diff --git a/apps/login/src/app/api/loginname/route.ts b/apps/login/src/app/api/loginname/route.ts
index b03de844bc4..1ea440604c3 100644
--- a/apps/login/src/app/api/loginname/route.ts
+++ b/apps/login/src/app/api/loginname/route.ts
@@ -2,7 +2,7 @@ import { idpTypeToSlug } from "@/lib/idp";
 import {
   getActiveIdentityProviders,
   getLoginSettings,
-  getOrgsByDomainSuffix,
+  getOrgsByDomain,
   listAuthenticationMethodTypes,
   listUsers,
   startIdentityProviderFlow,
@@ -112,13 +112,14 @@ export async function POST(request: NextRequest) {
           if (
             !orgToRegisterOn &&
             loginName &&
-            ORG_SUFFIX_REGEX.test(loginName)
+            ORG_SUFFIX_REGEX.test(loginName) &&
+            loginSettings.allowDomainDiscovery
           ) {
             const matched = ORG_SUFFIX_REGEX.exec(loginName);
             const suffix = matched?.[1] ?? "";
 
             // this just returns orgs where the suffix is set as primary domain
-            const orgs = await getOrgsByDomainSuffix(suffix);
+            const orgs = await getOrgsByDomain(suffix);
             orgToRegisterOn =
               orgs.result && orgs.result.length === 1
                 ? orgs.result[0].id
diff --git a/apps/login/src/app/login/route.ts b/apps/login/src/app/login/route.ts
index 85eae70ee0c..628320056da 100644
--- a/apps/login/src/app/login/route.ts
+++ b/apps/login/src/app/login/route.ts
@@ -6,7 +6,7 @@ import {
   createCallback,
   getActiveIdentityProviders,
   getAuthRequest,
-  getOrgByDomain,
+  getOrgsByDomain,
   listSessions,
   startIdentityProviderFlow,
 } from "@/lib/zitadel";
@@ -147,8 +147,10 @@ export async function GET(request: NextRequest) {
           const matched = ORG_DOMAIN_SCOPE_REGEX.exec(orgDomainScope);
           const orgDomain = matched?.[1] ?? "";
           if (orgDomain) {
-            const org = await getOrgByDomain(orgDomain);
-            organization = org?.org?.id ?? "";
+            const orgs = await getOrgsByDomain(orgDomain);
+            if (orgs.result && orgs.result.length === 1) {
+              organization = orgs.result[0].id ?? "";
+            }
           }
         }
       }
diff --git a/apps/login/src/lib/zitadel.ts b/apps/login/src/lib/zitadel.ts
index d07b7e7e1ee..97ba6402fe7 100644
--- a/apps/login/src/lib/zitadel.ts
+++ b/apps/login/src/lib/zitadel.ts
@@ -293,7 +293,7 @@ export async function listUsers({
   );
 }
 
-export async function getOrgsByDomainSuffix(domain: string) {
+export async function getOrgsByDomain(domain: string) {
   return orgService.listOrganizations(
     {
       queries: [