diff --git a/app/server/lib/Authorizer.ts b/app/server/lib/Authorizer.ts
index c1d5336145..5dc44615a9 100644
--- a/app/server/lib/Authorizer.ts
+++ b/app/server/lib/Authorizer.ts
@@ -348,11 +348,14 @@ export async function addRequestUser(
       // A user record will be created automatically for emails we've never seen before.
       if (profile && !mreq.userId) {
         const userOptions: UserOptions = {};
-        if (profile?.loginMethod === 'Email + Password') {
+        if (profile.loginMethod === 'Email + Password') {
           // Link the session authSubject, if present, to the user. This has no effect
           // if the user already has an authSubject set in the db.
           userOptions.authSubject = sessionUser.authSubject;
         }
+        if (profile.connectId) {
+          await dbManager.ensureExternalUser(profile);
+        }
         const user = await dbManager.getUserByLoginWithRetry(profile.email, {profile, userOptions});
         if (user) {
           mreq.user = user;
diff --git a/app/server/lib/OIDCConfig.ts b/app/server/lib/OIDCConfig.ts
index 58d0144381..953088b03a 100644
--- a/app/server/lib/OIDCConfig.ts
+++ b/app/server/lib/OIDCConfig.ts
@@ -217,7 +217,9 @@ export class OIDCConfig {
   private _makeUserProfileFromUserInfo(userInfo: UserinfoResponse): Partial<UserProfile> {
     return {
       email: String(userInfo[ this._emailPropertyKey ]),
-      name: this._extractName(userInfo)
+      name: this._extractName(userInfo),
+      connectId: userInfo.sub,
+      loginMethod: 'External',
     };
   }