diff --git a/pkg/middleware/account_uuid.go b/pkg/middleware/account_uuid.go
index 6639ad722..74d453e6b 100644
--- a/pkg/middleware/account_uuid.go
+++ b/pkg/middleware/account_uuid.go
@@ -112,7 +112,8 @@ func AccountUUID(opts ...Option) func(next http.Handler) http.Handler {
 			if claims.Email != "" {
 				account, status = getAccount(l, opt.AccountsClient, fmt.Sprintf("mail eq '%s'", strings.ReplaceAll(claims.Email, "'", "''")))
 			} else if claims.PreferredUsername != "" {
-				account, status = getAccount(l, opt.AccountsClient, fmt.Sprintf("preferred_name eq '%s'", strings.ReplaceAll(claims.PreferredUsername, "'", "''")))
+				usernameOrID := strings.ReplaceAll(claims.PreferredUsername, "'", "''")
+				account, status = getAccount(l, opt.AccountsClient, fmt.Sprintf("preferred_name eq '%s' or id eq '%s'", usernameOrID, usernameOrID))
 			} else {
 				// TODO allow lookup by custom claim, eg an id ... or sub
 				l.Error().Err(err).Msgf("Could not lookup account, no mail or preferred_username claim set")