diff --git a/src/applications/auth/controller/config/PhabricatorAuthEditController.php b/src/applications/auth/controller/config/PhabricatorAuthEditController.php
--- a/src/applications/auth/controller/config/PhabricatorAuthEditController.php
+++ b/src/applications/auth/controller/config/PhabricatorAuthEditController.php
@@ -79,6 +79,7 @@
 
     $errors = array();
 
+    $v_login = $config->getShouldAllowLogin();
     $v_registration = $config->getShouldAllowRegistration();
     $v_link = $config->getShouldAllowLink();
     $v_unlink = $config->getShouldAllowUnlink();
@@ -106,6 +107,11 @@
 
         $xactions[] = id(new PhabricatorAuthProviderConfigTransaction())
           ->setTransactionType(
+            PhabricatorAuthProviderConfigTransaction::TYPE_LOGIN)
+          ->setNewValue($request->getInt('allowLogin', 0));
+
+        $xactions[] = id(new PhabricatorAuthProviderConfigTransaction())
+          ->setTransactionType(
             PhabricatorAuthProviderConfigTransaction::TYPE_REGISTRATION)
           ->setNewValue($request->getInt('allowRegistration', 0));
 
@@ -199,6 +205,14 @@
         $config_name);
     }
 
+    $str_login = array(
+      phutil_tag('strong', array(), pht('Allow Login:')),
+      ' ',
+      pht(
+        'Allow users to log in using this provider. If you disable login, '.
+        'users can still use account integrations for this provider.'),
+    );
+
     $str_registration = array(
       phutil_tag('strong', array(), pht('Allow Registration:')),
       ' ',
@@ -269,6 +283,13 @@
         id(new AphrontFormCheckboxControl())
           ->setLabel(pht('Allow'))
           ->addCheckbox(
+            'allowLogin',
+            1,
+            $str_login,
+            $v_login))
+      ->appendChild(
+        id(new AphrontFormCheckboxControl())
+          ->addCheckbox(
             'allowRegistration',
             1,
             $str_registration,
diff --git a/src/applications/auth/editor/PhabricatorAuthProviderConfigEditor.php b/src/applications/auth/editor/PhabricatorAuthProviderConfigEditor.php
--- a/src/applications/auth/editor/PhabricatorAuthProviderConfigEditor.php
+++ b/src/applications/auth/editor/PhabricatorAuthProviderConfigEditor.php
@@ -15,6 +15,7 @@
     $types = parent::getTransactionTypes();
 
     $types[] = PhabricatorAuthProviderConfigTransaction::TYPE_ENABLE;
+    $types[] = PhabricatorAuthProviderConfigTransaction::TYPE_LOGIN;
     $types[] = PhabricatorAuthProviderConfigTransaction::TYPE_REGISTRATION;
     $types[] = PhabricatorAuthProviderConfigTransaction::TYPE_LINK;
     $types[] = PhabricatorAuthProviderConfigTransaction::TYPE_UNLINK;
@@ -36,6 +37,8 @@
         } else {
           return (int)$object->getIsEnabled();
         }
+      case PhabricatorAuthProviderConfigTransaction::TYPE_LOGIN:
+        return (int)$object->getShouldAllowLogin();
       case PhabricatorAuthProviderConfigTransaction::TYPE_REGISTRATION:
         return (int)$object->getShouldAllowRegistration();
       case PhabricatorAuthProviderConfigTransaction::TYPE_LINK:
@@ -59,6 +62,7 @@
 
     switch ($xaction->getTransactionType()) {
       case PhabricatorAuthProviderConfigTransaction::TYPE_ENABLE:
+      case PhabricatorAuthProviderConfigTransaction::TYPE_LOGIN:
       case PhabricatorAuthProviderConfigTransaction::TYPE_REGISTRATION:
       case PhabricatorAuthProviderConfigTransaction::TYPE_LINK:
       case PhabricatorAuthProviderConfigTransaction::TYPE_UNLINK:
@@ -76,6 +80,8 @@
     switch ($xaction->getTransactionType()) {
       case PhabricatorAuthProviderConfigTransaction::TYPE_ENABLE:
         return $object->setIsEnabled($v);
+      case PhabricatorAuthProviderConfigTransaction::TYPE_LOGIN:
+        return $object->setShouldAllowLogin($v);
       case PhabricatorAuthProviderConfigTransaction::TYPE_REGISTRATION:
         return $object->setShouldAllowRegistration($v);
       case PhabricatorAuthProviderConfigTransaction::TYPE_LINK:
@@ -106,6 +112,7 @@
     $type = $u->getTransactionType();
     switch ($type) {
       case PhabricatorAuthProviderConfigTransaction::TYPE_ENABLE:
+      case PhabricatorAuthProviderConfigTransaction::TYPE_LOGIN:
       case PhabricatorAuthProviderConfigTransaction::TYPE_REGISTRATION:
       case PhabricatorAuthProviderConfigTransaction::TYPE_LINK:
       case PhabricatorAuthProviderConfigTransaction::TYPE_UNLINK:
diff --git a/src/applications/auth/provider/PhabricatorAuthProvider.php b/src/applications/auth/provider/PhabricatorAuthProvider.php
--- a/src/applications/auth/provider/PhabricatorAuthProvider.php
+++ b/src/applications/auth/provider/PhabricatorAuthProvider.php
@@ -121,6 +121,10 @@
   }
 
   public function shouldAllowRegistration() {
+    if (!$this->shouldAllowLogin()) {
+      return false;
+    }
+
     return $this->getProviderConfig()->getShouldAllowRegistration();
   }
 
diff --git a/src/applications/auth/storage/PhabricatorAuthProviderConfigTransaction.php b/src/applications/auth/storage/PhabricatorAuthProviderConfigTransaction.php
--- a/src/applications/auth/storage/PhabricatorAuthProviderConfigTransaction.php
+++ b/src/applications/auth/storage/PhabricatorAuthProviderConfigTransaction.php
@@ -4,6 +4,7 @@
   extends PhabricatorApplicationTransaction {
 
   const TYPE_ENABLE         = 'config:enable';
+  const TYPE_LOGIN          = 'config:login';
   const TYPE_REGISTRATION   = 'config:registration';
   const TYPE_LINK           = 'config:link';
   const TYPE_UNLINK         = 'config:unlink';
@@ -90,6 +91,17 @@
             $this->renderHandleLink($author_phid));
         }
         break;
+      case self::TYPE_LOGIN:
+        if ($new) {
+          return pht(
+            '%s enabled login.',
+            $this->renderHandleLink($author_phid));
+        } else {
+          return pht(
+            '%s disabled login.',
+            $this->renderHandleLink($author_phid));
+        }
+        break;
       case self::TYPE_REGISTRATION:
         if ($new) {
           return pht(