diff --git a/packages/admin-ui/src/pages/Authentication/LoginState.jsx b/packages/admin-ui/src/pages/Authentication/LoginState.jsx
index ef7541c..1ba1420 100644
--- a/packages/admin-ui/src/pages/Authentication/LoginState.jsx
+++ b/packages/admin-ui/src/pages/Authentication/LoginState.jsx
@@ -83,6 +83,11 @@ const LoginState = ({ dispatch, strategy }) => {
 
     if (!loginResponse.login) return
 
+    // Handle SKIP2FA case - directly get user data and navigate
+    if (loginResponse.login === 'SKIP2FA') {
+      return getUserData()
+    }
+
     return dispatch({
       type: loginResponse.login,
       payload: {
diff --git a/packages/server/lib/new-admin/graphql/modules/userManagement.js b/packages/server/lib/new-admin/graphql/modules/userManagement.js
index 492afa9..4591ed2 100644
--- a/packages/server/lib/new-admin/graphql/modules/userManagement.js
+++ b/packages/server/lib/new-admin/graphql/modules/userManagement.js
@@ -10,6 +10,7 @@ const users = require('../../../users')
 const sessionManager = require('../../../session-manager')
 const authErrors = require('../errors')
 const credentials = require('../../../hardware-credentials')
+const { skip2fa } = require('../../../environment-helper')
 
 const REMEMBER_ME_AGE = 90 * T.day
 
@@ -162,15 +163,25 @@ const deleteSession = (sessionID, context) => {
   return sessionManager.deleteSessionById(sessionID)
 }
 
-const login = (username, password) => {
+const login = (username, password, context) => {
   return authenticateUser(username, password)
     .then(user => {
+      // Skip 2FA if environment variable is set
+      if (skip2fa) {
+        initializeSession(context, user, false)
+        return 'SKIP2FA'
+      }
+
       return Promise.all([
         credentials.getHardwareCredentialsByUserId(user.id),
         user.twofa_code,
       ])
     })
-    .then(([devices, twoFASecret]) => {
+    .then(result => {
+      // If we already handled skip2fa, return the result
+      if (result === 'SKIP2FA') return result
+
+      const [devices, twoFASecret] = result
       if (!_.isEmpty(devices)) return 'FIDO'
       return twoFASecret ? 'INPUT2FA' : 'SETUP2FA'
     })
diff --git a/packages/server/lib/new-admin/graphql/resolvers/users.resolver.js b/packages/server/lib/new-admin/graphql/resolvers/users.resolver.js
index 513a341..8e2f941 100644
--- a/packages/server/lib/new-admin/graphql/resolvers/users.resolver.js
+++ b/packages/server/lib/new-admin/graphql/resolvers/users.resolver.js
@@ -124,8 +124,8 @@ const resolver = {
       sessionManager.deleteSessionsByUsername(username),
     changeUserRole: (...[, { confirmationCode, id, newRole }, context]) =>
       userManagement.changeUserRole(confirmationCode, id, newRole, context),
-    login: (...[, { username, password }]) =>
-      userManagement.login(username, password),
+    login: (...[, { username, password }, context]) =>
+      userManagement.login(username, password, context),
     input2FA: (...[, { username, password, rememberMe, code }, context]) =>
       userManagement.input2FA(username, password, rememberMe, code, context),
     setup2FA: (