diff --git a/api/admin.go b/api/admin.go
index fb85bcd13e..93f6f8db47 100644
--- a/api/admin.go
+++ b/api/admin.go
@@ -236,7 +236,8 @@ func (a *API) adminUserCreate(w http.ResponseWriter, r *http.Request) error {
 	if user.AppMetaData == nil {
 		user.AppMetaData = make(map[string]interface{})
 	}
-	user.AppMetaData["provider"] = []string{"email"}
+	user.AppMetaData["provider"] = "email"
+	user.AppMetaData["providers"] = []string{"email"}
 
 	err = a.db.Transaction(func(tx *storage.Connection) error {
 		if terr := models.NewAuditLogEntry(tx, instanceID, adminUser, models.UserSignedUpAction, map[string]interface{}{
diff --git a/api/admin_test.go b/api/admin_test.go
index 06e11b02d5..2480307db0 100644
--- a/api/admin_test.go
+++ b/api/admin_test.go
@@ -285,7 +285,8 @@ func (ts *AdminTestSuite) TestAdminUserCreate() {
 	require.NoError(ts.T(), json.NewDecoder(w.Body).Decode(&data))
 	assert.Equal(ts.T(), "test1@example.com", data.GetEmail())
 	assert.Equal(ts.T(), "123456789", data.GetPhone())
-	assert.Equal(ts.T(), []interface{}{"email"}, data.AppMetaData["provider"])
+	assert.Equal(ts.T(), "email", data.AppMetaData["provider"])
+	assert.Equal(ts.T(), []interface{}{"email"}, data.AppMetaData["providers"])
 }
 
 // TestAdminUserGet tests API /admin/user route (GET)
diff --git a/api/external.go b/api/external.go
index 28cfbd3f22..763056e231 100644
--- a/api/external.go
+++ b/api/external.go
@@ -171,7 +171,7 @@ func (a *API) internalExternalProviderCallback(w http.ResponseWriter, r *http.Re
 						if identity, terr = a.createNewIdentity(tx, user, providerType, identityData); terr != nil {
 							return terr
 						}
-						if terr = user.UpdateAppMetaDataProvider(tx); terr != nil {
+						if terr = user.UpdateAppMetaDataProviders(tx); terr != nil {
 							return terr
 						}
 					} else {
@@ -218,7 +218,7 @@ func (a *API) internalExternalProviderCallback(w http.ResponseWriter, r *http.Re
 				if terr = tx.UpdateOnly(identity, "identity_data", "last_sign_in_at"); terr != nil {
 					return terr
 				}
-				if terr = user.UpdateAppMetaDataProvider(tx); terr != nil {
+				if terr = user.UpdateAppMetaDataProviders(tx); terr != nil {
 					return terr
 				}
 			}
@@ -313,7 +313,12 @@ func (a *API) processInvite(ctx context.Context, tx *storage.Connection, userDat
 	if _, err := a.createNewIdentity(tx, user, providerType, identityData); err != nil {
 		return nil, err
 	}
-	if err = user.UpdateAppMetaDataProvider(tx); err != nil {
+	if err = user.UpdateAppMetaData(tx, map[string]interface{}{
+		"provider": providerType,
+	}); err != nil {
+		return nil, err
+	}
+	if err = user.UpdateAppMetaDataProviders(tx); err != nil {
 		return nil, err
 	}
 	if err := user.UpdateUserMetaData(tx, identityData); err != nil {
diff --git a/api/invite_test.go b/api/invite_test.go
index 712b487aad..6045caa75e 100644
--- a/api/invite_test.go
+++ b/api/invite_test.go
@@ -266,7 +266,8 @@ func (ts *InviteTestSuite) TestInviteExternalGitlab() {
 	ts.Require().NoError(err)
 	ts.Equal("Gitlab Test", user.UserMetaData["full_name"])
 	ts.Equal("http://example.com/avatar", user.UserMetaData["avatar_url"])
-	ts.Equal([]interface{}{"gitlab"}, user.AppMetaData["provider"])
+	ts.Equal("gitlab", user.AppMetaData["provider"])
+	ts.Equal([]interface{}{"gitlab"}, user.AppMetaData["providers"])
 }
 
 func (ts *InviteTestSuite) TestInviteExternalGitlab_MismatchedEmails() {
diff --git a/api/signup.go b/api/signup.go
index 77a88b6297..d3ff23edaa 100644
--- a/api/signup.go
+++ b/api/signup.go
@@ -221,8 +221,11 @@ func (a *API) signupNewUser(ctx context.Context, conn *storage.Connection, param
 	if user.AppMetaData == nil {
 		user.AppMetaData = make(map[string]interface{})
 	}
-	user.AppMetaData["provider"] = []string{params.Provider}
 
+	// TODO: Depcreate "provider" field
+	user.AppMetaData["provider"] = params.Provider
+
+	user.AppMetaData["providers"] = []string{params.Provider}
 	if params.Password == "" {
 		user.EncryptedPassword = ""
 	}
diff --git a/api/signup_test.go b/api/signup_test.go
index c0282c3d0e..3241a968b3 100644
--- a/api/signup_test.go
+++ b/api/signup_test.go
@@ -73,7 +73,8 @@ func (ts *SignupTestSuite) TestSignup() {
 	assert.Equal(ts.T(), "test@example.com", data.GetEmail())
 	assert.Equal(ts.T(), ts.Config.JWT.Aud, data.Aud)
 	assert.Equal(ts.T(), 1.0, data.UserMetaData["a"])
-	assert.Equal(ts.T(), []interface{}{"email"}, data.AppMetaData["provider"])
+	assert.Equal(ts.T(), "email", data.AppMetaData["provider"])
+	assert.Equal(ts.T(), []interface{}{"email"}, data.AppMetaData["providers"])
 }
 
 func (ts *SignupTestSuite) TestWebhookTriggered() {
@@ -119,8 +120,9 @@ func (ts *SignupTestSuite) TestWebhookTriggered() {
 
 		appmeta, ok := u["app_metadata"].(map[string]interface{})
 		require.True(ok)
-		assert.Len(appmeta, 1)
-		assert.EqualValues([]interface{}{"email"}, appmeta["provider"])
+		assert.Len(appmeta, 2)
+		assert.EqualValues("email", appmeta["provider"])
+		assert.EqualValues([]interface{}{"email"}, appmeta["providers"])
 
 		usermeta, ok := u["user_metadata"].(map[string]interface{})
 		require.True(ok)
diff --git a/models/user.go b/models/user.go
index 48adc2ffc4..73ed7f0285 100644
--- a/models/user.go
+++ b/models/user.go
@@ -214,14 +214,14 @@ func (u *User) UpdateAppMetaData(tx *storage.Connection, updates map[string]inte
 	return tx.UpdateOnly(u, "raw_app_meta_data")
 }
 
-// UpdateAppMetaDataProvider updates the provider field in AppMetaData column
-func (u *User) UpdateAppMetaDataProvider(tx *storage.Connection) error {
+// UpdateAppMetaDataProviders updates the provider field in AppMetaData column
+func (u *User) UpdateAppMetaDataProviders(tx *storage.Connection) error {
 	providers, terr := FindProvidersByUser(tx, u)
 	if terr != nil {
 		return terr
 	}
 	return u.UpdateAppMetaData(tx, map[string]interface{}{
-		"provider": providers,
+		"providers": providers,
 	})
 }