diff --git a/backend/apps/web/routers/auths.py b/backend/apps/web/routers/auths.py
index bb5975f19..7a6fb2888 100644
--- a/backend/apps/web/routers/auths.py
+++ b/backend/apps/web/routers/auths.py
@@ -120,12 +120,14 @@ async def signin(request: Request, form_data: SigninForm):
         user = Auths.authenticate_user_by_trusted_header(trusted_email)
 
     if WEBUI_AUTH == False:
+
+        if Users.get_num_users() != 0:
+            raise HTTPException(400, detail=ERROR_MESSAGES.EXISTING_USERS)
+
         admin_email = "admin@localhost"
         admin_password = "admin"
 
-        if Users.get_num_users() == 0 and not Users.get_user_by_email(
-            admin_email.lower()
-        ):
+        if not Users.get_user_by_email(admin_email.lower()):
             await signup(
                 request,
                 SignupForm(email=admin_email, password=admin_password, name="User"),
diff --git a/backend/constants.py b/backend/constants.py
index 3fdf506fa..be4d135b2 100644
--- a/backend/constants.py
+++ b/backend/constants.py
@@ -42,6 +42,9 @@ class ERROR_MESSAGES(str, Enum):
         "The password provided is incorrect. Please check for typos and try again."
     )
     INVALID_TRUSTED_HEADER = "Your provider has not provided a trusted header. Please contact your administrator for assistance."
+
+    EXISTING_USERS = "You can't turn off authentication because there are existing users. If you want to disable WEBUI_AUTH, make sure your web interface doesn't have any existing users and is a fresh installation."
+
     UNAUTHORIZED = "401 Unauthorized"
     ACCESS_PROHIBITED = "You do not have permission to access this resource. Please contact your administrator for assistance."
     ACTION_PROHIBITED = (