diff --git a/docs/core/login.component.md b/docs/core/login.component.md
index 713a2d1cd7..b4f6159267 100644
--- a/docs/core/login.component.md
+++ b/docs/core/login.component.md
@@ -27,6 +27,8 @@ Authenticates to Alfresco Content Services and Alfresco Process Services.
     -   [Customizing validation rules](#customizing-validation-rules)
     -   [Call an external identity provider to fetch the auth token](#call-an-external-identity-provider-to-fetch-the-auth-token)
     -   [Controlling form submit execution behaviour](#controlling-form-submit-execution-behaviour)
+    -   [SSO login](#sso-login)
+    -   [Implicit Flow](#implicit-flow)
 
 -   [See Also](#see-also)
 
@@ -50,7 +52,7 @@ Authenticates to Alfresco Content Services and Alfresco Process Services.
 | fieldsValidation | `any` |  | Custom validation rules for the login form. |
 | logoImageUrl | `string` | "./assets/images/alfresco-logo.svg" | Path to a custom logo image. |
 | needHelpLink | `string` | "" | Sets the URL of the NEED HELP link in the footer. |
-| providers | `string` |  | Possible valid values are ECM, BPM or ALL. By default, this component will log in only to ECM. If you want to log in in both systems then use ALL. |
+| providers | `string` |  | **Deprecated:** 3.0.0 |
 | registerLink | `string` | "" | Sets the URL of the REGISTER link in the footer. |
 | showLoginActions | `boolean` | true | Should the extra actions (`Need Help`, `Register`, etc) be shown? |
 | showRememberMe | `boolean` | true | Should the `Remember me` checkbox be shown? When selected, this option will remember the logged-in user after the browser is closed to avoid logging in repeatedly. |
@@ -275,7 +277,7 @@ export class MyCustomLogin {
 
 ### Implicit Flow
 
-If the 'app.config.json' or you used the host-setting component to use the SSO Oauth the login component will show only a button to login:
+If the 'app.config.json' or you used the host-setting component to use the SSO Oauth the [login component](../core/login.component.md) will show only a button to login:
 
 ```JSON
     "authType" :"OAUTH",
@@ -289,8 +291,8 @@ If the 'app.config.json' or you used the host-setting component to use the SSO O
       "redirectUri": "/",
       "redirectUriLogout": "/logout"
     },
- ```
- 
+```
+
 ![Login component](../docassets/images/sso-login.png)
 
 Note if the silentLogin property in the oauth2 configuration is true will not be possible to show the login page. with silentLogin true the application is automatically redirect to the 
diff --git a/lib/core/login/components/login.component.ts b/lib/core/login/components/login.component.ts
index f4fb2ecb8a..44448b8833 100644
--- a/lib/core/login/components/login.component.ts
+++ b/lib/core/login/components/login.component.ts
@@ -25,6 +25,7 @@ import { AuthenticationService } from '../../services/authentication.service';
 import { LogService } from '../../services/log.service';
 import { TranslationService } from '../../services/translation.service';
 import { UserPreferencesService } from '../../services/user-preferences.service';
+import { SettingsService } from '../../services/settings.service';
 
 import { LoginErrorEvent } from '../models/login-error.event';
 import { LoginSubmitEvent } from '../models/login-submit.event';
@@ -86,9 +87,8 @@ export class LoginComponent implements OnInit {
     @Input()
     copyrightText: string = '\u00A9 2016 Alfresco Software, Inc. All Rights Reserved.';
 
-    /** Possible valid values are ECM, BPM or ALL.
-     * deprecated in 2.4.0 use the providers property in the the app.config.json
-     * @deprecated 2.4.0
+    /** @deprecated 3.0.0 Possible valid values are ECM, BPM or ALL.
+     * deprecated in 3.0.0 use the providers property in the the app.config.json
      */
     @Input()
     providers: string;
@@ -97,7 +97,7 @@ export class LoginComponent implements OnInit {
     @Input()
     fieldsValidation: any;
 
-    /** Prevents the CSRF Token from being submitted. Only valid for Alfresco Process Services. */
+    /** @depreated 3.0.0 Prevents the CSRF Token from being submitted. Only valid for Alfresco Process Services. */
     @Input()
     disableCsrf: boolean;
 
@@ -147,7 +147,8 @@ export class LoginComponent implements OnInit {
         private elementRef: ElementRef,
         private router: Router,
         private appConfig: AppConfigService,
-        private userPreferences: UserPreferencesService
+        private userPreferences: UserPreferencesService,
+        private settingsService: SettingsService
     ) {
         this.initFormError();
         this.initFormFieldsMessages();
@@ -176,9 +177,8 @@ export class LoginComponent implements OnInit {
      * @param event
      */
     onSubmit(values: any) {
-        if (this.disableCsrf !== null && this.disableCsrf !== undefined) {
-            this.appConfig.get<boolean>(AppConfigValues.DISABLECSRF);
-        }
+        this.settingsService.setProviders(this.providers);
+        this.settingsService.csrfDisabled = this.disableCsrf;
 
         this.disableError();
         const args = new LoginSubmitEvent({
diff --git a/lib/core/services/alfresco-api.service.ts b/lib/core/services/alfresco-api.service.ts
index 3a70780cb1..d05f83fb9e 100644
--- a/lib/core/services/alfresco-api.service.ts
+++ b/lib/core/services/alfresco-api.service.ts
@@ -104,7 +104,9 @@ export class AlfrescoApiService {
         return this.getInstance().core.groupsApi;
     }
 
-    constructor(protected appConfig: AppConfigService, protected storage: StorageService) {}
+    constructor(protected appConfig: AppConfigService,
+                protected storage: StorageService) {
+    }
 
     async load() {
         await this.appConfig.load().then(() => {
@@ -124,13 +126,13 @@ export class AlfrescoApiService {
         }
 
         const config = {
-            provider: this.appConfig.get<string>(AppConfigValues.PROVIDERS),
+            provider: this.getProvider(),
             hostEcm: this.appConfig.get<string>(AppConfigValues.ECMHOST),
             hostBpm: this.appConfig.get<string>(AppConfigValues.BPMHOST),
             authType: this.appConfig.get<string>(AppConfigValues.AUTHTYPE, 'BASIC'),
             contextRootBpm: this.appConfig.get<string>(AppConfigValues.CONTEXTROOTBPM),
             contextRoot: this.appConfig.get<string>(AppConfigValues.CONTEXTROOTECM),
-            disableCsrf: this.storage.getItem('DISABLE_CSRF') === 'true',
+            disableCsrf: this.getDisableCSRF(),
             oauth2: oauth
         };
 
@@ -140,4 +142,18 @@ export class AlfrescoApiService {
             this.alfrescoApi = <AlfrescoApi> new alfrescoApi(config);
         }
     }
+
+    // @deprecated 3.0.0 get only from app config
+    private getDisableCSRF(): boolean {
+        if (this.storage.getItem(AppConfigValues.DISABLECSRF) === 'true') {
+            return true;
+        } else {
+            return this.appConfig.get<boolean>(AppConfigValues.DISABLECSRF);
+        }
+    }
+
+    // @deprecated 3.0.0 get only from app config
+    private getProvider() {
+        return this.storage.getItem(AppConfigValues.PROVIDERS) || this.appConfig.get<string>(AppConfigValues.PROVIDERS);
+    }
 }
diff --git a/lib/core/services/authentication.service.spec.ts b/lib/core/services/authentication.service.spec.ts
index 477824df11..3f68d444df 100644
--- a/lib/core/services/authentication.service.spec.ts
+++ b/lib/core/services/authentication.service.spec.ts
@@ -128,6 +128,7 @@ describe('AuthenticationService', () => {
         it('should require remember me set for ECM check', () => {
             spyOn(cookie, 'isEnabled').and.returnValue(true);
             spyOn(authService, 'isRememberMeSet').and.returnValue(false);
+            spyOn(authService, 'isOauth').and.returnValue(false);
             spyOn(apiService, 'getInstance').and.callThrough();
 
             expect(authService.isEcmLoggedIn()).toBeFalsy();
@@ -137,6 +138,7 @@ describe('AuthenticationService', () => {
         it('should not require cookie service enabled for ECM check', () => {
             spyOn(cookie, 'isEnabled').and.returnValue(false);
             spyOn(authService, 'isRememberMeSet').and.returnValue(false);
+            spyOn(authService, 'isOauth').and.returnValue(false);
             spyOn(apiService, 'getInstance').and.callThrough();
 
             expect(authService.isEcmLoggedIn()).toBeFalsy();
@@ -230,6 +232,7 @@ describe('AuthenticationService', () => {
         it('should require remember me set for BPM check', () => {
             spyOn(cookie, 'isEnabled').and.returnValue(true);
             spyOn(authService, 'isRememberMeSet').and.returnValue(false);
+            spyOn(authService, 'isOauth').and.returnValue(false);
             spyOn(apiService, 'getInstance').and.callThrough();
 
             expect(authService.isBpmLoggedIn()).toBeFalsy();
diff --git a/lib/core/services/authentication.service.ts b/lib/core/services/authentication.service.ts
index 87435db2dc..1c46b918c3 100644
--- a/lib/core/services/authentication.service.ts
+++ b/lib/core/services/authentication.service.ts
@@ -164,7 +164,7 @@ export class AuthenticationService {
      * @returns True if logged in, false otherwise
      */
     isEcmLoggedIn(): boolean {
-        if (this.cookie.isEnabled() && !this.isRememberMeSet()) {
+        if (!this.isOauth() && this.cookie.isEnabled() && !this.isRememberMeSet()) {
             return false;
         }
         return this.alfrescoApi.getInstance().isEcmLoggedIn();
@@ -175,7 +175,7 @@ export class AuthenticationService {
      * @returns True if logged in, false otherwise
      */
     isBpmLoggedIn(): boolean {
-        if (this.cookie.isEnabled() && !this.isRememberMeSet()) {
+        if (!this.isOauth() && this.cookie.isEnabled() && !this.isRememberMeSet()) {
             return false;
         }
         return this.alfrescoApi.getInstance().isBpmLoggedIn();
diff --git a/lib/core/services/settings.service.ts b/lib/core/services/settings.service.ts
index 74d46e5499..aba40bd080 100644
--- a/lib/core/services/settings.service.ts
+++ b/lib/core/services/settings.service.ts
@@ -18,12 +18,14 @@
 import { Injectable } from '@angular/core';
 import { AppConfigService, AppConfigValues } from '../app-config/app-config.service';
 import { LogService } from './log.service';
+import { StorageService } from './storage.service';
 
 @Injectable()
 export class SettingsService {
 
     constructor(private appConfig: AppConfigService,
-                private logService: LogService) {
+                private logService: LogService,
+                private storage: StorageService) {
     }
 
     /** @deprecated in 1.6.0 */
@@ -35,6 +37,9 @@ export class SettingsService {
     /** @deprecated in 1.7.0 */
     public set csrfDisabled(csrfDisabled: boolean) {
         this.logService.log(`SettingsService.csrfDisabled is deprecated. Use UserPreferencesService.disableCSRF instead.`);
+        if (csrfDisabled !== null && csrfDisabled !== undefined) {
+            this.storage.setItem(AppConfigValues.DISABLECSRF, csrfDisabled.toString());
+        }
     }
 
     /** @deprecated in 1.6.0 */
@@ -62,11 +67,12 @@ export class SettingsService {
     /** @deprecated in 1.7.0 */
     public getProviders(): string {
         this.logService.log(`SettingsService.getProviders is deprecated. Use UserPreferencesService.authType instead.`);
-        return this.appConfig.get<string>(AppConfigValues.PROVIDERS);
+        return this.storage.getItem(AppConfigValues.PROVIDERS) || this.appConfig.get<string>(AppConfigValues.PROVIDERS);
     }
 
     /** @deprecated in 1.7.0 */
     public setProviders(providers: string) {
         this.logService.log(`SettingsService.aetProviders is deprecated. Use the app-config.json`);
+        this.storage.setItem(AppConfigValues.PROVIDERS, providers);
     }
 }