diff --git a/config/config.js b/config/config.js
index e3f5db3e..88606101 100644
--- a/config/config.js
+++ b/config/config.js
@@ -68,6 +68,8 @@ config.development = {
         tokenSecret: process.env.TOKEN_SECRET || 'INSERT_RANDOM_TOKEN_KEY',
     },
     common: {
+        // determine whether new account registrations are allowed
+        allowRegistration: false,
         /*
          * tryLoginTimes is control login error times to avoid force attack.
          * if value is 0, no limit for login auth, it may not safe for account. when it's a number, it means you can
diff --git a/routes/auth.js b/routes/auth.js
index 3b9db6ee..15f46508 100644
--- a/routes/auth.js
+++ b/routes/auth.js
@@ -31,7 +31,11 @@ router.get('/register', (req, res) => {
         log.debug(`register redirect:${codePushWebUrl}`);
         res.redirect(`${codePushWebUrl}/register`);
     } else {
-        res.render('auth/register', { title: 'CodePushServer', email: req.query.email || '' });
+        if (_.get(config, 'common.allowRegistration')) {
+          res.render('auth/register', { title: 'CodePushServer', email: req.query.email || '' });
+        } else {
+          res.redirect(`/auth/login`);
+        }
     }
 });
 
diff --git a/test/api/auth/auth.test.js b/test/api/auth/auth.test.js
index 4e0fc2af..c8defaa4 100644
--- a/test/api/auth/auth.test.js
+++ b/test/api/auth/auth.test.js
@@ -35,8 +35,21 @@ describe('api/auth/test.js', function () {
     });
 
     describe('sign up view', function (done) {
+        it('should show sign in redirect view if sign up not enabled', function (done) {
+            _.set(config, 'common.allowRegistration', false);
+            request
+                .get('/auth/register')
+                .send()
+                .end(function (err, res) {
+                    should.not.exist(err);
+                    res.status.should.equal(302);
+                    done();
+                });
+        });
+
         it('should show sign up redirect view successful', function (done) {
             _.set(config, 'common.codePushWebUrl', 'http://127.0.0.1:3001');
+            _.set(config, 'common.allowRegistration', true);
             request
                 .get('/auth/register')
                 .send()
@@ -49,6 +62,7 @@ describe('api/auth/test.js', function () {
 
         it('should show sign up view successful', function (done) {
             _.set(config, 'common.codePushWebUrl', null);
+            _.set(config, 'common.allowRegistration', true);
             request
                 .get('/auth/register')
                 .send()