diff --git a/obp-api/src/main/scala/code/bankconnectors/LocalMappedConnector.scala b/obp-api/src/main/scala/code/bankconnectors/LocalMappedConnector.scala
index 631bac4fd..5b105a37f 100644
--- a/obp-api/src/main/scala/code/bankconnectors/LocalMappedConnector.scala
+++ b/obp-api/src/main/scala/code/bankconnectors/LocalMappedConnector.scala
@@ -52,7 +52,7 @@ import code.metadata.transactionimages.TransactionImages
 import code.metadata.wheretags.WhereTags
 import code.metrics.MappedMetric
 import code.model._
-import code.model.dataAccess.AuthUser.findAuthUserByUsernameLocally
+import code.model.dataAccess.AuthUser.findAuthUserByUsernameLocallyLegacy
 import code.model.dataAccess._
 import code.productAttributeattribute.MappedProductAttribute
 import code.productattribute.ProductAttributeX
@@ -5793,7 +5793,7 @@ object LocalMappedConnector extends Connector with MdcLoggable {
   //NOTE: this method is not for mapped connector, we put it here for the star default implementation.
   //    : we call that method only when we set external authentication and provider is not OBP-API
   override def checkExternalUserExists(username: String, callContext: Option[CallContext]): Box[InboundExternalUser] = {
-    findAuthUserByUsernameLocally(username).map(user =>
+    findAuthUserByUsernameLocallyLegacy(username).map(user =>
       InboundExternalUser(aud = "",
         exp = "",
         iat = "",
diff --git a/obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala b/obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala
index c5e3a8947..c1db0029b 100644
--- a/obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala
+++ b/obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala
@@ -591,7 +591,7 @@ import net.liftweb.util.Helpers._
    * Overridden to use the hostname set in the props file
    */
   override def sendPasswordReset(name: String) {
-    findAuthUserByUsernameLocally(name).toList ::: findUsersByEmailLocally(name) map {
+    findAuthUserByUsernameLocallyLegacy(name).toList ::: findUsersByEmailLocally(name) map {
       // reason of case parameter name is "u" instead of "user": trait AuthUser have constant mumber name is "user"
       // So if the follow case paramter name is "user" will cause compile warnings
       case u if u.validated_? =>
@@ -840,7 +840,7 @@ import net.liftweb.util.Helpers._
 
 
   def getResourceUserId(username: String, password: String): Box[Long] = {
-    findAuthUserByUsernameLocally(username) match {
+    findAuthUserByUsernameLocallyLegacy(username) match {
       // We have a user from the local provider.
       case Full(user) if (user.getProvider() == Constant.localIdentityProvider) =>
         if (
@@ -918,7 +918,7 @@ import net.liftweb.util.Helpers._
     Connector.connector.vend.getUser(name, password) match {
       case Full(InboundUser(extEmail, extPassword, extUsername)) => {
         val extProvider = connector
-        val user = findAuthUserByUsernameLocally(name) match {
+        val user = findAuthUserByUsernameLocallyLegacy(name) match {
           // Check if the external user is already created locally
           case Full(user) if user.validated_?
             // && user.provider == extProvider
@@ -961,7 +961,7 @@ import net.liftweb.util.Helpers._
   def checkExternalUserViaConnector(username: String, password: String):Box[AuthUser] = {
     Connector.connector.vend.checkExternalUserCredentials(username, password, None) match {
       case Full(InboundExternalUser(aud, exp, iat, iss, sub, azp, email, emailVerified, name, userAuthContexts)) =>
-        val user = findAuthUserByUsernameLocally(sub) match { // Check if the external user is already created locally
+        val user = findAuthUserByUsernameAndProvider(sub, iss) match { // Check if the external user is already created locally
           case Full(user) if user.validated_? => // Return existing user if found
             logger.debug("external user already exists locally, using that one")
             userAuthContexts match {
@@ -1118,7 +1118,7 @@ def restoreSomeSessions(): Unit = {
             if(passwordEmptyField)
               S.error("login-form-password-error", Helper.i18n("please.enter.your.password"))
           case false =>
-            findAuthUserByUsernameLocally(usernameFromGui) match {
+            findAuthUserByUsernameLocallyLegacy(usernameFromGui) match {
               case Full(user) if !user.validated_? =>
                 S.error(S.?("account.validation.error"))
 
@@ -1575,7 +1575,8 @@ def restoreSomeSessions(): Unit = {
    * Only search at the local database.
    * Please note that provider is implicitly defined i.e. not provided via a parameter
    */
-  def findAuthUserByUsernameLocally(name: String): Box[TheUserType] = {
+  @deprecated("AuthUser unique key is username and provider, please use @findAuthUserByUsernameAndProvider instead.","06.06.2024")
+  def findAuthUserByUsernameLocallyLegacy(name: String): Box[TheUserType] = {
     // 1st try is provider with local_identity_provider or hostname value
     find(By(this.username, name), By(this.provider, Constant.localIdentityProvider))
       // 2nd try is provider with null value
@@ -1583,6 +1584,10 @@ def restoreSomeSessions(): Unit = {
       // 3rd try is provider with empty string value
       .or(find(By(this.username, name), By(this.provider, "")))
   }
+
+  def findAuthUserByUsernameAndProvider(name: String, provider: String): Box[TheUserType] = {
+    find(By(this.username, name), By(this.provider, provider))
+  }
   def findAuthUserByPrimaryKey(key: Long): Box[TheUserType] = {
     find(By(this.user, key))
   }