diff --git a/cmd/soju/main.go b/cmd/soju/main.go
index a35711e..2a0e8c5 100644
--- a/cmd/soju/main.go
+++ b/cmd/soju/main.go
@@ -92,6 +92,7 @@ func loadConfig() (*config.Server, *soju.Config, error) {
 		MaxUserNetworks:           raw.MaxUserNetworks,
 		UpstreamUserIPs:           raw.UpstreamUserIPs,
 		DisableInactiveUsersDelay: raw.DisableInactiveUsersDelay,
+		EnableUsersOnAuth:         raw.EnableUsersOnAuth,
 		MOTD:                      motd,
 	}
 	return raw, cfg, nil
diff --git a/config/config.go b/config/config.go
index c273705..1a37cf4 100644
--- a/config/config.go
+++ b/config/config.go
@@ -74,6 +74,7 @@ type Server struct {
 	MaxUserNetworks           int
 	UpstreamUserIPs           []*net.IPNet
 	DisableInactiveUsersDelay time.Duration
+	EnableUsersOnAuth         bool
 }
 
 func Defaults() *Server {
@@ -207,6 +208,16 @@ func parse(cfg scfg.Block) (*Server, error) {
 				return nil, fmt.Errorf("directive %q: duration must be positive", d.Name)
 			}
 			srv.DisableInactiveUsersDelay = dur
+		case "enable-user-on-auth":
+			var s string
+			if err := d.ParseParams(&s); err != nil {
+				return nil, err
+			}
+			b, err := strconv.ParseBool(s)
+			if err != nil {
+				return nil, fmt.Errorf("directive %q: %v", d.Name, err)
+			}
+			srv.EnableUsersOnAuth = b
 		default:
 			return nil, fmt.Errorf("unknown directive %q", d.Name)
 		}
diff --git a/doc/soju.1.scd b/doc/soju.1.scd
index 1805836..4c9fd83 100644
--- a/doc/soju.1.scd
+++ b/doc/soju.1.scd
@@ -179,6 +179,12 @@ The following directives are supported:
 	For instance, "30d" disables users 30 days after they last disconnect from
 	the bouncer.
 
+*enable-user-on-auth* true|false
+	Enable users when they successfully authenticate.
+
+	This can be used together with _disable-inactive-user_ to seamlessly
+	disable and re-enable users during lengthy inactivity.
+
 # IRC SERVICE
 
 soju exposes an IRC service called *BouncerServ* to manage the bouncer.
diff --git a/server.go b/server.go
index c5c39c8..ee3b232 100644
--- a/server.go
+++ b/server.go
@@ -142,6 +142,7 @@ type Config struct {
 	MOTD                      string
 	UpstreamUserIPs           []*net.IPNet
 	DisableInactiveUsersDelay time.Duration
+	EnableUsersOnAuth         bool
 }
 
 type Server struct {
diff --git a/user.go b/user.go
index c58fa04..944bd2e 100644
--- a/user.go
+++ b/user.go
@@ -692,6 +692,14 @@ func (u *user) run() {
 				dc.monitored.SetCasemapping(dc.network.casemap)
 			}
 
+			if !u.Enabled && u.srv.Config().EnableUsersOnAuth {
+				record := u.User
+				record.Enabled = true
+				if err := u.updateUser(ctx, &record); err != nil {
+					dc.logger.Printf("failed to enable user after successful authentication: %v", err)
+				}
+			}
+
 			if !u.Enabled {
 				dc.SendMessage(&irc.Message{
 					Command: "ERROR",