diff --git a/server/configurations/local.yaml b/server/configurations/local.yaml
index 463e3f86da..9317081438 100644
--- a/server/configurations/local.yaml
+++ b/server/configurations/local.yaml
@@ -321,6 +321,9 @@ internal:
     # the "admin" instead of "admins". This can be useful e.g. when wishing to
     # pass the admin as an environment variable.
     admin:
+    # If set to true, users will not be able to register a new account.
+    # Account creation will fail when entering the email ott
+    disable-registration: false
 
 # Replication config
 #
diff --git a/server/pkg/controller/user/userauth.go b/server/pkg/controller/user/userauth.go
index 33f41b03d8..57deec3b35 100644
--- a/server/pkg/controller/user/userauth.go
+++ b/server/pkg/controller/user/userauth.go
@@ -362,9 +362,13 @@ func (c *UserController) onVerificationSuccess(context *gin.Context, email strin
 	userID, err := c.UserRepo.GetUserIDWithEmail(email)
 	if err != nil {
 		if errors.Is(err, sql.ErrNoRows) {
-			userID, _, err = c.createUser(email, source)
-			if err != nil {
-				return ente.EmailAuthorizationResponse{}, stacktrace.Propagate(err, "")
+			if !viper.GetBool("internal.disable-registration") {
+				userID, _, err = c.createUser(email, source)
+				if err != nil {
+					return ente.EmailAuthorizationResponse{}, stacktrace.Propagate(err, "")
+				}
+			} else {
+				return ente.EmailAuthorizationResponse{}, stacktrace.Propagate(ente.ErrPermissionDenied, "")
 			}
 		} else {
 			return ente.EmailAuthorizationResponse{}, stacktrace.Propagate(err, "")