diff --git a/management/server/grpcserver.go b/management/server/grpcserver.go
index 9d1bc1deb..3d170afa4 100644
--- a/management/server/grpcserver.go
+++ b/management/server/grpcserver.go
@@ -276,11 +276,16 @@ func (s *GRPCServer) validateToken(ctx context.Context, jwtToken string) (string
 	}
 
 	// we need to call this method because if user is new, we will automatically add it to existing or create a new account
-	_, _, err = s.accountManager.GetAccountIDFromUserAuth(ctx, userAuth)
+	accountId, _, err := s.accountManager.GetAccountIDFromUserAuth(ctx, userAuth)
 	if err != nil {
 		return "", status.Errorf(codes.Internal, "unable to fetch account with claims, err: %v", err)
 	}
 
+	if userAuth.AccountId != accountId {
+		log.WithContext(ctx).Debugf("gRPC server sets accountId from ensure, before %s, now %s", userAuth.AccountId, accountId)
+		userAuth.AccountId = accountId
+	}
+
 	userAuth, err = s.authManager.EnsureUserAccessByJWTGroups(ctx, userAuth, token)
 	if err != nil {
 		return "", status.Error(codes.PermissionDenied, err.Error())