Hiding SSH login/principal from WebUI

Is there a way to hide (or at least de-prioritize) a login from the webUI, while keeping it in the SSH certificate?

The use case I have is using teleport to authorize git access to a GitLab instance. I have authentication working successfully with GitLab (Most of the glue was here: https://docs.gitlab.com/ee/administration/operations/ssh_certificates.html), and created a role, that adds ‘git’ as an allowed user, but doesn’t grant access to any nodes. This adds ‘git’ as a valid principal in the SSH certificate (which is all gitlab is looking for), but wouldn’t allow the user to log into any box even if a git user existed on it.

The problem I’m running into now is that I want to hide the git user from the WebUI. Since my name is lower than ‘git’ when alpha-sorted, all the buttons in the interface default to ‘git’, which slows things down. I would expect that most users who are using a ‘git’ user would not be expecting an interactive login, so perhaps the simplest option is to blacklist, or demote the login when sorting (similar to how ‘root’ is promoted to the top).

There’s no way that I know of to achieve this currently.

We should probably hide a login in the web UI if no node will actually allow you to log in using it - I’ll raise an issue but it’s likely to be a while before we get to it.

Issue here: https://github.com/gravitational/teleport/issues/3311