diff --git a/mellon/app_settings.py b/mellon/app_settings.py
index 4460b02..290c34c 100644
--- a/mellon/app_settings.py
+++ b/mellon/app_settings.py
@@ -9,6 +9,7 @@ class AppSettings(object):
             'PRIVATE_KEY_PASSWORD': None,
             'NAME_ID_FORMATS': (),
             'NAME_ID_POLICY_FORMAT': None,
+            'NAME_ID_POLICY_ALLOW_CREATE': True,
             'FORCE_AUTHN': False,
             'ADAPTER': (
                 'mellon.adapters.DefaultAdapter',
diff --git a/mellon/views.py b/mellon/views.py
index 252d3ab..15231f9 100644
--- a/mellon/views.py
+++ b/mellon/views.py
@@ -145,7 +145,11 @@ class LoginView(View):
             authn_request = login.request
             # configure NameID policy
             policy = authn_request.nameIdPolicy
-            policy_format = idp.get('NAME_ID_POLICY_FORMAT') or app_settings.NAME_ID_POLICY_FORMAT
+            policy.allowCreate = \
+                    (idp.get('NAME_ID_POLICY_ALLOW_CREATE') or \
+                    app_settings.NAME_ID_POLICY_ALLOW_CREATE) and True
+            policy_format = idp.get('NAME_ID_POLICY_FORMAT') \
+                    or app_settings.NAME_ID_POLICY_FORMAT
             policy.format = policy_format or None
             force_authn = idp.get('FORCE_AUTHN') or app_settings.FORCE_AUTHN
             if force_authn: