand a request to disable local authentication for connect users and a request to disable the external web app login page for all users. Two different things and one might be easier to implement than the other. Which are you asking for?

Not knowing the password is effectively the same as disabling local authentication. 

Yep, you're right and that's also the direction I'd like to see. Being able to configure user to use to use local, remote or both authentications. 

An additional advantage is that the admins don't have to "know" their user's passwords when they're creating it or have to give them silly insecure ones otherwise the users won't get past their initial login. I've found that my users have no issues logging in via app.emby.media or via the app using Emby Connect which is also setup with their credentials they chose.