diff --git a/package-lock.json b/package-lock.json
index 90d950660eb..6cbbabc4784 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -8803,7 +8803,9 @@
       "license": "MIT"
     },
     "node_modules/@types/auth0-js": {
-      "version": "9.21.5",
+      "version": "9.21.6",
+      "resolved": "https://registry.npmjs.org/@types/auth0-js/-/auth0-js-9.21.6.tgz",
+      "integrity": "sha512-wsvfk03WzQDXCbMdX8lQZH2Thh5AQk9SKQcxrBN1EdRkIOgkw9aIixxBpzsTHu/gj0I514BGQv7t5EyZSgVRmQ==",
       "dev": true,
       "license": "MIT"
     },
@@ -10788,7 +10790,9 @@
       }
     },
     "node_modules/auth0-js": {
-      "version": "9.24.1",
+      "version": "9.28.0",
+      "resolved": "https://registry.npmjs.org/auth0-js/-/auth0-js-9.28.0.tgz",
+      "integrity": "sha512-2xIfQIGM0vX3IdPR91ztLO2+Ar2I5+3iFKcjuZO+LV9vRh4Wje+Ka1hnHjMU9dH892Lm3ZxBAHxRo68YToUhfg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -34873,8 +34877,8 @@
       "version": "0.0.0",
       "devDependencies": {
         "@sveltejs/vite-plugin-svelte": "^3.1.2",
-        "@types/auth0-js": "^9.14.7",
-        "auth0-js": "^9.20.2",
+        "@types/auth0-js": "^9.21.6",
+        "auth0-js": "^9.28.0",
         "autoprefixer": "^10.4.20",
         "postcss": "^8.4.47",
         "svelte": "^4.2.19",
diff --git a/web-auth/src/components/Auth.svelte b/web-auth/src/components/Auth.svelte
index d76f0924408..b05a26e2120 100644
--- a/web-auth/src/components/Auth.svelte
+++ b/web-auth/src/components/Auth.svelte
@@ -9,7 +9,6 @@
   import EmailPasswordForm from "./EmailPasswordForm.svelte";
   import { getConnectionFromEmail } from "./utils";
   import OrSeparator from "./OrSeparator.svelte";
-  import SSOForm from "./SSOForm.svelte";
   import EmailSubmissionForm from "./EmailSubmissionForm.svelte";
   import Disclaimer from "./Disclaimer.svelte";
   import Spacer from "./Spacer.svelte";
@@ -32,6 +31,7 @@
   let webAuth: WebAuth;
 
   $: isLegacy = false;
+  $: isSignup = false;
 
   function isDomainDisabled(email: string): boolean {
     return disableForgotPassDomainsArr.some((domain) =>
@@ -42,82 +42,78 @@
   $: domainDisabled = isDomainDisabled(email);
 
   function initConfig() {
-    const config = JSON.parse(
-      decodeURIComponent(escape(window.atob(configParams))),
-    ) as Config;
-
-    const isSignup = config?.extraParams?.screen_hint === "signup";
-
-    if (isSignup) {
-      step = AuthStep.SignUp;
-    }
-
-    if (cloudClientIDsArr.includes(config?.clientID)) {
-      isLegacy = true;
-    }
-
-    const authOptions: AuthOptions = Object.assign(
-      {
-        overrides: {
-          __tenant: config.auth0Tenant,
-          __token_issuer: config.authorizationServer.issuer,
+    try {
+      if (
+        import.meta.env.DEV &&
+        (!configParams || configParams === "undefined")
+      ) {
+        console.warn(
+          "No auth config provided. In development mode - auth flows will not work.",
+        );
+        errorText = "Authentication is not configured in development mode";
+        return;
+      }
+
+      const config = JSON.parse(
+        decodeURIComponent(escape(window.atob(configParams))),
+      ) as Config;
+
+      isSignup = config?.extraParams?.screen_hint === "signup";
+
+      if (cloudClientIDsArr.includes(config?.clientID)) {
+        isLegacy = true;
+      }
+
+      const authOptions: AuthOptions = Object.assign(
+        {
+          overrides: {
+            __tenant: config.auth0Tenant,
+            __token_issuer: config.authorizationServer.issuer,
+          },
+          domain: config.auth0Domain,
+          clientID: config.clientID,
+          redirectUri: config.callbackURL,
+          responseType: "code",
         },
-        domain: config.auth0Domain,
-        clientID: config.clientID,
-        redirectUri: config.callbackURL,
-        responseType: "code",
-      },
-      config.internalOptions,
-    );
+        config.internalOptions,
+      );
 
