diff --git a/app/controllers/authentications_controller.rb b/app/controllers/authentications_controller.rb
new file mode 100644
index 000000000..1c59a59d3
--- /dev/null
+++ b/app/controllers/authentications_controller.rb
@@ -0,0 +1,29 @@
+class AuthenticationsController < Devise::OmniauthCallbacksController
+  def google_oauth2
+    # we override the devise mapping because routing sets it to user
+    request.env["devise.mapping"] = Devise.mappings[session[:authenticating].to_sym]
+
+    @user = ConnectWithOauthProvider.connect(request.env["omniauth.auth"])
+
+    flash[:notice] = I18n.t "devise.omniauth_callbacks.success", kind: "Google"
+    sign_in_and_redirect @user, event: :authentication
+  rescue Champaign::NotWhitelisted
+    redirect_to new_user_session_path, flash: {error: t('oauth.not_authorised')}
+  end
+
+  def user_passthru
+    session[:authenticating] = 'user'
+    redirect_to "/auth/#{params[:provider]}"
+  end
+
+  def member_passthru
+    session[:authenticating] = 'member'
+    redirect_to "/auth/#{params[:provider]}"
+  end
+
+  def failure
+    # this is mostly a standin and needs some work
+    redirect_to new_user_session_path, flash: {error: error_message}
+    redirect_to after_omniauth_failure_path_for(resource_name)
+  end
+end
diff --git a/app/controllers/omniauth_callbacks_controller.rb b/app/controllers/omniauth_callbacks_controller.rb
deleted file mode 100644
index c06b54e1f..000000000
--- a/app/controllers/omniauth_callbacks_controller.rb
+++ /dev/null
@@ -1,16 +0,0 @@
-class OmniauthCallbacksController < Devise::OmniauthCallbacksController
-  def google_oauth2
-    begin
-      @user = ConnectWithOauthProvider.connect(request.env["omniauth.auth"])
-
-      flash[:notice] = I18n.t "devise.omniauth_callbacks.success", kind: "Google"
-      sign_in_and_redirect @user, event: :authentication
-    rescue Champaign::NotWhitelisted
-      redirect_to new_user_session_path, flash: {error: t('oauth.not_authorised')}
-    end
-
-    # TODO: Handle registration, when new user is authenticating.
-    # session["devise.google_data"] = request.env["omniauth.auth"]
-    # redirect_to new_user_registration_url
-  end
-end
diff --git a/app/views/devise/sessions/new.html.erb b/app/views/devise/sessions/new.html.erb
index 314d89e29..492e984e9 100644
--- a/app/views/devise/sessions/new.html.erb
+++ b/app/views/devise/sessions/new.html.erb
@@ -1,10 +1,8 @@
 <h1 class="centered-overlay__title">Log in</h1>
 
-<%- if devise_mapping.omniauthable? %>
-  <section class="col-xs-12">
-    <%= link_to "Sign in with your SumOfUs email", omniauth_authorize_path(resource_name, 'google_oauth2'), class: 'btn btn-primary btn-lg' %><br />
-  </section>
-<% end -%>
+<section class="col-xs-12">
+  <%= link_to "Sign in with your SumOfUs email", user_omniauth_authorize_path('google_oauth2'), class: 'btn btn-primary btn-lg' %><br />
+</section>
 
 <section class="col-xs-12">
   <h4>or log in with a password</h4>
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index fb486b81b..9f3f210b7 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -229,13 +229,6 @@
   # The default HTTP method used to sign out a resource. Default is :delete.
   config.sign_out_via = :delete
 
-  # ==> OmniAuth
-  # Add a new OmniAuth provider. Check the wiki for more information on setting
-  # up on your models and hooks.
-
-  require 'omniauth-google-oauth2'
-  config.omniauth :google_oauth2, Rails.application.secrets.omniauth_client_id, Rails.application.secrets.omniauth_client_secret, { access_type: "offline", approval_prompt: "" }
-
   # ==> Warden configuration
   # If you want to use other strategies, that are not supported by Devise, or
   # change the failure app, you can configure them inside the config.warden block.
diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb
new file mode 100644
index 000000000..de7d82456
--- /dev/null
+++ b/config/initializers/omniauth.rb
@@ -0,0 +1,9 @@
+# ==> OmniAuth
+# Devise does not support multiple models with :omniauthable, so we're following
+# their recommendations on https://github.com/plataformatec/devise/wiki/OmniAuth-with-multiple-models
+
+require 'omniauth-google-oauth2'
+
+Rails.application.config.middleware.use OmniAuth::Builder do
+  provider :google_oauth2, Rails.application.secrets.omniauth_client_id, Rails.application.secrets.omniauth_client_secret, { access_type: "offline", approval_prompt: "" }
+end
diff --git a/config/routes.rb b/config/routes.rb
index a91cd73b6..07467f1c4 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -4,7 +4,21 @@
 
   devise_for :members
   # We remove the sign_up path name so as not to allow users to sign in with username and password.
-  devise_for :users, :controllers => { :omniauth_callbacks => "omniauth_callbacks" }, path_names: { sign_up: ''}
+  devise_for :users, path_names: { sign_up: ''}
+
+  get "/auth/:provider", to: 'authentications#passthru', as: 'omniauth_authorize'
+
+  devise_scope :user do
+    get "/users/auth/:provider", to: 'authentications#user_passthru', as: 'user_omniauth_authorize'
+    # devise requires these be scoped to :user or :member in routes.rb, but we just override 
+    # the value of request.env["devise.mapping"] in the controller action
+    get "/auth/:action/callback", controller: "authentications", constraints: { action: /google_oauth2/ }
+    post "/auth/:action/callback", controller: "authentications", constraints: { action: /google_oauth2/ }
+  end
+
+  devise_scope :member do
+    get "/members/auth/:provider", to: 'authentications#member_passthru', as: 'member_omniauth_authorize'
+  end
 
   root 'pages#index'