diff --git a/auth.go b/auth.go
index 5b1af67..90fddb9 100644
--- a/auth.go
+++ b/auth.go
@@ -11,6 +11,7 @@ import (
 )
 
 var LocalAuthFunc = checkAuthKrb5
+var allowLocalAuth bool
 var localAuthUsers arrayFlags
 
 type loginForm struct {
diff --git a/auth_krb5.go b/auth_krb5.go
index 71d928c..27e2e72 100644
--- a/auth_krb5.go
+++ b/auth_krb5.go
@@ -42,17 +42,19 @@ func checkAuthKrb5(c *gin.Context) {
 		return
 	}
 
-	found := false
-	for _, u := range localAuthUsers {
-		if lf.Login == u {
-			found = true
-			break
+	if !allowLocalAuth {
+		found := false
+		for _, u := range localAuthUsers {
+			if lf.Login == u {
+				found = true
+				break
+			}
 		}
-	}
 
-	if !userExists(lf.Login) && !found {
-		c.AbortWithStatusJSON(http.StatusForbidden, gin.H{"errmsg": "You are not allowed to log you in this way. Please use OpenID Connect."})
-		return
+		if !userExists(lf.Login) && !found {
+			c.AbortWithStatusJSON(http.StatusForbidden, gin.H{"errmsg": "You are not allowed to log you in this way. Please use OpenID Connect."})
+			return
+		}
 	}
 
 	cnf := config.New()
diff --git a/main.go b/main.go
index f2a5576..dbad343 100644
--- a/main.go
+++ b/main.go
@@ -62,6 +62,7 @@ func main() {
 	flag.StringVar(&baseURL, "baseurl", baseURL, "URL prepended to each URL")
 	flag.UintVar(&currentPromo, "current-promo", currentPromo, "Year of the current promotion")
 	flag.UintVar(&OffsetQuestionTimer, "offset-question-timer", OffsetQuestionTimer, "Duration to wait before sending pause msg in direct mode (in milliseconds)")
+	flag.BoolVar(&allowLocalAuth, "allow-local-auth", false, "Allow local authentication for all users (bypass OIDC).")
 	flag.Var(&localAuthUsers, "local-auth-user", "Allow local authentication for this user (bypass OIDC).")
 	flag.Parse()