diff --git a/.docker/selfhost/schema.json b/.docker/selfhost/schema.json
index d8356b1dc1..3b46680d17 100644
--- a/.docker/selfhost/schema.json
+++ b/.docker/selfhost/schema.json
@@ -148,6 +148,11 @@
           "description": "Whether allow new registrations.\n@default true",
           "default": true
         },
+        "allowSignupForOauth": {
+          "type": "boolean",
+          "description": "Whether allow new registrations via configured oauth.\n@default true",
+          "default": true
+        },
         "requireEmailDomainVerification": {
           "type": "boolean",
           "description": "Whether require email domain record verification before accessing restricted resources.\n@default false",
diff --git a/packages/backend/server/src/core/auth/config.ts b/packages/backend/server/src/core/auth/config.ts
index 05e5695c6f..afd5900541 100644
--- a/packages/backend/server/src/core/auth/config.ts
+++ b/packages/backend/server/src/core/auth/config.ts
@@ -8,6 +8,7 @@ export interface AuthConfig {
     ttr: number;
   };
   allowSignup: boolean;
+  allowSignupForOauth: boolean;
   requireEmailDomainVerification: boolean;
   requireEmailVerification: boolean;
   passwordRequirements: ConfigItem<{
@@ -27,6 +28,10 @@ defineModuleConfig('auth', {
     desc: 'Whether allow new registrations.',
     default: true,
   },
+  allowSignupForOauth: {
+    desc: 'Whether allow new registrations via configured oauth.',
+    default: true,
+  },
   requireEmailDomainVerification: {
     desc: 'Whether require email domain record verification before accessing restricted resources.',
     default: false,
diff --git a/packages/backend/server/src/plugins/oauth/controller.ts b/packages/backend/server/src/plugins/oauth/controller.ts
index 7738688587..eb7e909e43 100644
--- a/packages/backend/server/src/plugins/oauth/controller.ts
+++ b/packages/backend/server/src/plugins/oauth/controller.ts
@@ -224,7 +224,7 @@ export class OAuthController {
       return connectedAccount.user;
     }
 
-    if (!this.config.auth.allowSignup) {
+    if (!this.config.auth.allowSignupForOauth) {
       throw new SignUpForbidden();
     }
 
diff --git a/packages/frontend/admin/src/config.json b/packages/frontend/admin/src/config.json
index b267abd9a0..386ec175eb 100644
--- a/packages/frontend/admin/src/config.json
+++ b/packages/frontend/admin/src/config.json
@@ -63,6 +63,10 @@
       "type": "Boolean",
       "desc": "Whether allow new registrations."
     },
+    "allowSignupForOauth": {
+      "type": "Boolean",
+      "desc": "Whether allow new registrations via configured oauth."
+    },
     "requireEmailDomainVerification": {
       "type": "Boolean",
       "desc": "Whether require email domain record verification before accessing restricted resources."
diff --git a/packages/frontend/admin/src/modules/settings/config.ts b/packages/frontend/admin/src/modules/settings/config.ts
index 4c36fd93ed..815ba3248d 100644
--- a/packages/frontend/admin/src/modules/settings/config.ts
+++ b/packages/frontend/admin/src/modules/settings/config.ts
@@ -55,6 +55,7 @@ export const KNOWN_CONFIG_GROUPS = [
     module: 'auth',
     fields: [
       'allowSignup',
+      'allowSignupForOauth',
       // nested json object
       {
         key: 'passwordRequirements',