From 96b81f7287d16e4a26da23676454dde5594f62df Mon Sep 17 00:00:00 2001
From: Iacopo Sbalchiero <iacoposb@gmail.com>
Date: Fri, 1 May 2026 15:57:19 +0200
Subject: [PATCH] fix: hide email field on login page when SSO_ONLY is enabled

When SSO_ENABLED=true and SSO_ONLY=true the email entered on the login
page is ignored by the backend (single-tenant SSO uses FAKE_SSO_IDENTIFIER).
Hide the email form-field and the Remember-email checkbox so the page
shows only the "Continue with SSO" button. Requires the matching
bw_web_builds patch that adds .vw-email-form-field and .vw-remember-email
classes to the login template.
---
 src/static/templates/scss/vaultwarden.scss.hbs | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/static/templates/scss/vaultwarden.scss.hbs b/src/static/templates/scss/vaultwarden.scss.hbs
index 477cdd34..2da0d036 100644
--- a/src/static/templates/scss/vaultwarden.scss.hbs
+++ b/src/static/templates/scss/vaultwarden.scss.hbs
@@ -89,6 +89,16 @@ app-root ng-component > form > div:nth-child(1) > div:nth-child(3) > div:nth-chi
 }
 {{/if}}
 
+/* When SSO is the only login option, also hide the email input field and the
+   `Remember email` checkbox: the email is not required to start the SSO flow
+   in vaultwarden (single-tenant, FAKE_SSO_IDENTIFIER is used server-side). */
+{{#if sso_only}}
+.vw-email-form-field,
+.vw-remember-email {
+  @extend %vw-hide;
+}
+{{/if}}
+
 /* Hide Two-Factor menu in Organization settings */
 bit-nav-item[route="settings/two-factor"],
 a[href$="/settings/two-factor"] {