diff --git a/ws/settings.py b/ws/settings.py
index 1515b719..9c931691 100644
--- a/ws/settings.py
+++ b/ws/settings.py
@@ -81,7 +81,6 @@
 ]
 
 LOGIN_REDIRECT_URL = '/'
-ACCOUNT_LOGOUT_REDIRECT_URL = '/'
 
 INSTALLED_APPS = [
     'django.contrib.admin',
@@ -253,6 +252,21 @@
 # Always "remember me"
 ACCOUNT_SESSION_REMEMBER = True
 
+SOCIALACCOUNT_AUTO_SIGNUP = True
+SOCIALACCOUNT_ADAPTER = "ws.social.TrustGoogleEmailOwnershipAdapter"
+
+SOCIALACCOUNT_PROVIDERS = {
+    "google": {
+        "APP": {
+            "client_id": "105568993872-llfunbenb7fndfl17b7bk4mv7uq1jgd5.apps.googleusercontent.com",
+            "secret": os.environ.get('GOOGLE_OAUTH_SECRET_KEY', ''),
+            "key": "",
+        },
+        "SCOPE": ["email"],
+        "AUTH_PARAMS": {"access_type": "online"},
+    }
+}
+
 BURSAR_NAME = os.getenv('BURSAR_NAME', 'MITOC Bursar')
 
 ROOT_URLCONF = 'ws.urls'
diff --git a/ws/social.py b/ws/social.py
new file mode 100644
index 00000000..77f7c3e4
--- /dev/null
+++ b/ws/social.py
@@ -0,0 +1,59 @@
+import logging
+
+from allauth.account.models import EmailAddress
+from allauth.account.utils import user_email
+from allauth.socialaccount.adapter import DefaultSocialAccountAdapter
+from allauth.socialaccount.models import SocialLogin
+from django.http import HttpRequest
+
+from ws import settings
+
+logger = logging.getLogger(__name__)
+
+
+class TrustGoogleEmailOwnershipAdapter(DefaultSocialAccountAdapter):
+    """Let users with an existing account grant Google login access.
+
+    This adapter exists to provide a better UX in the following scenario:
+
+    1. `alice@gmail.com` signs up for `mitoc-trips` with a email & password
+    2. Alice signs out, time passes.
+    3. Later, Alice "logs in with Google"
+    4. Because an account exists under `alice@gmail.com`, we can't complete login
+        - Alice must first log in with her password, then associate Google
+
+    By default, `django-allauth` will not let you automatically claim ownership
+    of an account just because a social provider vouches that you exist under
+    that email address. This makes sense. If you own a Facebook account under
+    `alice@gmail.com`, there's no guarantees that you're necessarily the same
+    person.
+
+    However, because Google is an email provider, I think it's fair to assume
+    that if Google vouches for your identity, auto sign-in can be completed.
+
+    Related: https://github.com/pennersr/django-allauth/issues/418
+    """
+
+    def pre_social_login(self, request: HttpRequest, sociallogin: SocialLogin) -> None:
+        """Connect any Google-asserted email to accounts if existing."""
+        if sociallogin.is_existing:  # Social account exists (normal login)
+            return
+
+        # I don't think there's an easy way to identify the provider in use...
+        # `request.path` should be at least be '/accounts/google/login/callback/'
+        assert set(settings.SOCIALACCOUNT_PROVIDERS) == {'google'}
+
+        email: str = user_email(sociallogin.user)
+
+        try:
+            verified_email = EmailAddress.objects.get(
+                email__iexact=email,
+                # This is critical. If we didn't require a *verified* email, then
+                # we could end up linking this to an existing account which belongs
+                # to a malicious user hoping that somebody will link their Google account.
+                verified=True,
+            )
+        except EmailAddress.DoesNotExist:
+            return
+
+        sociallogin.connect(request, verified_email.user)
diff --git a/ws/static/google.svg b/ws/static/google.svg
new file mode 100644
index 00000000..531aef61
--- /dev/null
+++ b/ws/static/google.svg
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="utf-8"?>
+<svg viewBox="0 0 24 24" width="24" height="24" xmlns="http://www.w3.org/2000/svg">
+  <g transform="matrix(1, 0, 0, 1, 27.009001, -39.238998)">
+      <path fill="#4285F4" d="M -3.264 51.509 C -3.264 50.719 -3.334 49.969 -3.454 49.239 L -14.754 49.239 L -14.754 53.749 L -8.284 53.749 C -8.574 55.229 -9.424 56.479 -10.684 57.329 L -10.684 60.329 L -6.824 60.329 C -4.564 58.239 -3.264 55.159 -3.264 51.509 Z"/>
+      <path fill="#34A853" d="M -14.754 63.239 C -11.514 63.239 -8.804 62.159 -6.824 60.329 L -10.684 57.329 C -11.764 58.049 -13.134 58.489 -14.754 58.489 C -17.884 58.489 -20.534 56.379 -21.484 53.529 L -25.464 53.529 L -25.464 56.619 C -23.494 60.539 -19.444 63.239 -14.754 63.239 Z"/>
+      <path fill="#FBBC05" d="M -21.484 53.529 C -21.734 52.809 -21.864 52.039 -21.864 51.239 C -21.864 50.439 -21.724 49.669 -21.484 48.949 L -21.484 45.859 L -25.464 45.859 C -26.284 47.479 -26.754 49.299 -26.754 51.239 C -26.754 53.179 -26.284 54.999 -25.464 56.619 L -21.484 53.529 Z"/>
+      <path fill="#EA4335" d="M -14.754 43.989 C -12.984 43.989 -11.404 44.599 -10.154 45.789 L -6.734 42.369 C -8.804 40.429 -11.514 39.239 -14.754 39.239 C -19.444 39.239 -23.494 41.939 -25.464 45.859 L -21.484 48.949 C -20.534 46.099 -17.884 43.989 -14.754 43.989 Z"/>
+  </g>
+</svg>
diff --git a/ws/templates/account/login.html b/ws/templates/account/login.html
index c24e5ddb..987836f4 100644
--- a/ws/templates/account/login.html
+++ b/ws/templates/account/login.html
@@ -1,15 +1,58 @@
 {% extends "base_no_scripts.html" %}
+{% load static %}
 {% load crispy_forms_tags %}
+{% load socialaccount %}
 
