diff --git a/README.md b/README.md
index f4888b6..e9cf3c2 100644
--- a/README.md
+++ b/README.md
@@ -78,7 +78,9 @@ $ docker run -d \
 First of all, you can get most tasks done through the web UI, available at http://localhost:3000.
 
 ### 1. Define a user
-To get started with MailWhale, you need to create a **user** first. Currently, this is done through hard-coded config (see `seed_users` in [config.default.yml](config.default.yml)). Later on, once we have a web UI, there will be a way to easily sign up new users at runtime. 
+To get started with MailWhale, you need to create a **user** first.
+To do so, you can either let the application initialize a default user by supplying `security.seed_users` in [config.default.yml](config.default.yml)).
+Alternatively, you can also register new users at runtime via API or web UI. `security.allow_signup` needs to be set to `true`. 
 
 ### 2. Create an API client
 It is good practice to not authenticate against the API as a user directly. Instead, create an **API client** with limited privileges, that could easily be revoked in the future. A client is identified by a **client ID** and a **client secret** (or token), very similar to what you might already be familiar with from AWS APIs. Usually, such a client corresponds to an individual client application of yours, which wants to access MailWhale's API. 
@@ -163,7 +165,7 @@ You can specify configuration options either via a config file (`config.yml`) or
 | `mail.domain`                   | `MW_MAIL_DOMAIN`    | -                 | Default domain for sending mails |
 | `mail.spf_check`                | `MW_MAIL_SPF_CHECK` | `false`           | Whether to validate sender address domains' SPF records |
 | `web.listen_v4`                 | `MW_WEB_LISTEN_V4`  | `127.0.0.1:3000`  | IP and port for the web server to listen on |
-| `web.cors_origin`               | -         | [`http://localhost:5000`]   | List of URLs which to accept CORS requests for |
+| `web.cors_origin`               | -                   | [`http://localhost:5000`] | List of URLs which to accept CORS requests for |
 | `smtp.host`                     | `MW_SMTP_HOST`      | -                 | SMTP relay host name or IP |
 | `smtp.port`                     | `MW_SMTP_PORT`      | -                 | SMTP relay port |
 | `smtp.username`                 | `MW_SMTP_USER`      | -                 | SMTP relay authentication user name |
@@ -171,6 +173,7 @@ You can specify configuration options either via a config file (`config.yml`) or
 | `smtp.tls`                      | `MW_SMTP_TLS`       | `false`           | Whether to require full TLS (not to be confused with STARTTLS) for the SMTP relay |
 | `store.path`                    | `MW_STORE_PATH`     | `./data.gob.db`   | Target location of the database file |
 | `security.pepper`               | `MW_SECURITY_PEPPER`| -                 | Pepper to use for hashing user passwords |
+| `security.allow_signup`         | `MW_SECURITY_ALLOW_SIGNUP` | `false`    | Whether to allow the registration of new users |
 | `security.seed_users`           | -                   | -                 | List of users to initially populate the database with (see above) |
 
 ### SPF Check
diff --git a/config.default.yml b/config.default.yml
index 183a043..b5488f2 100644
--- a/config.default.yml
+++ b/config.default.yml
@@ -20,7 +20,8 @@ store:
   path: 'data.gob.db'
 
 security:
-  pepper: 'sshhh'
+  pepper: 'sshhh'                     # Change this!
+  allow_signup: false
   seed_users:
     - email: 'admin@local.host'
-      password: 'admin'
\ No newline at end of file
+      password: 'admin'               # Change this!
\ No newline at end of file
diff --git a/config/config.go b/config/config.go
index dbbd8e1..dc744fd 100644
--- a/config/config.go
+++ b/config/config.go
@@ -47,8 +47,9 @@ type storeConfig struct {
 }
 
 type securityConfig struct {
-	Pepper    string               `env:"MW_SECURITY_PEPPER"`
-	SeedUsers []EmailPasswordTuple `yaml:"seed_users"`
+	Pepper      string               `env:"MW_SECURITY_PEPPER"`
+	AllowSignup bool                 `env:"MW_SECURITY_ALLOW_SIGNUP" yaml:"allow_signup"`
+	SeedUsers   []EmailPasswordTuple `yaml:"seed_users"`
 }
 
 type Config struct {
diff --git a/main.go b/main.go
index bc63707..3f8f4b7 100644
--- a/main.go
+++ b/main.go
@@ -65,6 +65,7 @@ func main() {
 	api.NewHealthHandler().Register(router)
 	api.NewMailHandler().Register(router)
 	api.NewClientHandler().Register(router)
+	api.NewUserHandler().Register(router)
 	api.NewTemplateHandler().Register(router)
 
 	handler := corsHandler.Handler(router)
diff --git a/types/client.go b/types/client.go
index d472717..b3862ed 100644
--- a/types/client.go
+++ b/types/client.go
@@ -13,6 +13,7 @@ import (
 const (
 	PermissionSendMail       = "send_mail"
 	PermissionManageClient   = "manage_client"
+	PermissionManageUser     = "manage_user"
 	PermissionManageTemplate = "manage_template"
 )
 
@@ -20,6 +21,7 @@ func AllPermissions() []string {
 	return []string{
 		PermissionSendMail,
 		PermissionManageClient,
+		PermissionManageUser,
 		PermissionManageTemplate,
 	}
 }
diff --git a/version.txt b/version.txt
index d5cc44d..8adc70f 100644
--- a/version.txt
+++ b/version.txt
@@ -1 +1 @@
-0.7.2
\ No newline at end of file
+0.8.0
\ No newline at end of file
diff --git a/web/routes/api/user.go b/web/routes/api/user.go
new file mode 100644
index 0000000..ff146ea
--- /dev/null
+++ b/web/routes/api/user.go
@@ -0,0 +1,92 @@
+package api
+
+import (
+	"encoding/json"
+	"errors"
+	"github.com/gorilla/mux"
+	conf "github.com/muety/mailwhale/config"
+	"github.com/muety/mailwhale/service"
+	"github.com/muety/mailwhale/types"
+	"github.com/muety/mailwhale/util"
+	"github.com/muety/mailwhale/web/handlers"
+	"net/http"
+)
+
+const routeUser = "/api/user"
+
+type UserHandler struct {
+	config        *conf.Config
+	clientService *service.ClientService
+	userService   *service.UserService
+}
+
+func NewUserHandler() *UserHandler {
+	return &UserHandler{
+		config:        conf.Get(),
+		clientService: service.NewClientService(),
+		userService:   service.NewUserService(),
+	}
+}
+
+func (h *UserHandler) Register(router *mux.Router) {
+	r := router.PathPrefix(routeUser).Subrouter()
+	r.Path("").Methods(http.MethodPost).HandlerFunc(h.post)
+
+	auth := handlers.NewAuthMiddleware(h.clientService, h.userService, []string{types.PermissionManageUser})
+	r2 := r.PathPrefix("").Subrouter()
+	r2.Use(auth)
+
+	r2.Path("/{id}").Methods(http.MethodPut).HandlerFunc(h.update)
+}
+
+func (h *UserHandler) post(w http.ResponseWriter, r *http.Request) {
+	if !h.config.Security.AllowSignup {
+		util.RespondErrorMessage(w, r, http.StatusMethodNotAllowed, errors.New("user registration is disabled on this server"))
+		return
+	}
+
+	var payload types.Signup
+	if err := json.NewDecoder(r.Body).Decode(&payload); err != nil {
+		util.RespondError(w, r, http.StatusBadRequest, err)
+		return
+	}
+
+	user, err := h.userService.Create(&payload)
+	if err != nil {
+		util.RespondError(w, r, http.StatusBadRequest, err)
+		return
+	}
+
+	util.RespondJson(w, http.StatusCreated, user)
+}
+
+func (h *UserHandler) update(w http.ResponseWriter, r *http.Request) {
+	reqClient := r.Context().Value(conf.KeyClient).(*types.Client)
+
+	var payload types.Signup
+	if err := json.NewDecoder(r.Body).Decode(&payload); err != nil {
+		util.RespondError(w, r, http.StatusBadRequest, err)
+		return
+	}
+
+	if payload.Email != reqClient.UserId {
+		util.RespondEmpty(w, r, http.StatusForbidden)
+		return
+	}
+
+	user, err := h.userService.GetById(reqClient.UserId)
+	if err != nil {
+		util.RespondError(w, r, http.StatusNotFound, err)
+		return
+	}
+
+	user.Password = payload.Password
+
+	user, err = h.userService.Update(user)
+	if err != nil {
+		util.RespondError(w, r, http.StatusInternalServerError, err)
+		return
+	}
+
+	util.RespondJson(w, http.StatusOK, user)
+}
diff --git a/webui/src/App.svelte b/webui/src/App.svelte
index bebf660..f3e7c9f 100644
--- a/webui/src/App.svelte
+++ b/webui/src/App.svelte
@@ -1,6 +1,7 @@
 <script>
   import router from 'page'
   import Home from './views/Home.svelte'
+  import Signup from './views/Signup.svelte'
   import Clients from './views/Clients.svelte'
   import Mails from './views/Mails.svelte';
   import Templates from './views/Templates.svelte';
@@ -18,6 +19,7 @@
 
   router('/', () => (page = Home))
   router('/login', () => (page = Home))
+  router('/signup', () => (page = Signup))
   router('/clients', () => (page = Clients))
   router('/mails', () => (page = Mails))
   router('/templates', () => (page = Templates))
@@ -38,6 +40,6 @@
   @tailwind utilities;
 </style>
 
