diff --git a/modules/apps/login/login-authentication-google-web/src/main/java/com/liferay/login/authentication/google/web/internal/portlet/action/GoogleLoginAction.java b/modules/apps/login/login-authentication-google-web/src/main/java/com/liferay/login/authentication/google/web/internal/portlet/action/GoogleLoginAction.java
index 4c7133e68ff410..453a6b71a707d0 100644
--- a/modules/apps/login/login-authentication-google-web/src/main/java/com/liferay/login/authentication/google/web/internal/portlet/action/GoogleLoginAction.java
+++ b/modules/apps/login/login-authentication-google-web/src/main/java/com/liferay/login/authentication/google/web/internal/portlet/action/GoogleLoginAction.java
@@ -14,10 +14,12 @@
 
 package com.liferay.login.authentication.google.web.internal.portlet.action;
 
+import com.liferay.portal.kernel.exception.PortalException;
 import com.liferay.portal.kernel.model.User;
 import com.liferay.portal.kernel.portlet.LiferayWindowState;
 import com.liferay.portal.kernel.portlet.PortletURLFactoryUtil;
 import com.liferay.portal.kernel.security.auth.PrincipalException;
+import com.liferay.portal.kernel.servlet.SessionErrors;
 import com.liferay.portal.kernel.struts.BaseStrutsAction;
 import com.liferay.portal.kernel.struts.StrutsAction;
 import com.liferay.portal.kernel.theme.ThemeDisplay;
@@ -33,10 +35,12 @@
 import java.util.Arrays;
 import java.util.List;
 
+import javax.portlet.MutableRenderParameters;
 import javax.portlet.PortletMode;
 import javax.portlet.PortletRequest;
 import javax.portlet.PortletURL;
 
+import javax.servlet.ServletContext;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
@@ -87,14 +91,24 @@ else if (cmd.equals("token")) {
 			if (Validator.isNotNull(authorizationCode)) {
 				String returnRequestUri = getReturnRequestUri(request);
 
-				User user = _googleAuthorization.addOrUpdateUser(
-					session, themeDisplay.getCompanyId(), authorizationCode,
-					returnRequestUri, _scopesLogin);
+				try {
+					User user = _googleAuthorization.addOrUpdateUser(
+						session, themeDisplay.getCompanyId(), authorizationCode,
+						returnRequestUri, _scopesLogin);
 
-				if ((user != null) &&
-					(user.getStatus() == WorkflowConstants.STATUS_INCOMPLETE)) {
+					if ((user != null) &&
+						(user.getStatus() ==
+							WorkflowConstants.STATUS_INCOMPLETE)) {
 
-					sendUpdateAccountRedirect(request, response, user);
+						sendUpdateAccountRedirect(request, response, user);
+
+						return null;
+					}
+				}
+				catch (PortalException pe) {
+					SessionErrors.add(request, pe.getClass(), pe);
+
+					sendError(request, response);
 
 					return null;
 				}
@@ -121,6 +135,24 @@ protected String getReturnRequestUri(HttpServletRequest request) {
 			_REDIRECT_URI;
 	}
 
+	protected void sendError(
+			HttpServletRequest request, HttpServletResponse response)
+		throws Exception {
+
+		PortletURL portletURL = PortletURLFactoryUtil.create(
+			request, PortletKeys.LOGIN, PortletRequest.RENDER_PHASE);
+
+		MutableRenderParameters renderParameters =
+			portletURL.getRenderParameters();
+
+		renderParameters.setValue(
+			"mvcRenderCommandName", "/login/google_login_error");
+
+		portletURL.setWindowState(LiferayWindowState.POP_UP);
+
+		response.sendRedirect(portletURL.toString());
+	}
+
 	protected void sendLoginRedirect(
 			HttpServletRequest request, HttpServletResponse response)
 		throws Exception {
@@ -180,4 +212,9 @@ protected void sendUpdateAccountRedirect(
 	@Reference
 	private Portal _portal;
 
