diff --git a/src/auth/FormElement.ts b/src/auth/FormElement.ts
index 6b86f5a4dffa..e4b5b1c98b82 100644
--- a/src/auth/FormElement.ts
+++ b/src/auth/FormElement.ts
@@ -54,11 +54,15 @@ export default class GmfAuthForm extends GmfBaseElement {
   @state() private allowPasswordReset = false;
   @state() private changingPassword = false;
   @state() private userMustChangeItsPassword = false;
+  @state() private openIdConnectUrl = '';
   @state() private error = false;
   @state() private otpImage = '';
   @state() private gmfUser: User = null;
   @state() private customCSS_ = '';
   private changingPasswordUsername_ = '';
+  private initialApplicationUrl = window.location.href;
+  private currentApplicationUrl = window.location.href;
+  private openIdConnectBaseUrl = '';
 
   connectedCallback(): void {
     super.connectedCallback();
@@ -79,6 +83,16 @@ export default class GmfAuthForm extends GmfBaseElement {
           this.loginInfoMessage = message;
         },
       }),
+      setInterval(() => {
+        this.currentApplicationUrl = window.location.href;
+        const applicationUrl = this.loginInfoMessage
+          ? this.currentApplicationUrl
+          : this.initialApplicationUrl;
+        const params = new URLSearchParams({
+          came_from: applicationUrl,
+        });
+        this.openIdConnectUrl = `${this.openIdConnectBaseUrl}?${params.toString()}`;
+      }, 200),
     );
 
     // eslint-disable-next-line @typescript-eslint/no-unnecessary-type-assertion
@@ -103,6 +117,7 @@ export default class GmfAuthForm extends GmfBaseElement {
     this.twoFactorAuth = configuration.gmfTwoFactorAuth;
     this.allowPasswordChange = configuration.gmfAuthenticationConfig.allowPasswordChange;
     this.allowPasswordReset = configuration.gmfAuthenticationConfig.allowPasswordReset;
+    this.openIdConnectBaseUrl = configuration.gmfOidcLoginUrl;
     if (configuration.gmfCustomCSS && configuration.gmfCustomCSS.authentication !== undefined) {
       this.customCSS_ = configuration.gmfCustomCSS.authentication;
     }
@@ -168,7 +183,7 @@ export default class GmfAuthForm extends GmfBaseElement {
                       </div>
                       <div class="form-group">
                         <input
-                          ?hidden="${!this.allowPasswordChange}"
+                          ?hidden="${!(this.allowPasswordChange && this.gmfUser.login_type === 'local')}"
                           type="button"
                           class="form-control btn btn-default"
                           value=${i18next.t('Change password')}
@@ -196,58 +211,60 @@ export default class GmfAuthForm extends GmfBaseElement {
           `
         : ''}
       ${this.gmfUser.username === null && !this.changingPassword
-        ? html`
-            <div>
-              <form name="loginForm" role="form" @submit=${(evt: Event) => this.login(evt)}>
-                <div class="form-group">
-                  <slot name="gmf-auth-login"></slot>
-                </div>
-                <div class="form-group">
-                  <slot name="gmf-auth-password"></slot>
-                </div>
-                ${this.twoFactorAuth
-                  ? html`
-                      <div class="form-group">
-                        ${i18next.t('The following field should be kept empty on first login:')}
-                        <input
-                          type="text"
-                          class="form-control"
-                          name="otp"
-                          autocomplete="one-time-code"
-                          placeholder=${i18next.t('Authentication code')}
-                        />
-                      </div>
-                    `
-                  : ''}
-                <div class="form-group">
-                  <input type="submit" class="form-control btn prime" value=${i18next.t('Connect')} />
-                </div>
-                ${this.isLoading
-                  ? html`
-                      <div class="login-spinner">
-                        <i class="fa fa-spin"
-                          >${
-                            // eslint-disable-next-line @typescript-eslint/no-unsafe-argument
-                            unsafeSVG(loadingSvg)
-                          }</i
-                        >
-                      </div>
-                    `
+        ? this.gmfUser.auth_type == 'local'
+          ? html`
+              <div>
+                <form name="loginForm" role="form" @submit=${(evt: Event) => this.login(evt)}>
+                  <div class="form-group">
+                    <slot name="gmf-auth-login"></slot>
+                  </div>
+                  <div class="form-group">
+                    <slot name="gmf-auth-password"></slot>
+                  </div>
+                  ${this.twoFactorAuth
+                    ? html`
+                        <div class="form-group">
+                          ${i18next.t('The following field should be kept empty on first login:')}
+                          <input
+                            type="text"
+                            class="form-control"
+                            name="otp"
+                            autocomplete="one-time-code"
+                            placeholder=${i18next.t('Authentication code')}
+                          />
+                        </div>
+                      `
+                    : ''}
+                  <div class="form-group">
+                    <input type="submit" class="form-control btn prime" value=${i18next.t('Connect')} />
+                  </div>
+                  ${this.isLoading
+                    ? html`
+                        <div class="login-spinner">
+                          <i class="fa fa-spin"
+                            >${
+                              // eslint-disable-next-line @typescript-eslint/no-unsafe-argument
+                              unsafeSVG(loadingSvg)
+                            }</i
+                          >
+                        </div>
+                      `
+                    : ''}
+                  <div ?hidden="${!this.allowPasswordReset}" class="form-group">
+                    <a @click=${(evt: Event) => this.resetPassword(evt)} href=""
+                      >${i18next.t('Password forgotten?')}</a
+                    >
+                  </div>
+                </form>
+
+                ${this.resetPasswordShown
+                  ? html` <div class="alert alert-info">
+                      ${i18next.t('A new password has just been sent to you by e-mail.')}
+                    </div>`
                   : ''}
-                <div ?hidden="${!this.allowPasswordReset}" class="form-group">
-                  <a @click=${(evt: Event) => this.resetPassword(evt)} href=""
-                    >${i18next.t('Password forgotten?')}</a
-                  >
-                </div>
-              </form>
-
-              ${this.resetPasswordShown
-                ? html` <div class="alert alert-info">
-                    ${i18next.t('A new password has just been sent to you by e-mail.')}
-                  </div>`
-                : ''}
-            </div>
-          `
+              </div>
+            `
+          : html`<a href="${this.openIdConnectUrl}">${i18next.t('Connect')}</a>`
         : ''}
       ${this.changingPassword
         ? html`
diff --git a/src/auth/component.stories.ts b/src/auth/component.stories.ts
index 31af7bd17067..ba6cec605eb3 100644
--- a/src/auth/component.stories.ts
+++ b/src/auth/component.stories.ts
@@ -79,6 +79,19 @@ const login = user.getEmptyUserProperties();
 login.username = 'George';
 WithUser.args.user = login;
 
