diff --git a/Changelog.md b/Changelog.md
index 577e1d24..495bb8b8 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -1,6 +1,7 @@
 # Changelog
 
 **latest**
+- added OAUTH_BLOCK_AUTO_CREATED_USERS configuration option
 - added OAUTH_ALLOW_SSO configuration option
 - added github oauth configuration support
 - added twitter oauth configuration support
diff --git a/README.md b/README.md
index 76c064fe..00e79197 100644
--- a/README.md
+++ b/README.md
@@ -733,6 +733,7 @@ Below is the complete list of available options that can be used to customize yo
 - **LDAP_BASE**: Base where we can search for users. No default.
 - **LDAP_USER_FILTER**: Filter LDAP users. No default.
 - **OAUTH_ALLOW_SSO**: This allows users to login without having a user account first. User accounts will be created automatically when authentication was successful. Defaults to false.
+- **OAUTH_BLOCK_AUTO_CREATED_USERS**: Locks down those users until they have been cleared by the admin. Defaults to true.
 - **OAUTH_GOOGLE_API_KEY**: Google App Client ID. No defaults.
 - **OAUTH_GOOGLE_APP_SECRET**: Google App Client Secret. No defaults.
 - **OAUTH_TWITTER_API_KEY**: Twitter App API key. No defaults.
diff --git a/assets/config/gitlabhq/gitlab.yml b/assets/config/gitlabhq/gitlab.yml
index 18850e2f..0a90c179 100644
--- a/assets/config/gitlabhq/gitlab.yml
+++ b/assets/config/gitlabhq/gitlab.yml
@@ -168,7 +168,7 @@ production: &base
     # User accounts will be created automatically when authentication was successful.
     allow_single_sign_on: {{OAUTH_ALLOW_SSO}}
     # Locks down those users until they have been cleared by the admin (default: true).
-    block_auto_created_users: true
+    block_auto_created_users: {{OAUTH_BLOCK_AUTO_CREATED_USERS}}
 
     ## Auth providers
     # Uncomment the following lines and fill in the data of the auth provider you want to use
diff --git a/assets/init b/assets/init
index 321dec02..475c383b 100755
--- a/assets/init
+++ b/assets/init
@@ -73,6 +73,7 @@ REDMINE_URL=${REDMINE_URL:-}
 JIRA_URL=${JIRA_URL:-}
 
 OAUTH_ALLOW_SSO=${OAUTH_ALLOW_SSO:-false}
+OAUTH_BLOCK_AUTO_CREATED_USERS=${OAUTH_BLOCK_AUTO_CREATED_USERS:-true}
 
 OAUTH_GOOGLE_API_KEY=${OAUTH_GOOGLE_API_KEY:-}
 OAUTH_GOOGLE_APP_SECRET=${OAUTH_GOOGLE_APP_SECRET:-}
@@ -466,6 +467,7 @@ fi
 OAUTH_ENABLED=${OAUTH_ENABLED:-false}
 sudo -u git -H sed 's/{{OAUTH_ENABLED}}/'"${OAUTH_ENABLED}"'/' -i /home/git/gitlab/config/gitlab.yml
 sudo -u git -H sed 's/{{OAUTH_ALLOW_SSO}}/'"${OAUTH_ALLOW_SSO}"'/' -i /home/git/gitlab/config/gitlab.yml
+sudo -u git -H sed 's/{{OAUTH_BLOCK_AUTO_CREATED_USERS}}/'"${OAUTH_BLOCK_AUTO_CREATED_USERS}"'/' -i /home/git/gitlab/config/gitlab.yml
 
 # configure relative_url_root
 if [ ${GITLAB_RELATIVE_URL_ROOT} ]; then