diff --git a/src/common/utils/oidc/helper.go b/src/common/utils/oidc/helper.go
index 9e2afbe62..fdf7f662b 100644
--- a/src/common/utils/oidc/helper.go
+++ b/src/common/utils/oidc/helper.go
@@ -264,10 +264,6 @@ func UserInfoFromToken(ctx context.Context, token *Token) (*UserInfo, error) {
 	if err != nil {
 		log.Warningf("Failed to get userInfo by calling remote userinfo endpoint, error: %v ", err)
 	}
-
-	if setting.UserClaim != "" && local.Username == "" && remote.Username == "" {
-		return nil, fmt.Errorf("OIDC. Failed to recover Username from claim. Claim '%s' is invalid or not a string", setting.UserClaim)
-	}
 	if remote != nil && local != nil {
 		if remote.Subject != local.Subject {
 			return nil, fmt.Errorf("the subject from userinfo: %s does not match the subject from ID token: %s, probably a security attack happened", remote.Subject, local.Subject)
diff --git a/src/core/controllers/oidc.go b/src/core/controllers/oidc.go
index 184d6c55a..d3b84a070 100644
--- a/src/core/controllers/oidc.go
+++ b/src/core/controllers/oidc.go
@@ -137,6 +137,11 @@ func (oc *OIDCController) Callback() {
 		// If automatic onboard is enabled, skip the onboard page
 		if oidcSettings.AutoOnboard {
 			log.Debug("Doing automatic onboarding\n")
+			if username == "" {
+				oc.SendInternalServerError(fmt.Errorf("unable to recover username for auto onboard, username claim: %s",
+					oidcSettings.UserClaim))
+				return
+			}
 			user, onboarded := userOnboard(oc, info, username, tokenBytes)
 			if onboarded == false {
 				log.Error("User not onboarded\n")