diff --git a/docker/logto-bootstrap.sh b/docker/logto-bootstrap.sh
index fed3277..6cd4e54 100644
--- a/docker/logto-bootstrap.sh
+++ b/docker/logto-bootstrap.sh
@@ -408,6 +408,10 @@ else
       curl -s -X POST -H "Authorization: Bearer $ADMIN_TOKEN" -H "Content-Type: application/json" -H "Host: ${HOST}:3002" \
         -d "$2" "${LOGTO_ADMIN_ENDPOINT}${1}" 2>/dev/null || true
     }
+    admin_api_patch() {
+      curl -s -X PATCH -H "Authorization: Bearer $ADMIN_TOKEN" -H "Content-Type: application/json" -H "Host: ${HOST}:3002" \
+        -d "$2" "${LOGTO_ADMIN_ENDPOINT}${1}" 2>/dev/null || true
+    }
 
     # Check if admin user already exists on admin tenant
     ADMIN_TENANT_USER_ID=$(admin_api_get "/api/users?search=$SAAS_ADMIN_USER" | jq -r ".[] | select(.username == \"$SAAS_ADMIN_USER\") | .id" 2>/dev/null)
@@ -449,6 +453,10 @@ if [ -n "$ADMIN_TENANT_USER_ID" ] && [ "$ADMIN_TENANT_USER_ID" != "null" ]; then
     admin_api_post "/api/organizations/t-default/users/$ADMIN_TENANT_USER_ID/roles" "{\"organizationRoleIds\": [\"$TENANT_ADMIN_ORG_ROLE_ID\"]}" >/dev/null 2>&1
     log "Added to t-default organization with admin role."
   fi
+  # Switch admin tenant sign-in mode from Register to SignIn (user already created)
+  admin_api_patch "/api/sign-in-exp" '{"signInMode": "SignIn"}' >/dev/null 2>&1
+  log "Set admin tenant sign-in mode to SignIn."
+
   log "SaaS admin granted Logto console access."
 else
   log "WARNING: Could not create admin console user"