-<div id="app-container" class="container mx-auto flex flex-col flex-grow">
+<div id="app-container" class="container flex flex-col flex-grow mx-auto">
   <svelte:component this={page} />
 </div>
diff --git a/webui/src/api/users.js b/webui/src/api/users.js
new file mode 100644
index 0000000..157f981
--- /dev/null
+++ b/webui/src/api/users.js
@@ -0,0 +1,11 @@
+import { request } from './api'
+
+async function createUser(signup) {
+    return (await request('/user', signup, { method: 'POST' })).data
+}
+
+async function updateUser(id, signup) {
+    return (await request(`/user/${id}`, signup, { method: 'PUT' })).data
+}
+
+export { createUser, updateUser }
\ No newline at end of file
diff --git a/webui/src/components/AccountIndicator.svelte b/webui/src/components/AccountIndicator.svelte
index df23a2d..74f7937 100644
--- a/webui/src/components/AccountIndicator.svelte
+++ b/webui/src/components/AccountIndicator.svelte
@@ -10,16 +10,20 @@
   export let currentUser
 </script>
 
-<div class="flex space-x-2 items-center h-full">
+<div class="flex items-center h-full space-x-2">
   {#if currentUser}
-    <span class="text-sm flex items-center"><span class="material-icons mr-1">person</span> {currentUser}</span>
+    <span class="flex items-center text-sm"><span class="mr-1 material-icons">person</span> {currentUser}</span>
     <span>|</span>
     <a
-      class="text-sm text-primary hover:text-primary-dark cursor-pointer"
+      class="text-sm cursor-pointer text-primary hover:text-primary-dark"
       on:click={logout}>Logout</a>
   {:else}
-    <a
+  <a
+    href="/signup"
+    class="font-semibold text-primary hover:text-primary-dark">Sign Up</a>  
+  <span>&nbsp;|&nbsp;</span>
+  <a
       href="/login"
-      class="text-primary hover:text-primary-dark font-semibold">Login</a>
+      class="font-semibold text-primary hover:text-primary-dark">Login</a>
   {/if}
 </div>
diff --git a/webui/src/components/SignupForm.svelte b/webui/src/components/SignupForm.svelte
new file mode 100644
index 0000000..82cf7d6
--- /dev/null
+++ b/webui/src/components/SignupForm.svelte
@@ -0,0 +1,60 @@
+<script>
+    import { createEventDispatcher } from 'svelte';
+    import { errors } from '../stores/alerts'
+    
+    const dispatch = createEventDispatcher()
+
+    let username, password, passwordRepeat;
+
+    function signup() {
+        if (!username || !password || !passwordRepeat) return
+
+        if (password !== passwordRepeat) {
+            return errors.spawn('Passwords do not match')
+        }
+
+        dispatch('signup', { username, password })
+    }
+</script>
+
+<form class="flex flex-col w-full p-4 space-y-4" on:submit|preventDefault="{signup}">
+    <div class="flex flex-col w-full space-y-1">
+        <label for="email-input">E-Mail</label>
+        <input
+            type="email"
+            class="p-2 border-2 rounded-md border-primary"
+            name="email-input"
+            placeholder="john.doe@example.org"
+            required
+            bind:value={username} />
+    </div>
+
+    <div class="flex flex-col w-full space-y-1">
+        <label for="password-input">Password</label>
+        <input
+            type="password"
+            class="p-2 border-2 rounded-md border-primary"
+            name="password-input"
+            placeholder="********"
+            required
+            bind:value={password} />
+    </div>
+
+    <div class="flex flex-col w-full space-y-1">
+        <label for="password-input">Password (repeat)</label>
+        <input
+            type="password"
+            class="p-2 border-2 rounded-md border-primary"
+            name="password-repeat-input"
+            placeholder="********"
+            required
+            bind:value={passwordRepeat} />
+    </div>
+
+    <div class="flex justify-between py-2">
+        <div />
+        <button
+            type="submit"
+            class="px-4 py-2 text-white rounded-md bg-primary hover:bg-primary-dark">Sign Up</button>
+    </div>
+</form>
diff --git a/webui/src/layouts/Main.svelte b/webui/src/layouts/Main.svelte
index 33e9cc3..a91e274 100644
--- a/webui/src/layouts/Main.svelte
+++ b/webui/src/layouts/Main.svelte
@@ -11,13 +11,13 @@
   }
 </script>
 