-    webAuth = new auth0.WebAuth(authOptions);
+      webAuth = new auth0.WebAuth(authOptions);
+    } catch (e) {
+      console.error("Failed to initialize auth:", e);
+      errorText = "Failed to initialize authentication in development mode";
+    }
   }
 
-  function processEmailSubmission(event) {
+  function processEmailSubmission(event: any) {
     email = event.detail.email;
 
-    const connectionName = getConnectionFromEmail(email, connectionMapObj);
-
-    if (connectionName) {
-      step = AuthStep.SSO;
-    } else {
-      step = AuthStep.Login;
-    }
+    step = AuthStep.SignUp;
   }
 
   function getHeadingText(step: AuthStep): string {
-    if (isLegacy) {
-      return "Log in";
-    }
-
     switch (step) {
       case AuthStep.Base:
         return "Log in or sign up";
-      case AuthStep.SSO:
-        return "Log in with SSO";
       case AuthStep.Login:
         return "Log in with email";
       case AuthStep.SignUp:
-        return "Sign up with email";
+        return `Log in or sign up with <span class="font-medium">${email}</span>`;
       case AuthStep.Thanks:
         return "Thanks for signing up!";
       default:
         return "";
     }
   }
-  $: headingText = getHeadingText(step);
 
   function getSubheadingText(step: AuthStep, email: string): string {
     switch (step) {
-      case AuthStep.SSO:
-        return `SAML SSO enabled workspace is associated with <span class="font-medium">${email}</span>`;
       case AuthStep.Login:
         return `Log in using <span class="font-medium">${email}</span>`;
       default:
         return "";
     }
   }
-  $: subheadingText = getSubheadingText(step, email);
 
   function backToBaseStep() {
     step = AuthStep.Base;
@@ -126,6 +122,9 @@
   onMount(() => {
     initConfig();
   });
+
+  $: headingText = getHeadingText(step);
+  $: subheadingText = getSubheadingText(step, email);
 </script>
 
 <AuthContainer>
@@ -133,7 +132,7 @@
   <Spacer />
   <div class="flex flex-col items-center gap-y-2 text-center">
     <div class="text-xl text-slate-800">
-      {headingText}
+      {@html headingText}
     </div>
     {#if subheadingText}
       <div class="text-base text-gray-500">
@@ -164,19 +163,17 @@
 
       <OrSeparator />
 
-      <EmailSubmissionForm on:submit={processEmailSubmission} />
-    {/if}
-
-    {#if step === AuthStep.SSO}
-      <SSOForm {email} {connectionMapObj} {webAuth} on:back={backToBaseStep} />
+      <EmailSubmissionForm
+        on:submit={processEmailSubmission}
+        {webAuth}
+        {connectionMapObj}
+      />
     {/if}
 
     {#if step === AuthStep.Login || step === AuthStep.SignUp}
       <EmailPasswordForm
-        {step}
         {email}
         {isLegacy}
-        showForgetPassword={step === AuthStep.Login}
         isDomainDisabled={domainDisabled}
         {webAuth}
         on:back={backToBaseStep}
diff --git a/web-auth/src/components/EmailPasswordForm.svelte b/web-auth/src/components/EmailPasswordForm.svelte
index f59fc77af86..d9d33065a2a 100644
--- a/web-auth/src/components/EmailPasswordForm.svelte
+++ b/web-auth/src/components/EmailPasswordForm.svelte
@@ -6,19 +6,17 @@
   import { ArrowLeftIcon } from "lucide-svelte";
   import { WebAuth } from "auth0-js";
   import { DATABASE_CONNECTION } from "../constants";
-  import { AuthStep } from "../types";
   import type { Auth0Error } from "auth0-js";
 
   const dispatch = createEventDispatcher();
 
   export let disabled = false;
   export let email = "";
-  export let showForgetPassword = false;
   export let isDomainDisabled = false;
   export let isLegacy = false;
   export let webAuth: WebAuth;
-  export let step: AuthStep;
 
