diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java
index 3d66de957..a5144dc6a 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java
@@ -9,7 +9,6 @@
 import edu.internet2.tier.shibboleth.admin.ui.security.springsecurity.AdminUserService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
-import org.springframework.boot.autoconfigure.AutoConfigureBefore;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -27,9 +26,8 @@
 import org.springframework.security.web.firewall.StrictHttpFirewall;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 
-import java.util.Collections;
-
 import javax.transaction.Transactional;
+import java.util.Collections;
 
 /**
  * Web security configuration.
@@ -38,20 +36,29 @@
 @ConditionalOnMissingBean(WebSecurityConfigurerAdapter.class)
 public class WebSecurityConfig {
 
+    @Value("${shibui.default-password:}")
+    private String defaultPassword;
+
     @Value("${shibui.logout-url:/dashboard}")
     private String logoutUrl;
 
-    @Value("${shibui.default-password:}")
-    private String defaultPassword;
+    @Autowired
+    private RoleRepository roleRepository;
+
+    @Value("${shibui.default-rootuser:root}")
+    private String rootUser;
 
     @Autowired
     private UserRepository userRepository;
 
     @Autowired
     private UserService userService;
-    
-    @Autowired
-    private RoleRepository roleRepository;
+
+    @Bean
+    @Profile("!no-auth")
+    public AdminUserService adminUserService(UserRepository userRepository) {
+        return new AdminUserService(userRepository);
+    }
 
     private HttpFirewall allowUrlEncodedSlashHttpFirewall() {
         StrictHttpFirewall firewall = new StrictHttpFirewall();
@@ -60,8 +67,10 @@ private HttpFirewall allowUrlEncodedSlashHttpFirewall() {
         return firewall;
     }
 
-    private HttpFirewall defaultFirewall() {
-        return new DefaultHttpFirewall();
+    @Bean
+    @Profile("!no-auth")
+    public AuditorAware<String> defaultAuditorAware() {
+        return new DefaultAuditorAware();
     }
 
     @Bean
@@ -92,9 +101,9 @@ protected void configure(AuthenticationManagerBuilder auth) throws Exception {
                 PasswordEncoder passwordEncoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
                 if (defaultPassword != null && !"".equals(defaultPassword)) {
                     // TODO: yeah, this isn't good, but we gotta initialize this user for now
-                    User adminUser = userRepository.findByUsername("root").orElseGet(() ->{
+                    User adminUser = userRepository.findByUsername(rootUser).orElseGet(() ->{
                         User u = new User();
-                        u.setUsername("root");
+                        u.setUsername(rootUser);
                         u.setPassword(defaultPassword);
                         u.setFirstName("admin");
                         u.setLastName("user");
@@ -127,16 +136,8 @@ public void configure(WebSecurity web) throws Exception {
         };
     }
 
-    @Bean
-    @Profile("!no-auth")
-    public AuditorAware<String> defaultAuditorAware() {
-        return new DefaultAuditorAware();
-    }
-
-    @Bean
-    @Profile("!no-auth")
-    public AdminUserService adminUserService(UserRepository userRepository) {
-        return new AdminUserService(userRepository);
+    private HttpFirewall defaultFirewall() {
+        return new DefaultHttpFirewall();
     }
 
     @Bean
@@ -157,5 +158,4 @@ public void configure(WebSecurity web) throws Exception {
             }
         };
     }
-}
-
+}
\ No newline at end of file
diff --git a/backend/src/main/resources/application.properties b/backend/src/main/resources/application.properties
index 83f2635e0..1960625fc 100644
--- a/backend/src/main/resources/application.properties
+++ b/backend/src/main/resources/application.properties
@@ -59,6 +59,7 @@ shibui.logout-url=/dashboard
 # spring.profiles.active=default
 
 #shibui.default-password=
+shibui.default-rootuser=root
 
 shibui.metadata-sources-ui-schema-location=classpath:metadata-sources-ui-schema.json
 shibui.entity-attributes-filters-ui-schema-location=classpath:entity-attributes-filters-ui-schema.json
@@ -97,4 +98,4 @@ shibui.roles=ROLE_ADMIN,ROLE_USER,ROLE_NONE
 #This property must be set to true in order to enable posting stats to beacon endpoint. Furthermore, appropriate
 #environment variables must be set for beacon publisher to be used (the ones that are set when running shib-ui in
 #docker container
-shibui.beacon-enabled=true
+shibui.beacon-enabled=true
\ No newline at end of file
diff --git a/backend/src/main/resources/application.yml b/backend/src/main/resources/application.yml
index e9301289a..d1fea58e5 100644
--- a/backend/src/main/resources/application.yml
+++ b/backend/src/main/resources/application.yml
@@ -1,4 +1,5 @@
 #shibui:
+#  default-rootuser=root
 #  pac4j-enabled: true
 #  pac4j:
 #    keystorePath: "/etc/shibui/samlKeystore.jks"