diff --git a/humbug/urls.py b/humbug/urls.py
index 40566b3288..e2efa09395 100644
--- a/humbug/urls.py
+++ b/humbug/urls.py
@@ -24,6 +24,8 @@ urlpatterns = patterns('',
     url(r'^accounts/password/done/$', 'django.contrib.auth.views.password_reset_complete',
         {'template_name': 'zephyr/reset_done.html'}),
 
+    url(r'^accounts/customer30/',  'zephyr.views.accounts_customer30'),
+
 
     url(r'^activity$', 'zephyr.views.get_activity'),
 
diff --git a/templates/zephyr/accounts_customer30.html b/templates/zephyr/accounts_customer30.html
new file mode 100644
index 0000000000..0fb92a7089
--- /dev/null
+++ b/templates/zephyr/accounts_customer30.html
@@ -0,0 +1,81 @@
+{% extends "zephyr/portico_signup.html" %}
+
+{% comment %}
+Get ToS acceptance and handle account creation for CUSTOMER30 users
+
+Form is validated both client-side using jquery-validate (see signup.js) and server-side.
+{% endcomment %}
+
+{% block for_you %}for {% if company_name %} {{company_name}} {% else %} __________ {% endif %} {% endblock %}
+{% block portico_content %}
+
+<p>(Welcome! We think you'll like it here.)</p>
+
+<div class="pitch">
+    <hr/>
+    <p>You're almost there. We just need you to do one last thing.</p>
+    <h3>Confirm your registration</h3>
+</div>
+
+<form method="post" class="form-horizontal" id="registration" action="{% url zephyr.views.accounts_customer30 %}">
+{% csrf_token %}
+    <div class="control-group">
+        <label for="id_email" class="control-label">Username</label>
+        <div class="controls fakecontrol">
+            <input type='hidden' name='username' value='{{ username }}' />
+            <p>{{ username }}@{{ company_name }}<p>
+        </div>
+    </div>
+    <div class="control-group">
+        <label for="id_full_name" class="control-label">Your name</label>
+        <div class="controls">
+            <input type='hidden' name='realname' value='{{ realname }}' />
+            <p>{{ realname }}<p>
+        </div>
+    </div>
+    <div class="control-group">
+        <label for="id_password" class="control-label">Password</label>
+        <div class="controls">
+            Your password is set by your domain administrator.
+        </div>
+    </div>
+
+    <div class="control-group">
+        <div class="controls">
+            <label class="checkbox">
+                {% comment %}
+                This is somewhat subtle.
+                Checkboxes have a name and value, and when the checkbox is ticked, the form posts
+                with name=value. If the checkbox is unticked, the field just isn't present at all.
+                This is distinct from 'checked', which determines whether the checkbox appears
+                at all. (So, it's not symmetric to the code above.)
+                {% endcomment %}
+                <input id="id_terms" class="required" type="checkbox" name="terms"
+                       {% if terms.value %}checked="checked"{% endif %} />
+                I agree to the <a href="/terms">Terms of Service</a>.
+            </label>
+            {% if form.terms.errors %}
+                {% for error in form.terms.errors %}
+                    <div class="alert alert-error">{{ error }}</div>
+                {% endfor %}
+            {% endif %}
+        </div>
+    </div>
+    <br />
+    <div class="control-group">
+        <div class="controls">
+            <input type="submit" class="btn btn-primary" value="Confirm registration" /><br />
+            <input type="hidden" name="next" value="{{ next }}" />
+        </div>
+    </div>
+</form>
+
+<script type="text/javascript">
+if ($('#id_email:visible').length) {
+    autofocus('#id_email');
+} else {
+    autofocus('#id_full_name');
+}
+</script>
+
+{% endblock %}
diff --git a/zephyr/views.py b/zephyr/views.py
index e4ea39dfe0..80811e9486 100644
--- a/zephyr/views.py
+++ b/zephyr/views.py
@@ -2,7 +2,7 @@ from django.conf import settings
 from django.contrib.auth import authenticate, login
 from django.contrib.auth.decorators import login_required
 from django.core.urlresolvers import reverse
-from django.http import HttpResponse, HttpResponseRedirect
+from django.http import HttpResponse, HttpResponseRedirect, HttpResponseBadRequest
 from django.shortcuts import render_to_response, redirect
 from django.template import RequestContext, loader
 from django.utils.timezone import utc, now
@@ -23,7 +23,7 @@ from zephyr.lib.actions import do_add_subscription, do_remove_subscription, \
     create_stream_if_needed
 from zephyr.forms import RegistrationForm, HomepageForm, ToSForm, is_unique, \
     is_active, isnt_mit
-from django.views.decorators.csrf import csrf_exempt
+from django.views.decorators.csrf import csrf_exempt, requires_csrf_token
 
 from zephyr.decorator import require_post, \
     authenticated_api_view, authenticated_json_post_view, \
@@ -98,6 +98,55 @@ def principal_to_user_profile(agent, principal):
 
     return principal_user_profile
 
+# This view is both CSRF exempt and requires the token. This is because
+# depending on whether the user arrived here via a redirect from Thymes
+# or is submitting the form we either want to validate CSRF or not.
+#
+# See also:
+# <https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#view-needs-protection-for-one-path>
+@require_post
+@csrf_exempt
+@requires_csrf_token
+def accounts_customer30(request):
+    domain = 'customer30.invalid'
+
+    # support a username, realname via either GET or POST
+    try:
+        username = request.POST['username']
+        realname = request.POST['realname']
+    except KeyError:
+        return HttpResponseBadRequest('You must POST with username and realname parameters.')
+
+    if not username.isalnum():
+        return HttpResponseBadRequest("Your username was non-alphanumeric and is not allowed.")
+    email = username + '@' + domain
+    try:
+        is_unique(email)
+    except ValidationError:
+        return HttpResponseBadRequest("That username is already registered with Humbug.")
+
+    try:
+        request.POST['terms']
+    except KeyError:
+        return render_to_response('zephyr/accounts_customer30.html',
+                {'username': username,
+                 'realname': realname,
+                 'company_name': domain},
+                context_instance=RequestContext(request))
+
+    # We want CSRF protection if you're actually registering, not if you're just displaying the form
+    return accounts_customer30_register(request, username, realname, email, domain)
+
+def accounts_customer30_register(request, username, realname, email, domain):
+    user_profile = do_create_user(email,
+                                  "xxxxxxxxxxx",
+                                  Realm.objects.get_or_create(domain=domain)[0],
+                                  realname,
+                                  username)
+    add_default_subs(user_profile)
+    login(request, authenticate(username=email, password="xxxxxxxxxxx"))
+    return HttpResponseRedirect(reverse('zephyr.views.home'))
+
 @require_post
 def accounts_register(request):
     key = request.POST['key']
