diff --git a/services/web/app/src/infrastructure/Features.mjs b/services/web/app/src/infrastructure/Features.mjs
index a26705f880..99e6a82c9a 100644
--- a/services/web/app/src/infrastructure/Features.mjs
+++ b/services/web/app/src/infrastructure/Features.mjs
@@ -53,7 +53,7 @@ const Features = {
       case 'registration-page':
         return (
           !Features.externalAuthenticationSystemUsed() ||
-          Boolean(Settings.overleaf)
+          Boolean(Settings.overleaf) || Settings.oidc?.disableJITAccountCreation
         )
       case 'registration':
         return Boolean(Settings.overleaf)
diff --git a/services/web/modules/authentication/oidc/app/src/OIDCAuthenticationController.mjs b/services/web/modules/authentication/oidc/app/src/OIDCAuthenticationController.mjs
index 0b8dc501e0..f8bbd32c29 100644
--- a/services/web/modules/authentication/oidc/app/src/OIDCAuthenticationController.mjs
+++ b/services/web/modules/authentication/oidc/app/src/OIDCAuthenticationController.mjs
@@ -42,7 +42,8 @@ const OIDCAuthenticationController = {
           }
         } else {
           if (info.redir != null) {
-            return res.json({ redir: info.redir })
+            await UserController.doLogout(req)
+            return res.redirect(info.redir)
           } else {
             res.status(info.status || 401)
             delete info.status
@@ -95,20 +96,19 @@ const OIDCAuthenticationController = {
         info: {
           type: 'error',
           text: error.message,
-          status: 401,
+          status: 500,
         },
       }
     }
     if (user) {
       return { user, info: undefined }
-    } else { // we cannot be here, something is terribly wrong
-      logger.debug({ email : profile.emails[0].value }, 'failed OIDC log in')
+    } else { // user account is not created
+      logger.debug({ email : profile.emails[0].value }, 'OIDC users JIT account creation is off')
       return {
         user: false,
         info: {
-          type: 'error',
-          text: 'Unknown error',
-          status: 500,
+          redir: '/register',
+          status: 401,
         },
       }
     }
diff --git a/services/web/modules/authentication/oidc/app/src/OIDCAuthenticationManager.mjs b/services/web/modules/authentication/oidc/app/src/OIDCAuthenticationManager.mjs
index 5295ce63d0..3082558e39 100644
--- a/services/web/modules/authentication/oidc/app/src/OIDCAuthenticationManager.mjs
+++ b/services/web/modules/authentication/oidc/app/src/OIDCAuthenticationManager.mjs
@@ -37,6 +37,9 @@ const OIDCAuthenticationManager = {
 // (Is it safe? Concider: If an account from the specified provider is already linked to this user, throw an error)
       user = await User.findOne({ 'email': email }).exec()
       if (!user) {
+        if (Settings.oidc.disableJITAccountCreation) {
+          return null
+        }
         user = await UserCreator.promises.createNewUser(
           {
             email: email,
diff --git a/services/web/modules/authentication/oidc/app/src/OIDCModuleManager.mjs b/services/web/modules/authentication/oidc/app/src/OIDCModuleManager.mjs
index ec734ced19..debb5c8c5d 100644
--- a/services/web/modules/authentication/oidc/app/src/OIDCModuleManager.mjs
+++ b/services/web/modules/authentication/oidc/app/src/OIDCModuleManager.mjs
@@ -17,6 +17,7 @@ const OIDCModuleManager = {
       attAdmin:     process.env.OVERLEAF_OIDC_IS_ADMIN_FIELD,
       valAdmin:     process.env.OVERLEAF_OIDC_IS_ADMIN_FIELD_VALUE,
       updateUserDetailsOnLogin: boolFromEnv(process.env.OVERLEAF_OIDC_UPDATE_USER_DETAILS_ON_LOGIN),
+      disableJITAccountCreation: boolFromEnv(process.env.OVERLEAF_OIDC_DISABLE_JIT_ACCOUNT_CREATION),
     }
   },
   passportSetup(passport, callback) {