diff --git a/src/ZB.MOM.WW.MxGateway.Server/Configuration/DashboardOptions.cs b/src/ZB.MOM.WW.MxGateway.Server/Configuration/DashboardOptions.cs
index 3b38ea1..a0f888c 100644
--- a/src/ZB.MOM.WW.MxGateway.Server/Configuration/DashboardOptions.cs
+++ b/src/ZB.MOM.WW.MxGateway.Server/Configuration/DashboardOptions.cs
@@ -8,6 +8,23 @@ public sealed class DashboardOptions
     /// <summary>Gets whether anonymous localhost access to dashboard is allowed.</summary>
     public bool AllowAnonymousLocalhost { get; init; } = true;
 
+    /// <summary>
+    /// DEV/TEST ONLY. When true, the dashboard bypasses the login form entirely and
+    /// auto-authenticates EVERY request as <see cref="AutoLoginUser"/> holding both
+    /// dashboard roles (Administrator + Viewer). No cookie, no LDAP bind. Default false.
+    /// Unlike <see cref="AllowAnonymousLocalhost"/> (which only succeeds the authorization
+    /// requirement without authenticating), this mints a real principal, so the UI behaves
+    /// as a signed-in admin and applies to all clients (not just loopback). Never enable in
+    /// production. See docs/plans/2026-06-16-dashboard-disable-login-design.md.
+    /// </summary>
+    public bool DisableLogin { get; init; }
+
+    /// <summary>
+    /// Username minted for the auto-login principal when <see cref="DisableLogin"/> is true.
+    /// Null/blank falls back to the GLAuth Administrator test user <c>multi-role</c>.
+    /// </summary>
+    public string? AutoLoginUser { get; init; }
+
     /// <summary>
     /// When true (default), the dashboard auth cookie is restricted to HTTPS
     /// requests via <see cref="Microsoft.AspNetCore.Http.CookieSecurePolicy.Always"/>.
diff --git a/src/ZB.MOM.WW.MxGateway.Tests/Configuration/GatewayOptionsTests.cs b/src/ZB.MOM.WW.MxGateway.Tests/Configuration/GatewayOptionsTests.cs
index 03385a2..d36572f 100644
--- a/src/ZB.MOM.WW.MxGateway.Tests/Configuration/GatewayOptionsTests.cs
+++ b/src/ZB.MOM.WW.MxGateway.Tests/Configuration/GatewayOptionsTests.cs
@@ -121,6 +121,18 @@ public sealed class GatewayOptionsTests
             StringComparison.Ordinal);
     }
 
+    [Fact]
+    public void DashboardOptions_DisableLogin_DefaultsToFalse()
+    {
+        Assert.False(new DashboardOptions().DisableLogin);
+    }
+
+    [Fact]
+    public void DashboardOptions_AutoLoginUser_DefaultsToNull()
+    {
+        Assert.Null(new DashboardOptions().AutoLoginUser);
+    }
+
     private static GatewayOptions BindOptions(IReadOnlyDictionary<string, string?> configurationValues)
     {
         using ServiceProvider services = BuildServices(configurationValues);