diff --git a/internal/auth/repository/eventsourcing/handler/user.go b/internal/auth/repository/eventsourcing/handler/user.go
index 09dfe6f96a..46e60ff303 100644
--- a/internal/auth/repository/eventsourcing/handler/user.go
+++ b/internal/auth/repository/eventsourcing/handler/user.go
@@ -531,14 +531,18 @@ func (u *User) loginNameInformation(ctx context.Context, orgID string, instanceI
 	if err != nil {
 		return false, "", nil, err
 	}
+	primaryDomain, err = org.GetPrimaryDomain()
+	if err != nil {
+		return false, "", nil, err
+	}
 	if org.DomainPolicy != nil {
-		return org.DomainPolicy.UserLoginMustBeDomain, org.GetPrimaryDomain().Domain, org.Domains, nil
+		return org.DomainPolicy.UserLoginMustBeDomain, primaryDomain, org.Domains, nil
 	}
 	policy, err := u.queries.DefaultDomainPolicy(authz.WithInstanceID(ctx, org.InstanceID))
 	if err != nil {
 		return false, "", nil, err
 	}
-	return policy.UserLoginMustBeDomain, org.GetPrimaryDomain().Domain, org.Domains, nil
+	return policy.UserLoginMustBeDomain, primaryDomain, org.Domains, nil
 }
 
 func (u *User) userFromEventstore(agg *eventstore.Aggregate, eventTypes []eventstore.EventType) (*view_model.UserView, error) {
diff --git a/internal/auth/repository/eventsourcing/handler/user_session.go b/internal/auth/repository/eventsourcing/handler/user_session.go
index 5c8807cc2d..a9cefcccae 100644
--- a/internal/auth/repository/eventsourcing/handler/user_session.go
+++ b/internal/auth/repository/eventsourcing/handler/user_session.go
@@ -358,14 +358,18 @@ func (u *UserSession) loginNameInformation(ctx context.Context, orgID string, in
 	if err != nil {
 		return false, "", err
 	}
+	primaryDomain, err = org.GetPrimaryDomain()
+	if err != nil {
+		return false, "", err
+	}
 	if org.DomainPolicy != nil {
-		return org.DomainPolicy.UserLoginMustBeDomain, org.GetPrimaryDomain().Domain, nil
+		return org.DomainPolicy.UserLoginMustBeDomain, primaryDomain, nil
 	}
 	policy, err := u.queries.DefaultDomainPolicy(authz.WithInstanceID(ctx, org.InstanceID))
 	if err != nil {
 		return false, "", err
 	}
-	return policy.UserLoginMustBeDomain, org.GetPrimaryDomain().Domain, nil
+	return policy.UserLoginMustBeDomain, primaryDomain, nil
 }
 
 func (u *UserSession) getOrgByID(ctx context.Context, orgID, instanceID string) (*org_model.Org, error) {
diff --git a/internal/org/model/org.go b/internal/org/model/org.go
index 50ceda8c85..104931c66b 100644
--- a/internal/org/model/org.go
+++ b/internal/org/model/org.go
@@ -2,6 +2,7 @@ package model
 
 import (
 	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/errors"
 	es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models"
 	iam_model "github.com/zitadel/zitadel/internal/iam/model"
 )
@@ -36,13 +37,13 @@ func (o *Org) GetDomain(domain *OrgDomain) (int, *OrgDomain) {
 	return -1, nil
 }
 
-func (o *Org) GetPrimaryDomain() *OrgDomain {
+func (o *Org) GetPrimaryDomain() (string, error) {
 	for _, d := range o.Domains {
 		if d.Primary {
-			return d
+			return d.Domain, nil
 		}
 	}
-	return nil
+	return "", errors.ThrowInternalf(nil, "ORG-Dertg", "no primary domain found for org: %s (instanceID: %s)", o.AggregateID, o.InstanceID)
 }
 
 func (o *Org) AddIAMDomain(iamDomain string) {