diff --git a/.local.env b/.local.env
index f2b25e417..87747110c 100644
--- a/.local.env
+++ b/.local.env
@@ -1,4 +1,3 @@
 GITNESS_TRACE=true
 GITNESS_WEBHOOK_ALLOW_LOOPBACK=true
-GITNESS_PRINCIPAL_ADMIN_PASSWORD=changeit
-GITNESS_ALLOW_SIGN_UP=true
\ No newline at end of file
+GITNESS_PRINCIPAL_ADMIN_PASSWORD=changeit
\ No newline at end of file
diff --git a/internal/api/controller/system/controller.go b/internal/api/controller/system/controller.go
index c75c9cfb7..cf7f11ade 100644
--- a/internal/api/controller/system/controller.go
+++ b/internal/api/controller/system/controller.go
@@ -23,11 +23,11 @@ func NewController(principalStore store.PrincipalStore, config *types.Config) *C
 	}
 }
 
-func (c *Controller) IsUserRegistrationAllowed(ctx context.Context) (bool, error) {
+func (c *Controller) IsUserSignupAllowed(ctx context.Context) (bool, error) {
 	usrCount, err := c.principalStore.CountUsers(ctx, &types.UserFilter{})
 	if err != nil {
 		return false, err
 	}
 
-	return usrCount == 0 || c.config.AllowSignUp, nil
+	return usrCount == 0 || c.config.AllowUserSignup, nil
 }
diff --git a/internal/api/controller/user/register.go b/internal/api/controller/user/register.go
index 1721c77b0..9f6ec09fd 100644
--- a/internal/api/controller/user/register.go
+++ b/internal/api/controller/user/register.go
@@ -25,13 +25,13 @@ type RegisterInput struct {
 // This doesn't require auth, but has limited functionalities (unable to create admin user for example).
 func (c *Controller) Register(ctx context.Context, sysCtrl *system.Controller,
 	in *RegisterInput) (*types.TokenResponse, error) {
-	signUpAllowed, err := sysCtrl.IsUserRegistrationAllowed(ctx)
+	signUpAllowed, err := sysCtrl.IsUserSignupAllowed(ctx)
 	if err != nil {
 		return nil, err
 	}
 
 	if !signUpAllowed {
-		return nil, usererror.ErrForbidden
+		return nil, usererror.Forbidden("User sign-up is disabled")
 	}
 
 	user, err := c.CreateNoAuth(ctx, &CreateInput{
diff --git a/internal/api/handler/system/list_config.go b/internal/api/handler/system/list_config.go
index 03ab04035..df972bda0 100644
--- a/internal/api/handler/system/list_config.go
+++ b/internal/api/handler/system/list_config.go
@@ -12,7 +12,7 @@ import (
 )
 
 type ConfigOutput struct {
-	SignUpAllowed bool `json:"sign_up_allowed"`
+	UserSignupAllowed bool `json:"user_signup_allowed"`
 }
 
 // HandleGetConfig returns an http.HandlerFunc that processes an http.Request
@@ -21,13 +21,13 @@ func HandleGetConfig(sysCtrl *system.Controller) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		ctx := r.Context()
 
-		signUpAllowedCheck, err := sysCtrl.IsUserRegistrationAllowed(ctx)
+		userSignupAllowed, err := sysCtrl.IsUserSignupAllowed(ctx)
 		if err != nil {
 			render.TranslatedUserError(w, err)
 			return
 		}
 		render.JSON(w, http.StatusOK, ConfigOutput{
-			SignUpAllowed: signUpAllowedCheck,
+			UserSignupAllowed: userSignupAllowed,
 		})
 	}
 }
diff --git a/internal/api/usererror/usererror.go b/internal/api/usererror/usererror.go
index dc3026aa6..0ff596a65 100644
--- a/internal/api/usererror/usererror.go
+++ b/internal/api/usererror/usererror.go
@@ -116,6 +116,11 @@ func BadRequestWithPayload(message string, values ...map[string]any) *Error {
 	return NewWithPayload(http.StatusBadRequest, message, values...)
 }
 
+// Forbidden returns a new user facing forbidden error.
+func Forbidden(message string) *Error {
+	return New(http.StatusForbidden, message)
+}
+
 // ConflictWithPayload returns a new user facing conflict error with payload.
 func ConflictWithPayload(message string, values ...map[string]any) *Error {
 	return NewWithPayload(http.StatusConflict, message, values...)
diff --git a/types/config.go b/types/config.go
index 42608d4b7..f8b5022ad 100644
--- a/types/config.go
+++ b/types/config.go
@@ -21,7 +21,7 @@ type Config struct {
 	// 5min should be enough for most git clones to complete.
 	GracefulShutdownTime time.Duration `envconfig:"GITNESS_GRACEFUL_SHUTDOWN_TIME" default:"300s"`
 
-	AllowSignUp bool `envconfig:"GITNESS_ALLOW_SIGN_UP"`
+	AllowUserSignup bool `envconfig:"GITNESS_ALLOW_USER_SIGNUP" default:"true"`
 
 	Profiler struct {
 		Type        string `envconfig:"GITNESS_PROFILER_TYPE"`
diff --git a/web/src/services/code/index.tsx b/web/src/services/code/index.tsx
index 103744780..119e654ab 100644
--- a/web/src/services/code/index.tsx
+++ b/web/src/services/code/index.tsx
@@ -488,7 +488,7 @@ export interface RepoSymlinkContent {
 }
 
 export interface SystemConfigOutput {
-  sign_up_allowed?: boolean
+  user_signup_allowed?: boolean
 }
 
 export type TimeDuration = number | null
diff --git a/web/src/services/code/swagger.yaml b/web/src/services/code/swagger.yaml
index a60374f0c..354c61bd9 100644
--- a/web/src/services/code/swagger.yaml
+++ b/web/src/services/code/swagger.yaml
@@ -6982,7 +6982,7 @@ components:
       type: object
     SystemConfigOutput:
       properties:
-        sign_up_allowed:
+        user_signup_allowed:
           type: boolean
       type: object
     TimeDuration: