diff --git a/Gemfile.lock b/Gemfile.lock
index fe1021eb6..ac35d6015 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -832,7 +832,7 @@ DEPENDENCIES
   whenever
 
 RUBY VERSION
-   ruby 3.3.8p144
+   ruby 3.3.10p183
 
 BUNDLED WITH
    2.5.6
diff --git a/app/controllers/registrations_controller.rb b/app/controllers/registrations_controller.rb
index c2e0a71bb..05a5dab49 100644
--- a/app/controllers/registrations_controller.rb
+++ b/app/controllers/registrations_controller.rb
@@ -2,6 +2,7 @@
 
 class RegistrationsController < Devise::RegistrationsController
   prepend_before_action :check_captcha, only: [:create]
+  before_action :prevent_local_signup, only: [:create]
 
   protected
 
@@ -38,4 +39,11 @@ def check_captcha
       respond_with_navigational(resource) { render :new }
     end
   end
+
+  def prevent_local_signup
+    return unless Feature.active?(:prevent_local_signups)
+
+    redirect_to new_user_registration_path,
+                alert: 'Local sign-ups are disabled. Please use Google or Snap! to create an account.'
+  end
 end
diff --git a/app/views/devise/registrations/new.html.haml b/app/views/devise/registrations/new.html.haml
index 1215e5de7..990f4fd6b 100644
--- a/app/views/devise/registrations/new.html.haml
+++ b/app/views/devise/registrations/new.html.haml
@@ -6,8 +6,17 @@
           %h3.panel-title
             Sign Up
         .panel-body
-          = form_for(resource, as: resource_name, url: registration_path(resource_name)) do |f|
-            = render partial: 'form_fields', locals: { f: f }
-
-          = render partial: 'devise/shared/openid'
+          - if Feature.active?(:prevent_local_signups)
+            %p.text-center
+              Create your account using one of the following services:
+            = render partial: 'devise/shared/sso_buttons'
+            %hr
+            %p.text-muted.text-center
+              %small
+                Already have a local account?
+                = link_to 'Sign in here', new_user_session_path
+          - else
+            = form_for(resource, as: resource_name, url: registration_path(resource_name)) do |f|
+              = render partial: 'form_fields', locals: { f: f }
+            = render partial: 'devise/shared/openid'
           = render partial: 'devise/shared/help'
diff --git a/app/views/devise/sessions/new.html.haml b/app/views/devise/sessions/new.html.haml
index f2f637d1f..34b320525 100644
--- a/app/views/devise/sessions/new.html.haml
+++ b/app/views/devise/sessions/new.html.haml
@@ -6,7 +6,20 @@
           %h3.panel-title
             Sign In
         .panel-body
-          = form_for(resource, as: resource_name, url: session_path(resource_name)) do |f|
-            = render partial: 'form_fields', locals: { f: f }
-          = render partial: 'devise/shared/openid'
+          - if Feature.active?(:prevent_local_signups)
+            = render partial: 'devise/shared/sso_buttons'
+            .row
+              .col-md-4
+                %hr
+              .col-md-4
+                %h4.text-center
+                  or sign in with password
+              .col-md-4
+                %hr
+            = form_for(resource, as: resource_name, url: session_path(resource_name)) do |f|
+              = render partial: 'form_fields', locals: { f: f }
+          - else
+            = form_for(resource, as: resource_name, url: session_path(resource_name)) do |f|
+              = render partial: 'form_fields', locals: { f: f }
+            = render partial: 'devise/shared/openid'
           = render partial: 'devise/shared/help'
diff --git a/app/views/devise/shared/_sso_buttons.html.haml b/app/views/devise/shared/_sso_buttons.html.haml
new file mode 100644
index 000000000..a62aa4763
--- /dev/null
+++ b/app/views/devise/shared/_sso_buttons.html.haml
@@ -0,0 +1,16 @@
+- sso_providers = omniauth_configured.select { |p| [:google, :discourse].include?(p) }
+- unless sso_providers.empty?
+  .sso-buttons
+    - if sso_providers.include?(:google)
+      = button_to user_google_omniauth_authorize_path, class: 'btn btn-default btn-lg btn-block sso-btn' do
+        %i.fa-brands.fa-google
+        Sign in with Google
+    - if sso_providers.include?(:discourse)
+      = button_to user_discourse_omniauth_authorize_path, class: 'btn btn-default btn-lg btn-block sso-btn' do
+        %span
+          Sign in with Snap
+          %em> !
+      %p.text-muted.text-center
+        %small
+          If you are not currently logged into Snap! or the Snap! Forums, you will need to log in
+          twice when using your Snap! account.
diff --git a/config/initializers/feature.rb b/config/initializers/feature.rb
index dc374eb2c..46b7f7b0d 100644
--- a/config/initializers/feature.rb
+++ b/config/initializers/feature.rb
@@ -4,5 +4,6 @@
 
 # configure features here
 repo.add_active_feature :recaptcha unless ENV['RECAPTCHA_SITE_KEY'].blank? || ENV['RECAPTCHA_SECRET_KEY'].blank?
+repo.add_active_feature :prevent_local_signups if ENV['PREVENT_NEW_LOCAL_PASSWORDS'].present?
 
 Feature.set_repository repo
diff --git a/dotenv.example b/dotenv.example
index 372800ec9..ca3a6759c 100644
--- a/dotenv.example
+++ b/dotenv.example
@@ -102,6 +102,10 @@
 # RECAPTCHA_SITE_KEY=1234
 # RECAPTCHA_SECRET_KEY=5678
 
+# Prevent new local password sign-ups (force SSO via Google/Snap!)
+# Set to any value to enable
+# PREVENT_NEW_LOCAL_PASSWORDS=true
+
 # The Conference#short_title to redirect the root URL to
 # OSEM_ROOT_CONFERENCE=osc18