diff --git a/contributors.nix b/contributors.nix
index 95d4e59..22c28b6 100644
--- a/contributors.nix
+++ b/contributors.nix
@@ -8,6 +8,7 @@
     contact = {
       displayName = "Burrow";
       canonicalEmail = "contact@burrow.net";
+      sourceEmail = "net.burrow@gmail.com";
       isAdmin = true;
       forgeAuthorized = true;
       bootstrapAuthentik = true;
@@ -21,6 +22,7 @@
     conrad = {
       displayName = "Conrad Kramer";
       canonicalEmail = "conrad@burrow.net";
+      sourceEmail = "ckrames1234@gmail.com";
       isAdmin = true;
       forgeAuthorized = false;
       bootstrapAuthentik = true;
@@ -30,29 +32,6 @@
       ];
     };
 
-    jett = {
-      displayName = "Jett";
-      canonicalEmail = "jett@burrow.net";
-      isAdmin = true;
-      forgeAuthorized = false;
-      bootstrapAuthentik = true;
-      roles = [
-        "member"
-      ];
-    };
-
-    davnotdev = {
-      displayName = "David";
-      canonicalEmail = "davnotdev@burrow.net";
-      isAdmin = true;
-      forgeAuthorized = false;
-      bootstrapAuthentik = true;
-      roles = [
-        "member"
-        "operator"
-      ];
-    };
-
     agent = {
       displayName = "Burrow Agent";
       canonicalEmail = "agent@burrow.net";
diff --git a/nixos/hosts/burrow-forge/default.nix b/nixos/hosts/burrow-forge/default.nix
index 497d40e..bf6330f 100644
--- a/nixos/hosts/burrow-forge/default.nix
+++ b/nixos/hosts/burrow-forge/default.nix
@@ -13,6 +13,7 @@ let
         inherit username;
         name = identity.displayName;
         email = identity.canonicalEmail;
+        sourceEmail = identity.sourceEmail or null;
         isAdmin = identity.isAdmin or false;
         passwordFile = authentikPasswordSecretPath identity;
       }
@@ -84,12 +85,6 @@ in
     group = "root";
     mode = "0400";
   };
-  age.secrets.burrowAuthentikGoogleAccountMap = {
-    file = ../../../secrets/infra/authentik-google-account-map.json.age;
-    owner = "root";
-    group = "root";
-    mode = "0400";
-  };
   age.secrets.burrowAuthentikUiTestPassword = {
     file = ../../../secrets/infra/authentik-ui-test-password.age;
     owner = "root";
@@ -163,7 +158,6 @@ in
     tailscaleClientSecretFile = config.age.secrets.burrowTailscaleOidcClientSecret.path;
     googleClientIDFile = config.age.secrets.burrowAuthentikGoogleClientId.path;
     googleClientSecretFile = config.age.secrets.burrowAuthentikGoogleClientSecret.path;
-    googleAccountMapFile = config.age.secrets.burrowAuthentikGoogleAccountMap.path;
     googleLoginMode = "redirect";
     userGroupName = contributors.groups.users;
     adminGroupName = contributors.groups.admins;
diff --git a/nixos/modules/burrow-authentik.nix b/nixos/modules/burrow-authentik.nix
index 2fa83da..1616b36 100644
--- a/nixos/modules/burrow-authentik.nix
+++ b/nixos/modules/burrow-authentik.nix
@@ -180,12 +180,6 @@ in
       description = "Host-local file containing the Google OAuth client secret for the Authentik source.";
     };
 
-    googleAccountMapFile = lib.mkOption {
-      type = lib.types.nullOr lib.types.str;
-      default = null;
-      description = "Optional host-local JSON file mapping external Google accounts onto Burrow Authentik users.";
-    };
-
     googleSourceSlug = lib.mkOption {
       type = lib.types.str;
       default = "google";
@@ -483,7 +477,7 @@ EOF
         cfg.envFile
         cfg.googleClientIDFile
         cfg.googleClientSecretFile
-      ] ++ lib.optional (cfg.googleAccountMapFile != null) cfg.googleAccountMapFile;
+      ];
       path = [
         pkgs.bash
         pkgs.coreutils
@@ -507,16 +501,12 @@ EOF
         export AUTHENTIK_GOOGLE_USER_MATCHING_MODE=email_link
         export AUTHENTIK_GOOGLE_CLIENT_ID="$(tr -d '\r\n' < ${lib.escapeShellArg cfg.googleClientIDFile})"
         export AUTHENTIK_GOOGLE_CLIENT_SECRET="$(tr -d '\r\n' < ${lib.escapeShellArg cfg.googleClientSecretFile})"
-        if [ -n ${lib.escapeShellArg (cfg.googleAccountMapFile or "")} ]; then
-          export AUTHENTIK_GOOGLE_ACCOUNT_MAP_JSON="$(tr -d '\n' < ${lib.escapeShellArg (cfg.googleAccountMapFile or "/dev/null")})"
-        else
-          export AUTHENTIK_GOOGLE_ACCOUNT_MAP_JSON='${builtins.toJSON (map (user: {
-            source_email = user.sourceEmail;
-            username = user.username;
-            email = user.email;
-            name = user.name;
-          }) (lib.filter (user: user.sourceEmail != null) cfg.bootstrapUsers))}'
-        fi
+        export AUTHENTIK_GOOGLE_ACCOUNT_MAP_JSON='${builtins.toJSON (map (user: {
+          source_email = user.sourceEmail;
+          username = user.username;
+          email = user.email;
+          name = user.name;
+        }) (lib.filter (user: user.sourceEmail != null) cfg.bootstrapUsers))}'
 
         ${pkgs.bash}/bin/bash ${googleSourceSyncScript}
       '';
diff --git a/secrets.nix b/secrets.nix
index e3fd9a2..a8fb923 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -14,7 +14,6 @@ in
   "secrets/infra/authentik.env.age".publicKeys = burrowForgeRecipients;
   "secrets/infra/authentik-google-client-id.age".publicKeys = burrowForgeRecipients;
   "secrets/infra/authentik-google-client-secret.age".publicKeys = burrowForgeRecipients;
-  "secrets/infra/authentik-google-account-map.json.age".publicKeys = burrowForgeRecipients;
   "secrets/infra/authentik-ui-test-password.age".publicKeys = uiTestRecipients;
   "secrets/infra/forgejo-oidc-client-secret.age".publicKeys = burrowForgeRecipients;
   "secrets/infra/forgejo-nsc-autoscaler-config.age".publicKeys = burrowForgeRecipients;
diff --git a/secrets/infra/authentik-google-account-map.json.age b/secrets/infra/authentik-google-account-map.json.age
deleted file mode 100644
index b3cb6f8..0000000
Binary files a/secrets/infra/authentik-google-account-map.json.age and /dev/null differ