HA Guest Auto-Login

aaaaa · March 16, 2024, 7:08pm

Hi friends, I’d like to have a guest user that’s auto-logged-in when my HA instance is accessed from the guest wifi. Guest wifi is on a different subnet (…84…), and my config is below. The most infuriating part is that this works for extended periods of time, months even, on various devices, and then will just suddenly and seemingly-randomly stop working for months. I have no idea what I could be doing wrong, or what network setup issues could be causing this.

homeassistant:
  auth_providers:
    - type: trusted_networks
      trusted_networks:
        - 192.168.84.0/24
      trusted_users:
        192.168.84.0/24: 1df906fe47e24e17b60665eac878a403
      allow_bypass_login: true
    - type: homeassistant

Yes, the user ID is correct; I also tried moving it into an array which is how it was configured when it worked; I also tried allowing non-local “guest” user logins.

Any ideas? I’ve been deep into HA for the past year or so so I think this may be a bug but who knows.

Thib5 · February 22, 2025, 4:34pm

Hi did you figure this out ? I need it for guest but also for device like kiosk that I can’t have keyboard for login

Thanks

aaaaa · March 7, 2025, 7:46am

Hi yes I did! I put my configuration below, but then realized it’s exactly the same as above so…I’m not sure what I did to fix it tbh.

homeassistant:
  auth_providers:
    - type: trusted_networks
      trusted_networks:
        - 192.168.xx.xx/24 # This is the guest network subnet
      trusted_users:
        192.168.xx.xx/24: 0a0a0a0a0a0a0a # This is the same subnet as above, and the 0a0a... is the ID of your guest user
      allow_bypass_login: true
    - type: homeassistant

Thib5 · March 8, 2025, 8:40pm

aaaaa:

homeassistant:
  auth_providers:
    - type: trusted_networks
      trusted_networks:
        - 192.168.xx.xx/24 # This is the guest network subnet
      trusted_users:
        192.168.xx.xx/24: 0a0a0a0a0a0a0a # This is the same subnet as above, and the 0a0a... is the ID of your guest user
      allow_bypass_login: true
    - type: homeassistant

Still not working but thanks for your help !

Edwin_D · March 8, 2025, 10:03pm

A properly configured guest network should not be able to access HA in the local network. If it can, your guest network is no different then your real one, but less protected. That is a security risk. The guest network should be treated as WAN. Using the external addrress of your Home Assistant from the guest network is fine, unblocked local access is not.

Also, trusting your guest network makes things worse.

aaaaa · April 5, 2025, 4:05pm

I mean this obviously depends on your use case and overall security posture. It’s not accurate that it’s “the same as your regular network” in my case, as I only allow HA itself onto the guest network, not my iot devices directly. I think this is a perfectly reasonable balance between security and convenience for me. Similarly, my guest Wi-Fi password is very simple and my HA guest password is as well, because people will use it if it’s easier instead of sharing the main network from their phone, but obviously that’s “less secure” in a myopic theoretical sense.

aaaaa · April 5, 2025, 4:06pm

Hmmm what happens when you try to load it?