+	@Reference(
+		target = "(osgi.web.symbolicname=com.liferay.login.authentication.google.web)"
+	)
+	private ServletContext _servletContext;
+
 }
\ No newline at end of file
diff --git a/modules/apps/login/login-authentication-google-web/src/main/java/com/liferay/login/authentication/google/web/internal/portlet/action/GoogleLoginErrorMVCRenderCommand.java b/modules/apps/login/login-authentication-google-web/src/main/java/com/liferay/login/authentication/google/web/internal/portlet/action/GoogleLoginErrorMVCRenderCommand.java
new file mode 100644
index 00000000000000..fe6c0e0a8d5972
--- /dev/null
+++ b/modules/apps/login/login-authentication-google-web/src/main/java/com/liferay/login/authentication/google/web/internal/portlet/action/GoogleLoginErrorMVCRenderCommand.java
@@ -0,0 +1,101 @@
+/**
+ * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
+ *
+ * This library is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ */
+
+package com.liferay.login.authentication.google.web.internal.portlet.action;
+
+import com.liferay.portal.kernel.portlet.bridges.mvc.MVCRenderCommand;
+import com.liferay.portal.kernel.portlet.bridges.mvc.MVCRenderConstants;
+import com.liferay.portal.kernel.security.auth.PrincipalException;
+import com.liferay.portal.kernel.service.UserLocalService;
+import com.liferay.portal.kernel.theme.ThemeDisplay;
+import com.liferay.portal.kernel.util.Portal;
+import com.liferay.portal.kernel.util.PortletKeys;
+import com.liferay.portal.kernel.util.PrefsPropsUtil;
+import com.liferay.portal.kernel.util.WebKeys;
+
+import javax.portlet.PortletException;
+import javax.portlet.RenderRequest;
+import javax.portlet.RenderResponse;
+
+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletContext;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.osgi.service.component.annotations.Component;
+import org.osgi.service.component.annotations.Reference;
+
+/**
+ * @author Stian Sigvartsen
+ */
+@Component(
+	immediate = true,
+	property = {
+		"javax.portlet.name=" + PortletKeys.FAST_LOGIN,
+		"javax.portlet.name=" + PortletKeys.LOGIN,
+		"mvc.command.name=/login/google_login_error"
+	},
+	service = MVCRenderCommand.class
+)
+public class GoogleLoginErrorMVCRenderCommand implements MVCRenderCommand {
+
+	@Override
+	public String render(
+			RenderRequest renderRequest, RenderResponse renderResponse)
+		throws PortletException {
+
+		ThemeDisplay themeDisplay = (ThemeDisplay)renderRequest.getAttribute(
+			WebKeys.THEME_DISPLAY);
+
+		boolean googleAuthEnabled = PrefsPropsUtil.getBoolean(
+			themeDisplay.getCompanyId(), "google-auth-enabled", true);
+
+		if (!googleAuthEnabled) {
+			throw new PortletException(
+				new PrincipalException.MustBeEnabled(
+					themeDisplay.getCompanyId(),
+					GoogleLoginAction.class.getName()));
+		}
+
+		HttpServletRequest httpServletRequest = _portal.getHttpServletRequest(
+			renderRequest);
+
+		HttpServletResponse httpServletResponse =
+			_portal.getHttpServletResponse(renderResponse);
+
+		try {
+			RequestDispatcher requestDispatcher =
+				_servletContext.getRequestDispatcher("/error.jsp");
+
+			requestDispatcher.forward(httpServletRequest, httpServletResponse);
+		}
+		catch (Exception e) {
+			throw new PortletException("Unable to include error.jsp", e);
+		}
+
+		return MVCRenderConstants.MVC_PATH_VALUE_SKIP_DISPATCH;
+	}
+
+	@Reference
+	private Portal _portal;
+
+	@Reference(
+		target = "(osgi.web.symbolicname=com.liferay.login.authentication.google.web)"
+	)
+	private ServletContext _servletContext;
+
+	@Reference
+	private UserLocalService _userLocalService;
+
+}
\ No newline at end of file
diff --git a/modules/apps/login/login-authentication-google-web/src/main/resources/META-INF/resources/error.jsp b/modules/apps/login/login-authentication-google-web/src/main/resources/META-INF/resources/error.jsp
new file mode 100644
index 00000000000000..8f67b42385e4fa
--- /dev/null
+++ b/modules/apps/login/login-authentication-google-web/src/main/resources/META-INF/resources/error.jsp
@@ -0,0 +1,49 @@
+<%--
+/**
+ * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
+ *
+ * This library is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ */
+--%>
+
+<%@ include file="/init.jsp" %>
+
+<div class="sheet sheet-lg">
+	<div class="sheet-header">
+		<div class="autofit-padded-no-gutters-x autofit-row">
+			<div class="autofit-col autofit-col-expand">
+				<h2 class="sheet-title">
+					<liferay-ui:message key="failed-to-sign-in-using-this-google-account" />
+				</h2>
+			</div>
+		</div>
+	</div>
+
+	<div class="sheet-text">
+		<c:if test="<%= SessionErrors.contains(request, UserEmailAddressException.MustNotUseCompanyMx.class) %>">
+			<div class="alert alert-danger">
+				<liferay-ui:message key="this-google-account-cannot-be-used-to-register-a-new-user-because-its-email-domain-is-reserved" />
+			</div>
+		</c:if>
+
+		<c:if test="<%= SessionErrors.contains(request, StrangersNotAllowedException.class) %>">
+			<div class="alert alert-danger">
+				<liferay-ui:message key="only-known-users-are-allowed-to-sign-in-using-google" />
+			</div>
+		</c:if>
+	</div>
+
+	<div class="sheet-footer">
+		<aui:button-row>
+			<aui:button onClick="window.close();" value="close" />
+		</aui:button-row>
+	</div>
+</div>
\ No newline at end of file
