diff --git a/services/api/src/apolloServer.js b/services/api/src/apolloServer.js
index 95c4e7f5bd..625ad84ddb 100644
--- a/services/api/src/apolloServer.js
+++ b/services/api/src/apolloServer.js
@@ -199,6 +199,7 @@ const apolloServer = new ApolloServer({
         currentUser = await User.User(modelClients).loadUserById(keycloakGrant.access_token.content.sub);
         // grab the users project ids and roles in the first request
         groupRoleProjectIds = await User.User(modelClients).getAllProjectsIdsForUser(currentUser.id, keycloakUsersGroups);
+        await User.User(modelClients).userLastAccessed(currentUser);
       }
 
       // do a permission check to see if the user is platform admin/owner, or has permission for `viewAll` on certain resources
diff --git a/services/api/src/models/user.ts b/services/api/src/models/user.ts
index ced0486678..a26338bf9b 100644
--- a/services/api/src/models/user.ts
+++ b/services/api/src/models/user.ts
@@ -184,7 +184,7 @@ export const User = (clients: {
     for (const user of users) {
       // set the lastaccessed attribute
       let date = null;
-      if (user['attributes']['last_accessed']) {
+      if (user['attributes'] && user['attributes']['last_accessed']) {
         date = new Date(user['attributes']['last_accessed']*1000).toISOString()
       }
       usersWithGitlabIdFetch.push({
diff --git a/services/api/src/util/auth.ts b/services/api/src/util/auth.ts
index 064c162314..428b84bb0e 100644
--- a/services/api/src/util/auth.ts
+++ b/services/api/src/util/auth.ts
@@ -187,8 +187,6 @@ export const keycloakHasPermission = (grant, requestCache, modelClients, service
       currentUser: [currentUser.id]
     };
 
-    await UserModel.userLastAccessed(currentUser);
-
     const usersAttribute = R.prop('users', attributes);
     if (usersAttribute && usersAttribute.length) {
       claims = {