diff --git a/README.md b/README.md
index a3d1da46a9..4bb8efe25b 100644
--- a/README.md
+++ b/README.md
@@ -165,6 +165,7 @@ cd -
 
 Once Service Workbench is fully deployed, the console will output the Website URL and Root Password for Service Workbench. You can log in by navigating to the Website URL in any browser, and then using the username 'root' and the Root Password given by the console. Please note that logging as the root user is highly discouraged, and should only be used for initial setup. You can create a new user by clicking the "Users" tab on the left, then "Add Local User". Follow the instructions given to create the user (you can leave the 'Project' field blank for now), then log out of the root account and into your new user account.
 
+Adding a local user should only be done in test environments. We highly recommend using an IDP for prod environments. For more details on how to set up an IDP, please click [here](/docs/docs/user_guide/sidebar/admin/auth/introduction.md)
 ## Linking an existing AWS account
 
 Once in your user account, you'll need to link your AWS account. Navigate to "AWS Accounts" in the left bar, then click the "AWS Accounts" tab. From here, you can create an AWS account, or link an existing one.
diff --git a/addons/addon-base-raas-ui/packages/base-raas-ui/src/models/users/User.js b/addons/addon-base-raas-ui/packages/base-raas-ui/src/models/users/User.js
index a57b8617f7..925ddecc91 100644
--- a/addons/addon-base-raas-ui/packages/base-raas-ui/src/models/users/User.js
+++ b/addons/addon-base-raas-ui/packages/base-raas-ui/src/models/users/User.js
@@ -102,6 +102,10 @@ const User = types
       return _.toLower(self.userType) === 'root';
     },
 
+    get isInternalAuthUser() {
+      return _.toLower(self.authenticationProviderId) === 'internal';
+    },
+
     get isActive() {
       return _.toLower(self.status) === 'active';
     },
diff --git a/addons/addon-base-raas-ui/packages/base-raas-ui/src/models/users/__tests__/User.test.js b/addons/addon-base-raas-ui/packages/base-raas-ui/src/models/users/__tests__/User.test.js
new file mode 100644
index 0000000000..68a1f28f6e
--- /dev/null
+++ b/addons/addon-base-raas-ui/packages/base-raas-ui/src/models/users/__tests__/User.test.js
@@ -0,0 +1,50 @@
+import { User } from '../User';
+
+describe('User', () => {
+  it('should get all user fields correctly', () => {
+    const userJson = {
+      uid: 'u-N__Z_pJTr5oSNUaM6-oP7',
+      firstName: 'John',
+      lastName: 'Smith',
+      isAdmin: false,
+      isExternalUser: false,
+      username: 'JohnSmith@amazon.com',
+      ns: 'internal',
+      email: 'JohnSmith@amazon.com',
+      authenticationProviderId: 'internal',
+      status: 'active',
+      createdBy: 'u-0Jse-jzwgiczKaa74IFKg',
+      rev: 1,
+      userRole: 'researcher',
+      projectId: ['Project1'],
+      encryptedCreds: 'N/A',
+      applyReason: 'N/A',
+    };
+
+    const user = User.create(userJson);
+
+    expect(user.displayName).toEqual('John Smith');
+    expect(user.longDisplayName).toEqual('John Smith (JohnSmith@amazon.com)');
+    expect(user.unknown).toEqual(false);
+    expect(user.isRootUser).toEqual(false);
+    expect(user.isInternalAuthUser).toEqual(true);
+    expect(user.isActive).toEqual(true);
+    expect(user.isInternalGuest).toEqual(false);
+    expect(user.isExternalGuest).toEqual(false);
+    expect(user.isInternalResearcher).toEqual(true);
+    expect(user.isSystem).toEqual(false);
+    expect(user.isSame('abcd')).toEqual(false);
+    expect(user.isSamePrincipal('abcd', 'xyz')).toEqual(false);
+    expect(user.id).toEqual('u-N__Z_pJTr5oSNUaM6-oP7');
+    expect(user.principal).toEqual({ username: 'JohnSmith@amazon.com', ns: 'internal' });
+    expect(user.principalStr).toEqual(JSON.stringify({ username: 'JohnSmith@amazon.com', ns: 'internal' }));
+    expect(user.hasProjects).toEqual(true);
+    expect(user.hasCredentials).toEqual(false);
+    expect(user.capabilities).toEqual({
+      canCreateStudy: true,
+      canCreateWorkspace: true,
+      canSelectStudy: true,
+      canViewDashboard: true,
+    });
+  });
+});
diff --git a/addons/addon-base-ui/packages/base-ui/src/plugins/initialization-plugin.js b/addons/addon-base-ui/packages/base-ui/src/plugins/initialization-plugin.js
index c52811576d..c92a9a3989 100644
--- a/addons/addon-base-ui/packages/base-ui/src/plugins/initialization-plugin.js
+++ b/addons/addon-base-ui/packages/base-ui/src/plugins/initialization-plugin.js
@@ -80,9 +80,17 @@ async function postInit(payload, appContext) {
   await userStore.load();
 