+export const EmptyOidc: any = Template.bind({});
+Empty.args = {...defaultProperties};
+const loginEmptyOidc = user.getEmptyUserProperties();
+loginEmptyOidc.auth_type = 'oidc';
+Empty.args.user = loginEmptyOidc;
+
+export const WithUserOidc: any = Template.bind({});
+WithUser.args = {...defaultProperties};
+const loginOidc = user.getEmptyUserProperties();
+loginOidc.auth_type = 'oidc';
+login.username = 'George OIDC';
+WithUser.args.user = loginOidc;
+
 /**
  * @returns The HTML of the story
  */
diff --git a/srcapi/store/config.ts b/srcapi/store/config.ts
index 061a03d24a4b..a5980b5df895 100644
--- a/srcapi/store/config.ts
+++ b/srcapi/store/config.ts
@@ -1471,6 +1471,7 @@ export type Configuration = {
   gmfI18nextConfiguration: InitOptions;
   pytreeLidarprofileJsonUrl: pytreeLidarprofileJsonUrl;
   gmfDatasourceOptions: gmfDatasourceOptions;
+  gmfOidcLoginUrl: string;
 };
 
 export type APIConfig = {
diff --git a/srcapi/store/user.ts b/srcapi/store/user.ts
index d57641c6b87d..de6d383c5de0 100644
--- a/srcapi/store/user.ts
+++ b/srcapi/store/user.ts
@@ -92,6 +92,10 @@ export interface User {
    * The two-factor authentication secret on first login
    */
   two_factor_totp_secret: string;
+  /**
+   * The server-side login type (oidc or local)
+   */
+  login_type?: string;
 }
 
 export enum UserState {