diff --git a/src/api/core/two_factor/duo_oidc.rs b/src/api/core/two_factor/duo_oidc.rs
index a0ce709c..9b7e7f12 100644
--- a/src/api/core/two_factor/duo_oidc.rs
+++ b/src/api/core/two_factor/duo_oidc.rs
@@ -423,8 +423,6 @@ pub async fn validate_duo_login(
     device_identifier: &str,
     conn: &mut DbConn,
 ) -> EmptyResult {
-    let email = &email.to_lowercase();
-
     // Result supplied to us by clients in the form "<authz code>|<state>"
     let split: Vec<&str> = two_factor_token.split('|').collect();
     if split.len() != 2 {
diff --git a/src/api/identity.rs b/src/api/identity.rs
index b6621ce3..93ef80bc 100644
--- a/src/api/identity.rs
+++ b/src/api/identity.rs
@@ -524,12 +524,12 @@ async fn twofactor_auth(
             match CONFIG.duo_use_iframe() {
                 true => {
                     // Legacy iframe prompt flow
-                    duo::validate_duo_login(data.username.as_ref().unwrap().trim(), twofactor_code, conn).await?
+                    duo::validate_duo_login(&user.email, twofactor_code, conn).await?
                 }
                 false => {
                     // OIDC based flow
                     duo_oidc::validate_duo_login(
-                        data.username.as_ref().unwrap().trim(),
+                        &user.email,
                         twofactor_code,
                         data.client_id.as_ref().unwrap(),
                         data.device_identifier.as_ref().unwrap(),