   const isRootUser = userStore.user.isRootUser;
+  const isInternalAuthUser = userStore.user.isInternalAuthUser;
   if (isRootUser) {
     displayWarning('You have logged in as root user. Logging in as root user is discouraged.');
   }
+
+  const isProduction = process.env.REACT_APP_SITE_ENV_TYPE === 'prod';
+  if (isInternalAuthUser && isProduction) {
+    displayWarning(
+      'You are using internal Authentication for this user. Internal Authentication is not recommended for prod environments. Please consider using an IDP.',
+    );
+  }
 }
 
 const plugin = {
diff --git a/docs/docs/deployment/post_deployment/create_admin_user.md b/docs/docs/deployment/post_deployment/create_admin_user.md
index 33fe85f575..812c0d1f19 100644
--- a/docs/docs/deployment/post_deployment/create_admin_user.md
+++ b/docs/docs/deployment/post_deployment/create_admin_user.md
@@ -15,8 +15,10 @@ _**Figure 7: Create an Administrator**_
 
 _**Note**: A root user account will already be created, however, you must not routinely use the root user account._ 
 
-1.	Click ‘**Add Local User**’. Assign the user the administrator’s role, and associate the user with the **Project** you created, and set the status to ‘**Active**’. See **Figure 8**.
+For testing purposes, you can create a local user by clicking  ‘**Add Local User**’. Assign the user the administrator’s role, and associate the user with the **Project** you created, and set the status to ‘**Active**’. See **Figure 8**.
 
 <img src={useBaseUrl('img/deployment/post_deployment/create_user_01.jpg')} />
 
 _**Figure 8: Add Local User**_
+
+**In prod environments we highly recommend using an IDP. For more details, click [here](../../user_guide/sidebar/admin/auth/introduction.md)**
diff --git a/main/solution/ui/config/environment/env-template.yml b/main/solution/ui/config/environment/env-template.yml
index 6784a87ae3..c442dc6b61 100644
--- a/main/solution/ui/config/environment/env-template.yml
+++ b/main/solution/ui/config/environment/env-template.yml
@@ -17,6 +17,7 @@ REACT_APP_AUTO_LOGOUT_TIMEOUT_IN_MINUTES: ${self:custom.settings.autoLogoutTimeo
 REACT_APP_ENV_MGMT_ROLE_NAME: ${self:custom.settings.envMgmtRoleName}
 REACT_APP_ENABLE_BUILT_IN_WORKSPACES: ${self:custom.settings.enableBuiltInWorkspaces}
 REACT_APP_VERSION_AND_DATE: ${self:custom.settings.versionAndDate}
+REACT_APP_SITE_ENV_TYPE: ${self:custom.settings.envType}
 
 # ========================================================================
 # Overrides for .env.local