diff --git a/modules/apps/login/login-authentication-google-web/src/main/resources/META-INF/resources/init.jsp b/modules/apps/login/login-authentication-google-web/src/main/resources/META-INF/resources/init.jsp
new file mode 100644
index 00000000000000..b2ab5d9de868f4
--- /dev/null
+++ b/modules/apps/login/login-authentication-google-web/src/main/resources/META-INF/resources/init.jsp
@@ -0,0 +1,26 @@
+<%--
+/**
+ * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
+ *
+ * This library is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ */
+--%>
+
+<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
+
+<%@ taglib uri="http://liferay.com/tld/aui" prefix="aui" %><%@
+taglib uri="http://liferay.com/tld/ui" prefix="liferay-ui" %>
+
+<%@ page import="com.liferay.portal.kernel.exception.UserEmailAddressException" %><%@
+page import="com.liferay.portal.kernel.servlet.SessionErrors" %><%@
+page import="com.liferay.portal.security.sso.google.exception.StrangersNotAllowedException" %>
+
+<portlet:defineObjects />
\ No newline at end of file
diff --git a/modules/apps/login/login-authentication-google-web/src/main/resources/content/Language.properties b/modules/apps/login/login-authentication-google-web/src/main/resources/content/Language.properties
index d65acac4edfa05..34743d44a7bde1 100644
--- a/modules/apps/login/login-authentication-google-web/src/main/resources/content/Language.properties
+++ b/modules/apps/login/login-authentication-google-web/src/main/resources/content/Language.properties
@@ -1 +1,4 @@
-google=Google
\ No newline at end of file
+google=Google
+failed-to-sign-in-using-this-google-account=Failed to sign in using this Google account
+only-known-users-are-allowed-to-sign-in-using-google=Only known users are allowed to sign in using Google.
+this-google-account-cannot-be-used-to-register-a-new-user-because-its-email-domain-is-reserved=This google account cannot be used to register a new user because its email domain is reserved.
\ No newline at end of file
diff --git a/modules/apps/portal-security-sso/portal-security-sso-google-api/bnd.bnd b/modules/apps/portal-security-sso/portal-security-sso-google-api/bnd.bnd
index c09cd3c6c43ab8..bdce247cf5ac8b 100644
--- a/modules/apps/portal-security-sso/portal-security-sso-google-api/bnd.bnd
+++ b/modules/apps/portal-security-sso/portal-security-sso-google-api/bnd.bnd
@@ -4,4 +4,5 @@ Bundle-Version: 3.0.0
 Export-Package:\
 	com.liferay.portal.security.sso.google,\
 	com.liferay.portal.security.sso.google.configuration,\
-	com.liferay.portal.security.sso.google.constants
\ No newline at end of file
+	com.liferay.portal.security.sso.google.constants,\
+	com.liferay.portal.security.sso.google.exception
\ No newline at end of file
diff --git a/modules/apps/portal-security-sso/portal-security-sso-google-api/src/main/java/com/liferay/portal/security/sso/google/exception/StrangersNotAllowedException.java b/modules/apps/portal-security-sso/portal-security-sso-google-api/src/main/java/com/liferay/portal/security/sso/google/exception/StrangersNotAllowedException.java
new file mode 100644
index 00000000000000..266e33159946f5
--- /dev/null
+++ b/modules/apps/portal-security-sso/portal-security-sso-google-api/src/main/java/com/liferay/portal/security/sso/google/exception/StrangersNotAllowedException.java
@@ -0,0 +1,32 @@
+/**
+ * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
+ *
+ * This library is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ */
+
+package com.liferay.portal.security.sso.google.exception;
+
+import com.liferay.portal.kernel.exception.PortalException;
+
+/**
+ * @author Stian Sigvartsen
+ */
+public class StrangersNotAllowedException extends PortalException {
+
+	public StrangersNotAllowedException(long companyId) {
+		super(String.format("Company %s does not allow strangers", companyId));
+
+		this.companyId = companyId;
+	}
+
+	public final long companyId;
+
+}
\ No newline at end of file
diff --git a/modules/apps/portal-security-sso/portal-security-sso-google-api/src/main/resources/com/liferay/portal/security/sso/google/exception/packageinfo b/modules/apps/portal-security-sso/portal-security-sso-google-api/src/main/resources/com/liferay/portal/security/sso/google/exception/packageinfo
new file mode 100644
index 00000000000000..e2525561ab2e7b
--- /dev/null
+++ b/modules/apps/portal-security-sso/portal-security-sso-google-api/src/main/resources/com/liferay/portal/security/sso/google/exception/packageinfo
@@ -0,0 +1 @@
+version 1.0.0
\ No newline at end of file
diff --git a/modules/apps/portal-security-sso/portal-security-sso-google-impl/src/main/java/com/liferay/portal/security/sso/google/internal/GoogleAuthorizationImpl.java b/modules/apps/portal-security-sso/portal-security-sso-google-impl/src/main/java/com/liferay/portal/security/sso/google/internal/GoogleAuthorizationImpl.java
index c676fb4d0ab8b2..5375ce6346de06 100644
--- a/modules/apps/portal-security-sso/portal-security-sso-google-impl/src/main/java/com/liferay/portal/security/sso/google/internal/GoogleAuthorizationImpl.java
+++ b/modules/apps/portal-security-sso/portal-security-sso-google-impl/src/main/java/com/liferay/portal/security/sso/google/internal/GoogleAuthorizationImpl.java
@@ -26,18 +26,24 @@
 import com.google.api.services.oauth2.model.Userinfoplus;
 
