diff --git a/source/Server.OpenIDConnect.Common/Web/UserAuthenticatedAction.cs b/source/Server.OpenIDConnect.Common/Web/UserAuthenticatedAction.cs
index f2852de..6965f0a 100644
--- a/source/Server.OpenIDConnect.Common/Web/UserAuthenticatedAction.cs
+++ b/source/Server.OpenIDConnect.Common/Web/UserAuthenticatedAction.cs
@@ -198,6 +198,13 @@ IResultFromExtension<IUser> GetOrCreateUser(UserResource userResource, string[]
                 throw new Exception("There are multiple users with this identity. OpenID Connect identity providers do not support users with duplicate email addresses. Please remove any duplicate users, or make the email addresses unique.");
             var user = matchingUsers.SingleOrDefault();
 
+            if (user == null)
+            {
+                var emailAddress = identityToMatch.Claims[ClaimDescriptor.EmailClaimType].Value;
+                if (!string.IsNullOrWhiteSpace(emailAddress))
+                    user = userStore.GetByEmailAddress(emailAddress).FirstOrDefault();
+            }
+
             if (user != null)
             {
                 userStore.SetSecurityGroupIds(ProviderName, user.Id, groups, clock.GetUtcTime());