diff --git a/Gemfile b/Gemfile
index 67bab91c9..01d6b323b 100644
--- a/Gemfile
+++ b/Gemfile
@@ -5,7 +5,7 @@ ruby '2.3.1'
 gem 'dotenv-rails', groups: [:development, :test]
 
 gem 'rails', '4.2.6'
-gem 'devise', '~> 3.5.0'
+gem 'devise', '4.1.0'
 gem 'pundit'
 gem 'puma'
 gem 'jquery-rails'
diff --git a/Gemfile.lock b/Gemfile.lock
index 32457883a..d8c93b4c6 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -88,12 +88,11 @@ GEM
       safe_yaml (~> 1.0.0)
     crass (1.0.2)
     debug_inspector (0.0.2)
-    devise (3.5.9)
+    devise (4.1.0)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
-      railties (>= 3.2.6, < 5)
+      railties (>= 4.1.0, < 5.1)
       responders
-      thread_safe (~> 0.1)
       warden (~> 1.2.3)
     diff-lcs (1.2.5)
     dotenv (2.1.1)
@@ -353,7 +352,7 @@ DEPENDENCIES
   capybara (>= 2.0.1)
   capybara-screenshot
   coffee-rails
-  devise (~> 3.5.0)
+  devise (= 4.1.0)
   dotenv-rails
   factory_girl_rails
   faker
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index dee92a183..acaa741c1 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -29,7 +29,7 @@ def after_sign_in_path_for(resource)
   protected
 
   def configure_permitted_parameters
-    devise_parameter_sanitizer.for(:sign_up) do |u|
+    devise_parameter_sanitizer.permit(:sign_up) do |u|
       u.permit(User::PERMITTED_ATTRIBUTES + [region_ids: []])
     end
   end
diff --git a/app/views/devise/registrations/_form.html.erb b/app/views/devise/registrations/_form.html.erb
index 94a73bc17..877fd33ed 100644
--- a/app/views/devise/registrations/_form.html.erb
+++ b/app/views/devise/registrations/_form.html.erb
@@ -96,7 +96,7 @@
               <i class='fa <%= provider[:icon] %>'></i>
               <%= provider[:name] %> (UID <%= existing_authentication.uid %>)
             <% else %>
-              <%= link_to user_omniauth_authorize_path(provider[:key]) do %>
+              <%= link_to omniauth_authorize_path(:user, provider[:key]) do %>
                 <i class='fa <%= provider[:icon] %>'></i>
                 Associate with <%= provider[:name] %>
               <% end %>
diff --git a/app/views/shared/_sign_in.html.erb b/app/views/shared/_sign_in.html.erb
index 66334ae84..76c2f66e4 100644
--- a/app/views/shared/_sign_in.html.erb
+++ b/app/views/shared/_sign_in.html.erb
@@ -19,7 +19,7 @@
     <ul class='external-auth'>
       <% OmniauthProviders.provider_data.each do |provider| %>
         <li>
-          <%= link_to user_omniauth_authorize_path(provider[:key], origin: session["user_return_to"]) do %>
+          <%= link_to omniauth_authorize_path(:user, provider[:key], origin: session["user_return_to"]) do %>
             <i class='fa <%= provider[:icon] %>'></i>
             <%= provider[:name] %>
           <% end %>
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index dbd444cca..7afba4272 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -117,7 +117,7 @@
   # initial account confirmation) to be applied. Requires additional unconfirmed_email
   # db field (see migrations). Until confirmed new email is stored in
   # unconfirmed email column, and copied to email column on successful confirmation.
-  # config.reconfirmable = true
+  config.reconfirmable = false
 