-<div id="app-container" class="container mx-auto my-8 flex flex-col flex-grow">
+<div id="app-container" class="container flex flex-col flex-grow mx-auto my-8">
   <div
     id="alert-container"
-    class="w-full absolute inset-x-0 top-0 py-8 flex justify-center space-y-2 flex-col items-center">
+    class="absolute inset-x-0 top-0 flex flex-col items-center justify-center w-full py-8 space-y-2">
     {#each $errors as m}
       <div
-        class="flex space-x-2 mt-4 bg-red-500 px-4 py-2 rounded text-white text-sm"
+        class="flex px-4 py-2 mt-4 space-x-2 text-sm text-white bg-red-500 rounded"
         transition:slide>
         <span class="material-icons">warning</span>
         <span>{m}</span>
@@ -25,7 +25,7 @@
     {/each}
     {#each $infos as m}
       <div
-        class="flex space-x-2 mt-4 bg-primary px-4 py-2 rounded text-white text-sm"
+        class="flex px-4 py-2 mt-4 space-x-2 text-sm text-white rounded bg-primary"
         transition:slide>
         <span class="material-icons">info</span>
         <span>{m}</span>
@@ -33,7 +33,7 @@
     {/each}
     {#each $successes as e}
       <div
-        class="flex space-x-2 mt-4 bg-green-500 px-4 py-2 rounded text-white text-sm"
+        class="flex px-4 py-2 mt-4 space-x-2 text-sm text-white bg-green-500 rounded"
         transition:slide>
         <span class="material-icons">check_circle</span>
         <span>{e}</span>
@@ -41,20 +41,20 @@
     {/each}
   </div>
 
-  <header class="flex w-full justify-between">
-    <div id="logo-container" class="flex space-x-4 items-center">
+  <header class="flex justify-between w-full">
+    <a id="logo-container" href="/" class="flex items-center space-x-4">
       <img src="images/logo.svg" alt="Logo" style="max-height: 60px;" />
       <div class="flex">
-        <span class="text-primary text-xl font-semibold">Mail</span>
+        <span class="text-xl font-semibold text-primary">Mail</span>
         <span class="text-xl font-semibold">Whale</span>
       </div>
-    </div>
+    </a>
     <div>
       <AccountIndicator currentUser={$user} on:logout={logout} />
     </div>
   </header>
 
-  <main class="mt-24 flex-grow">
+  <main class="flex-grow mt-24">
     <slot name="content" />
   </main>
 
diff --git a/webui/src/views/Clients.svelte b/webui/src/views/Clients.svelte
index 7262bfd..408a9a6 100644
--- a/webui/src/views/Clients.svelte
+++ b/webui/src/views/Clients.svelte
@@ -6,7 +6,7 @@
   import Modal from '../components/Modal.svelte'
   import { getClients, createClient, deleteClient } from '../api/clients'
 
-  const availablePermissions = ['send_mail', 'manage_client', 'manage_template']
+  const availablePermissions = ['send_mail', 'manage_client', 'manage_user', 'manage_template']
 
   let clients = []
 
@@ -81,11 +81,11 @@
     <div class="w-1/4">
       <Navigation />
     </div>
-    <div class="flex flex-col px-12 w-full w-3/4">
+    <div class="flex flex-col w-3/4 w-full px-12">
       <div class="flex justify-between mb-8">
         <h1 class="text-2xl font-semibold">Manage API Clients</h1>
         <button
-          class="flex items-center px-4 py-2 bg-primary text-white rounded hover:bg-primary-dark"
+          class="flex items-center px-4 py-2 text-white rounded bg-primary hover:bg-primary-dark"
           on:click|stopPropagation={(e) => (newClientModal = true)}><span
             class="material-icons">add</span>
           Create</button>
@@ -101,7 +101,7 @@
 
