diff --git a/changelog/unreleased/fix-align-login-attr.md b/changelog/unreleased/fix-align-login-attr.md
new file mode 100644
index 00000000000..92f4a916846
--- /dev/null
+++ b/changelog/unreleased/fix-align-login-attr.md
@@ -0,0 +1,6 @@
+Bugfix: Logging in on the wrong account when an email address is not unique
+
+The default configuration to use the same logon attribute for all services. Also,
+if the configured logon attribute is not unique access to ocis is denied.
+
+https://github.com/owncloud/ocis/issues/4039
diff --git a/services/auth-basic/pkg/config/defaults/defaultconfig.go b/services/auth-basic/pkg/config/defaults/defaultconfig.go
index dd558ef0795..5fd7f35cbd8 100644
--- a/services/auth-basic/pkg/config/defaults/defaultconfig.go
+++ b/services/auth-basic/pkg/config/defaults/defaultconfig.go
@@ -43,7 +43,7 @@ func DefaultConfig() *config.Config {
 				GroupBaseDN:      "ou=groups,o=libregraph-idm",
 				UserScope:        "sub",
 				GroupScope:       "sub",
-				LoginAttributes:  []string{"uid", "mail"},
+				LoginAttributes:  []string{"uid"},
 				UserFilter:       "",
 				GroupFilter:      "",
 				UserObjectClass:  "inetOrgPerson",
diff --git a/services/proxy/pkg/config/defaults/defaultconfig.go b/services/proxy/pkg/config/defaults/defaultconfig.go
index 962f1853521..0fe587e3de3 100644
--- a/services/proxy/pkg/config/defaults/defaultconfig.go
+++ b/services/proxy/pkg/config/defaults/defaultconfig.go
@@ -50,8 +50,8 @@ func DefaultConfig() *config.Config {
 			Enabled:            true,
 		},
 		AccountBackend:        "cs3",
-		UserOIDCClaim:         "email",
-		UserCS3Claim:          "mail",
+		UserOIDCClaim:         "preferred_username",
+		UserCS3Claim:          "username",
 		AutoprovisionAccounts: false,
 		EnableBasicAuth:       false,
 		InsecureBackends:      false,