 import com.liferay.petra.string.StringPool;
+import com.liferay.portal.kernel.exception.CompanyMxException;
+import com.liferay.portal.kernel.exception.PortalException;
 import com.liferay.portal.kernel.exception.SystemException;
+import com.liferay.portal.kernel.exception.UserEmailAddressException;
+import com.liferay.portal.kernel.model.Company;
 import com.liferay.portal.kernel.model.Contact;
 import com.liferay.portal.kernel.model.User;
 import com.liferay.portal.kernel.model.UserGroupRole;
 import com.liferay.portal.kernel.module.configuration.ConfigurationException;
 import com.liferay.portal.kernel.module.configuration.ConfigurationProvider;
 import com.liferay.portal.kernel.security.auth.PrincipalException;
+import com.liferay.portal.kernel.service.CompanyLocalService;
 import com.liferay.portal.kernel.service.ServiceContext;
 import com.liferay.portal.kernel.service.UserLocalService;
 import com.liferay.portal.kernel.settings.CompanyServiceSettingsLocator;
 import com.liferay.portal.kernel.util.CalendarFactoryUtil;
 import com.liferay.portal.kernel.util.LocaleUtil;
+import com.liferay.portal.kernel.util.PropsKeys;
 import com.liferay.portal.kernel.util.ServiceBeanMethodInvocationFactoryUtil;
 import com.liferay.portal.kernel.util.StringUtil;
 import com.liferay.portal.kernel.util.Validator;
@@ -46,7 +52,11 @@
 import com.liferay.portal.security.sso.google.GoogleAuthorization;
 import com.liferay.portal.security.sso.google.configuration.GoogleAuthorizationConfiguration;
 import com.liferay.portal.security.sso.google.constants.GoogleConstants;
+import com.liferay.portal.security.sso.google.exception.StrangersNotAllowedException;
 import com.liferay.portal.security.sso.google.internal.constants.GoogleWebKeys;
+import com.liferay.portal.util.PrefsPropsUtil;
+import com.liferay.portal.util.PropsUtil;
+import com.liferay.portal.util.PropsValues;
 
