diff --git a/app/controllers/admin/application_settings_controller.rb b/app/controllers/admin/application_settings_controller.rb
index cebc01a2afc24730c77490447f54aa0bc9c268f8..d7a052700ac916bb4f1503eb8dc7b6b2c30a7ae6 100644
--- a/app/controllers/admin/application_settings_controller.rb
+++ b/app/controllers/admin/application_settings_controller.rb
@@ -53,14 +53,13 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
       end
     end
 
-    disabled_oauth_sign_in_sources = params[:application_setting][:disabled_oauth_sign_in_sources]
-    if disabled_oauth_sign_in_sources.nil?
-      params[:application_setting][:disabled_oauth_sign_in_sources] = []
-    else
-      disabled_oauth_sign_in_sources.map! do |source|
-        source.to_str
-      end
-    end
+    enabled_oauth_sign_in_sources = params[:application_setting][:enabled_oauth_sign_in_sources]
+
+    params[:application_setting][:disabled_oauth_sign_in_sources] =
+      AuthHelper.button_based_providers.map(&:to_s) -
+      (enabled_oauth_sign_in_sources.nil? ? [] : enabled_oauth_sign_in_sources)
+
+    params[:application_setting].delete(:enabled_oauth_sign_in_sources)
 
     params.require(:application_setting).permit(
       :default_projects_limit,
@@ -105,6 +104,7 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
       :metrics_packet_size,
       restricted_visibility_levels: [],
       import_sources: [],
+      enabled_oauth_sign_in_sources: [],
       disabled_oauth_sign_in_sources: []
     )
   end
diff --git a/app/helpers/application_settings_helper.rb b/app/helpers/application_settings_helper.rb
index 17d738998782e4bd37e26aab15ea8c5332cd5d72..ced8e16de740c269a05ff40e8ee4deb10d058804 100644
--- a/app/helpers/application_settings_helper.rb
+++ b/app/helpers/application_settings_helper.rb
@@ -63,13 +63,13 @@ module ApplicationSettingsHelper
 
   def oauth_providers_checkboxes(help_block_id)
     button_based_providers.map do |source|
-      checked = current_application_settings.disabled_oauth_sign_in_sources.include?(source.to_s)
+      disabled = current_application_settings.disabled_oauth_sign_in_sources.include?(source.to_s)
       css_class = 'btn'
-      css_class += ' active' if checked
-      checkbox_name = 'application_setting[disabled_oauth_sign_in_sources][]'
+      css_class += ' active' unless disabled
+      checkbox_name = 'application_setting[enabled_oauth_sign_in_sources][]'
 
       label_tag(checkbox_name, class: css_class) do
-        check_box_tag(checkbox_name, source, checked,
+        check_box_tag(checkbox_name, source, !disabled,
                       autocomplete: 'off',
                       'aria-describedby' => help_block_id) + Gitlab::OAuth::Provider.label_for(source)
       end
diff --git a/app/views/admin/application_settings/_form.html.haml b/app/views/admin/application_settings/_form.html.haml
index 383f206079d3741ea59a813e36167ef6485d1dd7..ecd032acfd062cf5987d1d36de84932d04feaa67 100644
--- a/app/views/admin/application_settings/_form.html.haml
+++ b/app/views/admin/application_settings/_form.html.haml
@@ -111,7 +111,7 @@
             Sign-in enabled
     - if omniauth_enabled? && !button_based_providers.empty?
       .form-group
-        = f.label :disable_oauth_signin_sources, 'Disable OAuth Sign-In sources', class: 'control-label col-sm-2'
+        = f.label :enabled_oauth_sign_in_sources, 'Enabled OAuth Sign-In sources', class: 'control-label col-sm-2'
         .col-sm-10
           - data_attrs = { toggle: 'buttons' }
           .btn-group{ data: data_attrs }