diff --git a/lib/auth/managed_authenticator.rb b/lib/auth/managed_authenticator.rb
index 95746b6ead7..666c5a1cd8b 100644
--- a/lib/auth/managed_authenticator.rb
+++ b/lib/auth/managed_authenticator.rb
@@ -55,7 +55,7 @@ class Auth::ManagedAuthenticator < Auth::Authenticator
     end
 
     # Matching an account by email
-    if match_by_email && association.nil? && (user = User.find_by_email(email))
+    if match_by_email && association.nil? && result.user.nil? && (user = User.find_by_email(email))
       UserAssociatedAccount.where(user: user, provider_name: auth_token[:provider]).destroy_all # Destroy existing associations for the new user
       result.user = user
     end
diff --git a/spec/components/auth/managed_authenticator_spec.rb b/spec/components/auth/managed_authenticator_spec.rb
index 5153debeb93..e02a45d3b20 100644
--- a/spec/components/auth/managed_authenticator_spec.rb
+++ b/spec/components/auth/managed_authenticator_spec.rb
@@ -55,6 +55,14 @@ describe Auth::ManagedAuthenticator do
         expect(UserAssociatedAccount.exists?(user_id: user2.id)).to eq(true)
       end
 
+      it 'still works if another user has a matching email' do
+        Fabricate(:user, email: hash.dig(:info, :email))
+        result = authenticator.after_authenticate(hash, existing_account: user2)
+        expect(result.user.id).to eq(user2.id)
+        expect(UserAssociatedAccount.exists?(user_id: user1.id)).to eq(false)
+        expect(UserAssociatedAccount.exists?(user_id: user2.id)).to eq(true)
+      end
+
       it 'does not work when disabled' do
         authenticator = Class.new(described_class) do
           def name