+  let showForgetPassword = false;
   let password = "";
   let showPassword = false;
   let errorText = "";
@@ -91,38 +89,64 @@
     disabled = false;
   }
 
-  function authenticateUser(email: string, password: string) {
+  async function authenticateUser(email: string, password: string) {
     disabled = true;
     errorText = "";
+    showForgetPassword = false;
 
     try {
-      // NOTE: Sign up is only supported on Rill Cloud login pages, not Rill Dash
-      if (step === AuthStep.SignUp && !isLegacy) {
-        // Directly attempt to sign up and log in the user
-        webAuth.redirect.signupAndLogin(
+      if (isLegacy) {
+        // For legacy users, attempt login directly
+        webAuth.login(
           {
-            connection: DATABASE_CONNECTION,
-            email: email,
+            realm: DATABASE_CONNECTION,
+            username: email,
             password: password,
           },
-          (signupErr: any) => {
-            if (signupErr) {
-              handleAuthError(signupErr);
+          (loginErr) => {
+            if (loginErr) {
+              displayError({ message: loginErr?.description });
+              showForgetPassword = true;
             } else {
               disabled = false;
             }
           },
         );
       } else {
-        webAuth.login(
+        console.log("attempt to sign up and login");
+        // Attempt to sign up and login the user
+        webAuth.redirect.signupAndLogin(
           {
-            realm: DATABASE_CONNECTION,
-            username: email,
+            connection: DATABASE_CONNECTION,
+            email: email,
             password: password,
           },
           (err) => {
             if (err) {
-              displayError({ message: err?.description });
+              console.log("err", err);
+              // Check if the error is about user already existing
+              if (err.description && err.description.includes("User exists.")) {
+                // If user exists, try logging them in
+                console.log("user exists, trying to login");
+                webAuth.login(
+                  {
+                    realm: DATABASE_CONNECTION,
+                    username: email,
+                    password: password,
+                  },
+                  (loginErr) => {
+                    if (loginErr) {
+                      displayError({ message: loginErr?.description });
+                      showForgetPassword = true;
+                    } else {
+                      disabled = false;
+                    }
+                  },
+                );
+              } else {
+                handleAuthError(err);
+                showForgetPassword = true;
+              }
             } else {
               disabled = false;
             }
@@ -131,6 +155,7 @@
       }
     } catch (err) {
       handleAuthError(err);
+      showForgetPassword = true;
     }
   }
 
diff --git a/web-auth/src/components/EmailSubmissionForm.svelte b/web-auth/src/components/EmailSubmissionForm.svelte
index 9b2f2608bfe..abab37040c5 100644
--- a/web-auth/src/components/EmailSubmissionForm.svelte
+++ b/web-auth/src/components/EmailSubmissionForm.svelte
@@ -1,9 +1,13 @@
 <script lang="ts">
   import CtaButton from "@rilldata/web-common/components/calls-to-action/CTAButton.svelte";
-  import { validateEmail } from "./utils";
+  import { getConnectionFromEmail, validateEmail } from "./utils";
   import { createEventDispatcher } from "svelte";
 
+  import { WebAuth } from "auth0-js";
+
   export let disabled = false;
+  export let webAuth: WebAuth;
+  export let connectionMapObj: Record<string, string[]>;
 
   let email = "";
   let errorText = "";
@@ -15,7 +19,7 @@
   const focusClasses =
     "ring-offset-2 focus:ring-2 focus:ring-primary-ry-300 focus:outline-none";
 
-  function handleClick() {
+  function handleContinueEmailClick() {
     if (!email) {
       errorText = "Please enter your email";
       return;
@@ -31,10 +35,27 @@
     dispatch("submit", { email });
   }
 
