diff --git a/.env.example b/.env.example
index 109633d..b5ded73 100644
--- a/.env.example
+++ b/.env.example
@@ -28,13 +28,8 @@ CLICKHOUSE_PASSWORD=change_me_in_production
 SAAS_ADMIN_USER=admin
 SAAS_ADMIN_PASS=change_me_in_production
 
-# SMTP (for email verification during registration)
-# Required for self-service sign-up. Without SMTP, only admin-created users can sign in.
-SMTP_HOST=
-SMTP_PORT=587
-SMTP_USER=
-SMTP_PASS=
-SMTP_FROM_EMAIL=noreply@cameleer.io
+# SMTP / email connector configuration is managed at runtime via the vendor
+# admin UI (Email Connector page at /vendor/email). No SMTP env vars needed.
 
 # TLS (leave empty for self-signed)
 # NODE_TLS_REJECT=0  # Set to 1 when using real certificates
diff --git a/CLAUDE.md b/CLAUDE.md
index 142ddf6..8e233f3 100644
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -25,7 +25,7 @@ Agent-server protocol is defined in `cameleer/cameleer-common/PROTOCOL.md`. The
 |---------|---------|-------------|
 | `config/` | Security, tenant isolation, web config | `SecurityConfig`, `TenantIsolationInterceptor`, `TenantContext`, `PublicConfigController`, `MeController` |
 | `tenant/` | Tenant data model | `TenantEntity` (JPA: id, name, slug, tier, status, logto_org_id, db_password) |
-| `vendor/` | Vendor console (platform:admin) | `VendorTenantService`, `VendorTenantController`, `InfrastructureService` |
+| `vendor/` | Vendor console (platform:admin) | `VendorTenantService`, `VendorTenantController`, `InfrastructureService`, `EmailConnectorService`, `EmailConnectorController` |
 | `onboarding/` | Self-service sign-up onboarding | `OnboardingController`, `OnboardingService` |
 | `portal/` | Tenant admin portal (org-scoped) | `TenantPortalService`, `TenantPortalController` |
 | `provisioning/` | Pluggable tenant provisioning | `DockerTenantProvisioner`, `TenantDatabaseService`, `TenantDataCleanupService` |
diff --git a/docker/CLAUDE.md b/docker/CLAUDE.md
index 7937ecb..11c6855 100644
--- a/docker/CLAUDE.md
+++ b/docker/CLAUDE.md
@@ -42,9 +42,9 @@ Server containers join three networks: tenant network (primary), shared services
 
 ## Custom sign-in UI (`ui/sign-in/`)
 
-Separate Vite+React SPA replacing Logto's default sign-in page. Supports both sign-in and self-service registration.
+Separate Vite+React SPA replacing Logto's default sign-in page. Supports both sign-in and self-service registration (registration is disabled by default until the vendor admin configures an email connector via the UI).
 
-- Built as custom Logto Docker image (`cameleer-logto`): `ui/sign-in/Dockerfile` = node build stage + `FROM ghcr.io/logto-io/logto:latest` + install official connectors (SMTP) + COPY dist over `/etc/logto/packages/experience/dist/`
+- Built as custom Logto Docker image (`cameleer-logto`): `ui/sign-in/Dockerfile` = node build stage + `FROM ghcr.io/logto-io/logto:latest` + install official connectors + COPY dist over `/etc/logto/packages/experience/dist/`
 - Uses `@cameleer/design-system` components (Card, Input, Button, FormField, Alert)
 - **Sign-in**: Logto Experience API (4-step: init -> verify password -> identify -> submit -> redirect). Auto-detects email vs username identifier.
 - **Registration**: 2-phase flow. Phase 1: init Register -> send verification code to email. Phase 2: verify code -> set password -> identify (creates user) -> submit -> redirect.
diff --git a/installer b/installer
index ec1c1f9..1ef0016 160000
--- a/installer
+++ b/installer
@@ -1 +1 @@
-Subproject commit ec1c1f92d78fd8009ccd9822b162befaf2156700
+Subproject commit 1ef0016965133144ef4cc92b100807b1712e89d4
diff --git a/ui/CLAUDE.md b/ui/CLAUDE.md
index 98888f5..5206c45 100644
--- a/ui/CLAUDE.md
+++ b/ui/CLAUDE.md
@@ -6,7 +6,7 @@ React 19 SPA served at `/platform/*` by the Spring Boot backend.
 
