diff --git a/src/Core/Identity/CustomIdentityServiceCollectionExtensions.cs b/src/Core/Identity/CustomIdentityServiceCollectionExtensions.cs
index f45c4ccee7..c703e96ac1 100644
--- a/src/Core/Identity/CustomIdentityServiceCollectionExtensions.cs
+++ b/src/Core/Identity/CustomIdentityServiceCollectionExtensions.cs
@@ -1,4 +1,5 @@
 using System;
+using Bit.Core.Identity;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.Extensions.DependencyInjection.Extensions;
@@ -28,7 +29,7 @@ namespace Microsoft.Extensions.DependencyInjection
             services.TryAddScoped<IUserValidator<TUser>, UserValidator<TUser>>();
             services.TryAddScoped<IPasswordValidator<TUser>, PasswordValidator<TUser>>();
             services.TryAddScoped<IPasswordHasher<TUser>, PasswordHasher<TUser>>();
-            services.TryAddScoped<ILookupNormalizer, UpperInvariantLookupNormalizer>();
+            services.TryAddScoped<ILookupNormalizer, LowerInvariantLookupNormalizer>();
             services.TryAddScoped<IRoleValidator<TRole>, RoleValidator<TRole>>();
             // No interface for the error describer so we can add errors without rev'ing the interface
             services.TryAddScoped<IdentityErrorDescriber>();
diff --git a/src/Core/Utilities/ServiceCollectionExtensions.cs b/src/Core/Utilities/ServiceCollectionExtensions.cs
index f8a755468e..86079b401b 100644
--- a/src/Core/Utilities/ServiceCollectionExtensions.cs
+++ b/src/Core/Utilities/ServiceCollectionExtensions.cs
@@ -153,14 +153,13 @@ namespace Bit.Core.Utilities
         public static IdentityBuilder AddCustomIdentityServices(
             this IServiceCollection services, GlobalSettings globalSettings)
         {
-            services.TryAddTransient<ILookupNormalizer, LowerInvariantLookupNormalizer>();
             services.AddSingleton<IOrganizationDuoWebTokenProvider, OrganizationDuoWebTokenProvider>();
             services.Configure<PasswordHasherOptions>(options => options.IterationCount = 100000);
             services.Configure<TwoFactorRememberTokenProviderOptions>(options =>
             {
                 options.TokenLifespan = TimeSpan.FromDays(30);
             });
-            
+
             var identityBuilder = services.AddIdentityWithoutCookieAuth<User, Role>(options =>
             {
                 options.User = new UserOptions
@@ -199,7 +198,7 @@ namespace Bit.Core.Utilities
             return identityBuilder;
         }
 
-        public static IdentityBuilder AddPasswordlessIdentityServices<TUserStore>(
+        public static Tuple<IdentityBuilder, IdentityBuilder> AddPasswordlessIdentityServices<TUserStore>(
             this IServiceCollection services, GlobalSettings globalSettings) where TUserStore : class
         {
             services.TryAddTransient<ILookupNormalizer, LowerInvariantLookupNormalizer>();
@@ -208,11 +207,14 @@ namespace Bit.Core.Utilities
                 options.TokenLifespan = TimeSpan.FromMinutes(15);
             });
 
-            var identityBuilder = services.AddIdentity<IdentityUser, Role>()
+            var passwordlessIdentityBuilder = services.AddIdentity<IdentityUser, Role>()
                 .AddUserStore<TUserStore>()
                 .AddRoleStore<RoleStore>()
                 .AddDefaultTokenProviders();
 
+            var regularIdentityBuilder = services.AddIdentityCore<User>()
+                .AddUserStore<UserStore>();
+
             services.TryAddScoped<PasswordlessSignInManager<IdentityUser>, PasswordlessSignInManager<IdentityUser>>();
 
             services.ConfigureApplicationCookie(options =>
@@ -227,7 +229,7 @@ namespace Bit.Core.Utilities
                 options.SlidingExpiration = true;
             });
 
-            return identityBuilder;
+            return new Tuple<IdentityBuilder, IdentityBuilder>(passwordlessIdentityBuilder, regularIdentityBuilder);
         }
 
         public static void AddIdentityAuthenticationServices(