-  function handleKeyDown(event: KeyboardEvent) {
-    if (event.key === "Enter") {
-      handleClick();
+  function authorizeSSO(email: string, connectionName: string) {
+    webAuth.authorize({
+      connection: connectionName,
+      login_hint: email,
+      prompt: "login",
+    });
+  }
+
+  function handleContinueSSOClick() {
+    const connectionName = getConnectionFromEmail(email, connectionMapObj);
+
+    if (!connectionName) {
+      errorText = `IDP for the email ${email} not found. Please contact your administrator.`;
+      return;
     }
+
+    authorizeSSO(email, connectionName);
+  }
+
+  $: if (email) {
+    errorText = "";
   }
 
   $: disabled = !(email.length > 0 && validateEmail(email));
@@ -48,7 +69,6 @@
     placeholder="Enter your email address"
     id="email"
     bind:value={email}
-    on:keydown={handleKeyDown}
   />
 
   {#if errorText}
@@ -58,8 +78,14 @@
   {/if}
 </div>
 
-<CtaButton {disabled} variant="secondary" on:click={handleClick}>
+<CtaButton {disabled} variant="secondary" on:click={handleContinueEmailClick}>
   <div class="flex justify-center font-medium">
     <span>Continue with email</span>
   </div>
 </CtaButton>
+
+<CtaButton {disabled} variant="secondary" on:click={handleContinueSSOClick}>
+  <div class="flex justify-center font-medium">
+    <div>Continue with SAML SSO</div>
+  </div>
+</CtaButton>
diff --git a/web-auth/src/components/SSOForm.svelte b/web-auth/src/components/SSOForm.svelte
deleted file mode 100644
index f355d25eb0d..00000000000
--- a/web-auth/src/components/SSOForm.svelte
+++ /dev/null
@@ -1,70 +0,0 @@
-<script lang="ts">
-  import { createEventDispatcher } from "svelte";
-  import CtaButton from "@rilldata/web-common/components/calls-to-action/CTAButton.svelte";
-  import { getConnectionFromEmail } from "./utils";
-  import { ArrowLeftIcon } from "lucide-svelte";
-  import { WebAuth } from "auth0-js";
-
-  const dispatch = createEventDispatcher();
-
-  export let disabled = false;
-  export let email = "";
-  export let webAuth: WebAuth;
-  export let connectionMapObj: Record<string, string[]>;
-
-  let errorText = "";
-
-  function handleClick() {
-    void authorizeSSO(email.toLowerCase());
-  }
-
-  function displayError(err: any) {
-    errorText = err.message;
-  }
-
-  function authorizeSSO(email: string) {
-    disabled = true;
-    errorText = "";
-
-    const connectionName = getConnectionFromEmail(email, connectionMapObj);
-
-    if (!connectionName) {
-      displayError({
-        message: `IDP for the email ${email} not found. Please contact your administrator.`,
-      });
-      disabled = false;
-      return;
-    }
-
-    webAuth.authorize({
-      connection: connectionName,
-      login_hint: email,
-      prompt: "login",
-    });
-  }
-</script>
-
-<div class="flex flex-col gap-y-4">
-  <CtaButton {disabled} variant="primary" on:click={handleClick}>
-    <div class="flex justify-center font-medium">
-      <span>Continue with SAML SSO</span>
-    </div>
-  </CtaButton>
-  <CtaButton
-    {disabled}
-    variant="secondary"
-    gray
-    on:click={() => {
-      dispatch("back");
-    }}
-  >
-    <div class="flex justify-center items-center font-medium">
-      <ArrowLeftIcon class="mr-1" size={14} />
-      <span>Back</span>
-    </div>
-  </CtaButton>
-</div>
-
-{#if errorText}
-  <div class="mt-2 text-red-500 text-sm">{errorText}</div>
-{/if}
diff --git a/web-common/src/components/calls-to-action/CTANeedHelp.svelte b/web-common/src/components/calls-to-action/CTANeedHelp.svelte
index 91574c9e6b7..5ae505b6ae4 100644
--- a/web-common/src/components/calls-to-action/CTANeedHelp.svelte
+++ b/web-common/src/components/calls-to-action/CTANeedHelp.svelte
@@ -1,5 +1,5 @@
 <p class="text-sm text-gray-500 text-center">
-  Need help? Reach out to us on <a href="http://bit.ly/3jg4IsF" target="_blank"
-    >Discord</a
+  Need help? Reach out to us at <a href="mailto:support@rilldata.com"
+    >support@rilldata.com</a
   >
 </p>