diff --git a/main.go b/main.go
index 1ae59f4..4790345 100644
--- a/main.go
+++ b/main.go
@@ -35,6 +35,6 @@ func main() {
 func run(_ *cli.Context) error {
 	ctx := signals.SetupSignalHandler(context.Background())
 	debugconfig.MustSetupDebug()
-	s := config.MustServer()
+	s := config.MustServer(ctx)
 	return s.ListenAndServe(ctx, config.HTTPSListenPort, config.HTTPListenPort, nil)
 }
diff --git a/pkg/server/cli/clicontext.go b/pkg/server/cli/clicontext.go
index 67dbbba..4bf522d 100644
--- a/pkg/server/cli/clicontext.go
+++ b/pkg/server/cli/clicontext.go
@@ -1,6 +1,10 @@
 package cli
 
 import (
+	"context"
+
+	rancherauth "github.com/rancher/rancher/pkg/auth"
+	steveauth "github.com/rancher/steve/pkg/auth"
 	authcli "github.com/rancher/steve/pkg/auth/cli"
 	"github.com/rancher/steve/pkg/server"
 	"github.com/rancher/wrangler/pkg/kubeconfig"
@@ -13,28 +17,49 @@ type Config struct {
 	HTTPSListenPort int
 	HTTPListenPort  int
 	DashboardURL    string
+	Authentication  bool
 
 	WebhookConfig authcli.WebhookConfig
 }
 
-func (c *Config) MustServer() *server.Server {
-	cc, err := c.ToServer()
+func (c *Config) MustServer(ctx context.Context) *server.Server {
+	cc, err := c.ToServer(ctx)
 	if err != nil {
 		panic(err)
 	}
 	return cc
 }
 
-func (c *Config) ToServer() (*server.Server, error) {
+func (c *Config) ToServer(ctx context.Context) (*server.Server, error) {
+	var (
+		auth       steveauth.Middleware
+		startHooks []server.StartHook
+	)
+
 	restConfig, err := kubeconfig.GetNonInteractiveClientConfig(c.KubeConfig).ClientConfig()
 	if err != nil {
 		return nil, err
 	}
 	restConfig.RateLimiter = ratelimit.None
 
-	auth, err := c.WebhookConfig.WebhookMiddleware()
-	if err != nil {
-		return nil, err
+	if c.Authentication {
+		auth, err = c.WebhookConfig.WebhookMiddleware()
+		if err != nil {
+			return nil, err
+		}
+
+		if auth == nil {
+			authServer, err := rancherauth.NewServer(ctx, restConfig)
+			if err != nil {
+				return nil, err
+			}
+
+			auth = authServer.Authenticator
+			startHooks = append(startHooks, func(ctx context.Context, s *server.Server) error {
+				s.Next = authServer.Management.Wrap(s.Next)
+				return authServer.Start(ctx)
+			})
+		}
 	}
 
 	return &server.Server{
@@ -43,6 +68,7 @@ func (c *Config) ToServer() (*server.Server, error) {
 		DashboardURL: func() string {
 			return c.DashboardURL
 		},
+		StartHooks: startHooks,
 	}, nil
 }
 
@@ -55,12 +81,12 @@ func Flags(config *Config) []cli.Flag {
 		},
 		cli.IntFlag{
 			Name:        "https-listen-port",
-			Value:       8443,
+			Value:       9443,
 			Destination: &config.HTTPSListenPort,
 		},
 		cli.IntFlag{
 			Name:        "http-listen-port",
-			Value:       8080,
+			Value:       9080,
 			Destination: &config.HTTPListenPort,
 		},
 		cli.StringFlag{
@@ -68,6 +94,10 @@ func Flags(config *Config) []cli.Flag {
 			Value:       "https://releases.rancher.com/dashboard/latest/index.html",
 			Destination: &config.DashboardURL,
 		},
+		cli.BoolTFlag{
+			Name:        "authentication",
+			Destination: &config.Authentication,
+		},
 	}
 
 	return append(flags, authcli.Flags(&config.WebhookConfig)...)