 {% block head_title %}Log In{% endblock head_title %}
+{% block css %}
+  {{ block.super }}
+  {# Google's guidelines require Roboto: https://developers.google.com/identity/branding-guidelines #}
+  <link href='http://fonts.googleapis.com/css?family=Roboto' rel='stylesheet' type='text/css'>
+  <style>
+    button.google-login {
+        font-family: 'Roboto', sans-serif;
+        width: 100%;
+
+        background-color: #fff;
+        {# https://commons.wikimedia.org/wiki/File:Google_%22G%22_Logo.svg #}
+        background-image: url({% static 'google.svg' %});
+        background-repeat: no-repeat;
+        background-size: 24px;
+        background-position: 16px;
+        font-size: 16px;
+        margin-top: 16px;
+        padding: 16px 50px;
+
+        position: relative;
+        text-align: center;
+    }
+  </style>
+{% endblock css %}
+
 {% block login_button %}{% endblock login_button%}
 
 {% block content %}
 
-<h1>Log In</h1>
+<div class="row">
+  <div class="col-sm-6">
+    <form novalidate method="POST" action="{% provider_login_url 'google' %}">
+      {% csrf_token %}
+      <button class="btn btn-default google-login" type="submit">
+        Sign in with Google
+      </button>
+    </form>
+
+    <hr>
+  </div>
+</div>
+
+
+<h3>Or log in by email</h3>
 
-<p class="lead">
+<p>
   If you have not created an account yet, then please <a href="{{ signup_url }}">sign up</a> first.
+  <br>
+  <small>(We do not automatically create an account after you pay dues or sign a waiver)</small>
 </p>
 
 <div class="row">