       {#if newClient.api_key}
         <div
-          class="flex flex-col space-y-2 mt-4 mb-12 bg-primary px-4 py-2 w-full rounded text-white text-sm">
+          class="flex flex-col w-full px-4 py-2 mt-4 mb-12 space-y-2 text-sm text-white rounded bg-primary">
           <div>
             <span class="font-semibold">Success!</span>
             <span>A new client was created. Here is your client secret (aka. API
@@ -119,7 +119,7 @@
               <div class="info">
                 <span class="text-sm font-semibold">#{i + 1}</span>
                 <span
-                  class="font-mono text-sm bg-gray-100 p-1 rounded"
+                  class="p-1 font-mono text-sm bg-gray-100 rounded"
                   title="Client ID">{client.id}</span>
                 <div class="flex flex-col">
                   <span class="text-sm">{client.description}</span>
@@ -142,7 +142,7 @@
               </div>
               <div>
                 <a
-                  class="text-sm text-primary hover:text-primary-dark underline cursor-pointer"
+                  class="text-sm underline cursor-pointer text-primary hover:text-primary-dark"
                   on:click={confirm('Are you sure?') && _deleteClient(client.id)}>Remove</a>
               </div>
             </div>
@@ -150,7 +150,7 @@
         </div>
       {:else}
         <div
-          class="w-full py-12 text-gray-500 flex justify-center items-center">
+          class="flex items-center justify-center w-full py-12 text-gray-500">
           <i>No clients available. Create your first one.</i>
         </div>
       {/if}
@@ -161,13 +161,13 @@
         <h1 class="text-2xl font-semibold" slot="header">Add new client</h1>
         <div slot="main" style="min-width: 400px;">
           <form
-            class="w-full flex flex-col space-y-4"
+            class="flex flex-col w-full space-y-4"
             on:submit|preventDefault={_createClient}>
             <div class="flex flex-col w-full space-y-1">
               <label for="desc-input" class="font-semibold">Description</label>
               <input
                 type="text"
-                class="border-2 border-primary rounded-md p-2"
+                class="p-2 border-2 rounded-md border-primary"
                 name="desc-input"
                 placeholder="What will this new client key be used for?"
                 required
@@ -175,9 +175,9 @@
             </div>
 
             <div>
-              <h3 class="font-semibold mb-2 mt-2">Permissions</h3>
+              <h3 class="mt-2 mb-2 font-semibold">Permissions</h3>
               {#each availablePermissions as perm}
-                <div class="flex space-x-2 items-center">
+                <div class="flex items-center space-x-2">
                   <input
                     type="checkbox"
                     name="perm-input-{perm}"
@@ -190,10 +190,10 @@
             </div>
 
             <div>
-              <h3 class="font-semibold mb-2 mt-2">E-Mail Settings</h3>
-              <div class="mb-4 max-w-screen-md">
+              <h3 class="mt-2 mb-2 font-semibold">E-Mail Settings</h3>
+              <div class="max-w-screen-md mb-4">
                 <div
-                  class="mt-4 bg-primary px-4 py-2 rounded text-white text-sm">
+                  class="px-4 py-2 mt-4 text-sm text-white rounded bg-primary">
                   <span class="font-semibold">Please Note:</span>
                   <span>You can set an optional sender address for this client (e.g. <strong><i>My App &lt;noreply@example.org&gt;</i></strong>), that will be used in the mail's <i>"From"</i> header. However, you need to make sure that SPF and DMARC records are properly set for your domain. You need to authorize MailWhale's servers to send mail on your behalf. If left blank, a default sender address like <strong><i>vldsbgfr+user@mailwhale.dev</i></strong></span> will be used.
                 </div>
@@ -205,7 +205,7 @@
                 <input
                   type="text"
                   name="default-sender-input"
-                  class="border-2 border-primary rounded-md p-2 flex-grow"
+                  class="flex-grow p-2 border-2 rounded-md border-primary"
                   placeholder="Leave empty for default"
                   bind:value={newClient.sender} />
               </div>
@@ -215,7 +215,7 @@
               <div />
               <button
                 type="submit"
-                class="py-2 px-4 text-white bg-primary rounded-md hover:bg-primary-dark">Create</button>
+                class="px-4 py-2 text-white rounded-md bg-primary hover:bg-primary-dark">Create</button>
             </div>
           </form>
         </div>
diff --git a/webui/src/views/Signup.svelte b/webui/src/views/Signup.svelte
new file mode 100644
index 0000000..cfb024b
--- /dev/null
+++ b/webui/src/views/Signup.svelte
@@ -0,0 +1,22 @@
+<script>
+  import SignupForm from '../components/SignupForm.svelte'
+  import Layout from '../layouts/Main.svelte'
+
+  import { createUser } from '../api/users'
+  import { successes } from '../stores/alerts'
+
+  async function signup({ detail }) {
+    const user = await createUser({ email: detail.username, password: detail.password })
+    successes.spawn('Successfully signed up')
+    window.location.replace('login')
+  }
+</script>
+
+<Layout>
+  <div slot="content" class="flex flex-col items-center justify-center">
+    <h1 class="text-2xl font-semibold">Sign Up</h1>
+    <div class="w-1/2 py-8 lg:w-1/3">
+      <SignupForm on:signup={signup} />
+    </div>
+  </div>
+</Layout>