diff --git a/app/(dashboard)/proxy-hosts/actions.ts b/app/(dashboard)/proxy-hosts/actions.ts
index bc438b06..3ffeaa59 100644
--- a/app/(dashboard)/proxy-hosts/actions.ts
+++ b/app/(dashboard)/proxy-hosts/actions.ts
@@ -129,7 +129,7 @@ async function validateAndSanitizeCertificateId(
   return { certificateId };
 }
 
-function parseAuthentikConfig(formData: FormData): ProxyHostAuthentikInput | undefined {
+function parseAuthentikConfig(formData: FormData): ProxyHostAuthentikInput | null | undefined {
   if (!formData.has("authentik_present")) {
     return undefined;
   }
@@ -140,6 +140,11 @@ function parseAuthentikConfig(formData: FormData): ProxyHostAuthentikInput | und
       ? parseCheckbox(formData.get("authentik_enabled"))
       : false
     : undefined;
+
+  if (enabledIndicator && enabledValue === false) {
+    return null;
+  }
+
   const outpostDomain = parseOptionalText(formData.get("authentik_outpost_domain"));
   const outpostUpstream = parseOptionalText(formData.get("authentik_outpost_upstream"));
   const authEndpoint = parseOptionalText(formData.get("authentik_auth_endpoint"));
diff --git a/src/lib/models/proxy-hosts.ts b/src/lib/models/proxy-hosts.ts
index b8b1470d..b44792bb 100644
--- a/src/lib/models/proxy-hosts.ts
+++ b/src/lib/models/proxy-hosts.ts
@@ -587,6 +587,9 @@ function normalizeAuthentikInput(
   if (input === null) {
     return undefined;
   }
+  if (input.enabled === false) {
+    return undefined;
+  }
 
   const next: ProxyHostAuthentikMeta = { ...(existing ?? {}) };