 - `main.tsx` — React 19 root
 - `router.tsx` — `/vendor/*` + `/tenant/*` with `RequireScope` guards, `LandingRedirect` that waits for scopes (redirects to `/onboarding` if user has zero orgs), `/register` route for OIDC sign-up flow, `/onboarding` route for self-service tenant creation
-- `Layout.tsx` — persona-aware sidebar: vendor sees expandable "Vendor" section (Tenants, Audit Log, Certificates, Infrastructure, Identity/Logto), tenant admin sees Dashboard/License/SSO/Team/Audit/Settings
+- `Layout.tsx` — persona-aware sidebar: vendor sees expandable "Vendor" section (Tenants, Audit Log, Certificates, Metrics, Infrastructure, Email Connector, Logto Console), tenant admin sees Dashboard/License/SSO/Team/Audit/Settings
 - `OrgResolver.tsx` — merges global + org-scoped token scopes (vendor's platform:admin is global)
 - `config.ts` — fetch Logto config from /platform/api/config
 
@@ -22,12 +22,12 @@ React 19 SPA served at `/platform/*` by the Spring Boot backend.
 ## Pages
 
 - **Onboarding**: `OnboardingPage.tsx` — self-service trial tenant creation (org name + slug), shown to users with zero org memberships after sign-up
-- **Vendor pages**: `VendorTenantsPage.tsx`, `CreateTenantPage.tsx`, `TenantDetailPage.tsx`, `VendorAuditPage.tsx`, `CertificatesPage.tsx`, `InfrastructurePage.tsx`
+- **Vendor pages**: `VendorTenantsPage.tsx`, `CreateTenantPage.tsx`, `TenantDetailPage.tsx`, `VendorAuditPage.tsx`, `CertificatesPage.tsx`, `InfrastructurePage.tsx`, `EmailConfigPage.tsx` (SMTP connector config, registration toggle, test email)
 - **Tenant pages**: `TenantDashboardPage.tsx` (restart + upgrade server), `TenantLicensePage.tsx`, `SsoPage.tsx`, `TeamPage.tsx` (reset member passwords), `TenantAuditPage.tsx`, `SettingsPage.tsx` (change own password, reset server admin password)
 
 ## Custom Sign-in UI (`ui/sign-in/`)
 
 Separate Vite+React SPA replacing Logto's default sign-in page. Built as custom Logto Docker image — see `docker/CLAUDE.md` for details.
 
-- `SignInPage.tsx` — sign-in + registration form with @cameleer/design-system components. Three modes: `signIn` (email/username + password), `register` (email + password + confirm), `verifyCode` (6-digit email verification). Reads `first_screen=register` from URL query params to determine initial view.
+- `SignInPage.tsx` — sign-in + registration form with @cameleer/design-system components. Three modes: `signIn` (email/username + password), `register` (email + password + confirm), `verifyCode` (6-digit email verification). Reads `first_screen=register` from URL query params to determine initial view. Registration is disabled by default — the vendor admin enables it via the Email Connector page after configuring SMTP.
 - `experience-api.ts` — Logto Experience API client. Sign-in: init -> verify password -> identify -> submit. Registration: init Register -> send verification code -> verify code -> add password profile -> identify -> submit. Auto-detects email vs username identifiers.
diff --git a/ui/sign-in/Dockerfile b/ui/sign-in/Dockerfile
index be2716a..4430a69 100644
--- a/ui/sign-in/Dockerfile
+++ b/ui/sign-in/Dockerfile
@@ -15,7 +15,7 @@ FROM ghcr.io/logto-io/logto:latest
 # Install bootstrap dependencies (curl, jq for API calls; postgresql16-client for DB reads)
 RUN apk add --no-cache curl jq postgresql16-client
 
-# Install all official Logto connectors (ensures SMTP email is available for self-hosted)
+# Install all official Logto connectors (email, SMS, social — configured at runtime via vendor UI)
 RUN cd /etc/logto/packages/core && npm run cli connector add -- --official 2>/dev/null || true
 
 # Custom sign-in UI