   # Defines which key will be used when confirming an account
   # config.confirmation_keys = [ :email ]
diff --git a/spec/features/omniauth_request_spec.rb b/spec/features/omniauth_request_spec.rb
index 91b97f5ab..b39e909e2 100644
--- a/spec/features/omniauth_request_spec.rb
+++ b/spec/features/omniauth_request_spec.rb
@@ -2,6 +2,10 @@
 require Rails.root.join('spec', 'services', 'omniauth_responses')
 
 describe "signing in with omniauth" do
+  # TODO: why is this needed, they load in the app just fine
+  include Devise::Controllers::UrlHelpers
+  include Devise::OmniAuth::UrlHelpers
+
   before do
     OmniAuth.config.test_mode = true
   end
@@ -14,7 +18,7 @@
     end
 
     it 'creates a user and authentication if the user does not exist' do
-      visit user_omniauth_authorize_path(:facebook)
+      visit omniauth_authorize_path(:user, :facebook)
 
       within '#sign-up' do
         click_on 'Sign up'
@@ -35,7 +39,7 @@
       user = create(:user)
       sign_in_as user
 
-      visit user_omniauth_authorize_path(:facebook)
+      visit omniauth_authorize_path(:user, :facebook)
 
       authentication = user.authentications.first
       expect(authentication.provider).to eq('facebook')
@@ -51,7 +55,7 @@
     end
 
     it 'creates a user and authentication if the user does not exist' do
-      visit user_omniauth_authorize_path(:google_oauth2)
+      visit omniauth_authorize_path(:user, :google_oauth2)
 
       within '#sign-up' do
         click_on 'Sign up'
@@ -72,7 +76,7 @@
       user = create(:user)
       sign_in_as user
 
-      visit user_omniauth_authorize_path(:google_oauth2)
+      visit omniauth_authorize_path(:user, :google_oauth2)
 
       authentication = user.authentications.first
       expect(authentication.provider).to eq('google_oauth2')
@@ -88,7 +92,7 @@
     end
 
     it 'creates a user and authentication after the user provides an email' do
-      visit user_omniauth_authorize_path(:twitter)
+      visit omniauth_authorize_path(:user, :twitter)
 
       within '#sign-up' do
         fill_in 'Email', with: 'cool_tweeter@example.com'
@@ -115,7 +119,7 @@
     end
 
     it 'creates a user and authentication after the user provides an email' do
-      visit user_omniauth_authorize_path(:meetup)
+      visit omniauth_authorize_path(:user, :meetup)
 
       within '#sign-up' do
         fill_in 'Email', with: 'meetup_user@example.com'
@@ -142,7 +146,7 @@
     end
 
     it 'creates a user and authentication after the user provides an email' do
-      visit user_omniauth_authorize_path(:github)
+      visit omniauth_authorize_path(:user, :github)
 
       within '#sign-up' do
         click_on 'Sign up'
@@ -173,7 +177,7 @@
       sign_in_as user
 
       expect {
-        visit user_omniauth_authorize_path(:facebook)
+        visit omniauth_authorize_path(:user, :facebook)
       }.not_to change(Authentication, :count)
 
       expect(page).to have_content 'already in use'
@@ -186,7 +190,7 @@
       auth_response[:info].delete(:name)
       OmniAuth.config.mock_auth[:github] = OmniAuth::AuthHash.new(auth_response)
 
-      visit user_omniauth_authorize_path(:github)
+      visit omniauth_authorize_path(:user, :github)
 
       expect(find_field('user[first_name]').value).to be_blank
       expect(find_field('user[last_name]').value).to be_blank
@@ -197,7 +201,7 @@
       auth_response[:info][:name] = ''
       OmniAuth.config.mock_auth[:github] = OmniAuth::AuthHash.new(auth_response)
 
-      visit user_omniauth_authorize_path(:github)
+      visit omniauth_authorize_path(:user, :github)
 
       expect(find_field('user[first_name]').value).to be_blank
       expect(find_field('user[last_name]').value).to be_blank
@@ -208,7 +212,7 @@
       auth_response[:info][:name] = 'Enigma'
       OmniAuth.config.mock_auth[:github] = OmniAuth::AuthHash.new(auth_response)
 
-      visit user_omniauth_authorize_path(:github)
+      visit omniauth_authorize_path(:user, :github)
 
       expect(find_field('user[first_name]').value).to eq('Enigma')
       expect(find_field('user[last_name]').value).to be_blank