 import java.lang.reflect.Method;
 
@@ -55,6 +65,7 @@
 import java.util.Locale;
 import java.util.Objects;
 
+import javax.portlet.PortletPreferences;
 import javax.servlet.http.HttpSession;
 
 import org.osgi.service.component.annotations.Component;
@@ -252,6 +263,7 @@ protected User doAddOrUpdateUser(
 			user = updateUser(user, userinfoplus);
 		}
 		else {
+			_checkAllowUserCreation(companyId, userinfoplus);
 			user = addUser(companyId, userinfoplus);
 
 			session.setAttribute(
@@ -382,6 +394,26 @@ protected User updateUser(User user, Userinfoplus userinfoplus)
 			contact.getJobTitle(), groupIds, organizationIds, roleIds,
 			userGroupRoles, userGroupIds, serviceContext);
 	}
+	
+	private void _checkAllowUserCreation(long companyId, Userinfoplus userinfoplus) 
+		throws PortalException {
+		
+		Company company = _companyLocalService.getCompany(companyId);
+		
+		if (!company.isStrangers()) {
+			throw new StrangersNotAllowedException(companyId);
+		}		
+		
+		String emailAddress = userinfoplus.getEmail();
+
+		if (company.hasCompanyMx(emailAddress)) {
+
+			if (!company.isStrangersWithMx()) {
+				throw new UserEmailAddressException.MustNotUseCompanyMx(
+					emailAddress);
+			}
+		}
+	}
 
 	private static final String _ONLINE_ACCESS_TYPE = "online";
 
@@ -392,5 +424,8 @@ protected User updateUser(User user, Userinfoplus userinfoplus)
 
 	@Reference
 	private UserLocalService _userLocalService;
+	
+	@Reference
+	private CompanyLocalService _companyLocalService;
 
 }
\ No newline at end of file