diff --git a/internal/httpd/oidc_test.go b/internal/httpd/oidc_test.go
index ae28cd30..71df439f 100644
--- a/internal/httpd/oidc_test.go
+++ b/internal/httpd/oidc_test.go
@@ -484,7 +484,7 @@ func TestOIDCLoginLogout(t *testing.T) {
 	r.RequestURI = webClientProfilePath
 	r.Header.Set("Cookie", fmt.Sprintf("%v=%v", oidcCookieKey, tokenCookie))
 	server.router.ServeHTTP(rr, r)
-	assert.Equal(t, http.StatusForbidden, rr.Code)
+	assert.Equal(t, http.StatusOK, rr.Code)
 	// the user can access the allowed pages
 	rr = httptest.NewRecorder()
 	r, err = http.NewRequest(http.MethodGet, webClientFilesPath, nil)
diff --git a/internal/httpd/server.go b/internal/httpd/server.go
index f1345e23..3e6a941a 100644
--- a/internal/httpd/server.go
+++ b/internal/httpd/server.go
@@ -1454,10 +1454,9 @@ func (s *httpdServer) setupWebClientRoutes() {
 				Delete(webClientDirsPath, deleteUserDir)
 			router.With(s.checkSecondFactorRequirement, s.refreshCookie).
 				Get(webClientDownloadZipPath, s.handleWebClientDownloadZip)
-			router.With(s.checkSecondFactorRequirement, s.refreshCookie, s.requireBuiltinLogin).
-				Get(webClientProfilePath, s.handleClientGetProfile)
-			router.With(s.checkSecondFactorRequirement, s.requireBuiltinLogin).
-				Post(webClientProfilePath, s.handleWebClientProfilePost)
+			router.With(s.checkSecondFactorRequirement, s.refreshCookie).Get(webClientProfilePath,
+				s.handleClientGetProfile)
+			router.With(s.checkSecondFactorRequirement).Post(webClientProfilePath, s.handleWebClientProfilePost)
 			router.With(s.checkSecondFactorRequirement, s.checkHTTPUserPerm(sdk.WebClientPasswordChangeDisabled)).
 				Get(webChangeClientPwdPath, s.handleWebClientChangePwd)
 			router.With(s.checkSecondFactorRequirement, s.checkHTTPUserPerm(sdk.WebClientPasswordChangeDisabled)).
diff --git a/internal/httpd/webclient.go b/internal/httpd/webclient.go
index 8e90a00b..a4d8cbda 100644
--- a/internal/httpd/webclient.go
+++ b/internal/httpd/webclient.go
@@ -94,25 +94,24 @@ func isZeroTime(t time.Time) bool {
 }
 
 type baseClientPage struct {
-	Title            string
-	CurrentURL       string
-	FilesURL         string
-	SharesURL        string
-	ShareURL         string
-	ProfileURL       string
-	ChangePwdURL     string
-	StaticURL        string
-	LogoutURL        string
-	MFAURL           string
-	MFATitle         string
-	FilesTitle       string
-	SharesTitle      string
-	ProfileTitle     string
-	Version          string
-	CSRFToken        string
-	HasExternalLogin bool
-	LoggedUser       *dataprovider.User
-	Branding         UIBranding
+	Title        string
+	CurrentURL   string
+	FilesURL     string
+	SharesURL    string
+	ShareURL     string
+	ProfileURL   string
+	ChangePwdURL string
+	StaticURL    string
+	LogoutURL    string
+	MFAURL       string
+	MFATitle     string
+	FilesTitle   string
+	SharesTitle  string
+	ProfileTitle string
+	Version      string
+	CSRFToken    string
+	LoggedUser   *dataprovider.User
+	Branding     UIBranding
 }
 
 type dirMapping struct {
@@ -351,25 +350,24 @@ func (s *httpdServer) getBaseClientPageData(title, currentURL string, r *http.Re
 	v := version.Get()
 
 	return baseClientPage{
-		Title:            title,
-		CurrentURL:       currentURL,
-		FilesURL:         webClientFilesPath,
-		SharesURL:        webClientSharesPath,
-		ShareURL:         webClientSharePath,
-		ProfileURL:       webClientProfilePath,
-		ChangePwdURL:     webChangeClientPwdPath,
-		StaticURL:        webStaticFilesPath,
-		LogoutURL:        webClientLogoutPath,
-		MFAURL:           webClientMFAPath,
-		MFATitle:         pageClient2FATitle,
-		FilesTitle:       pageClientFilesTitle,
-		SharesTitle:      pageClientSharesTitle,
-		ProfileTitle:     pageClientProfileTitle,
-		Version:          fmt.Sprintf("%v-%v", v.Version, v.CommitHash),
-		CSRFToken:        csrfToken,
-		HasExternalLogin: isLoggedInWithOIDC(r),
-		LoggedUser:       getUserFromToken(r),
-		Branding:         s.binding.Branding.WebClient,
+		Title:        title,
+		CurrentURL:   currentURL,
+		FilesURL:     webClientFilesPath,
+		SharesURL:    webClientSharesPath,
+		ShareURL:     webClientSharePath,
+		ProfileURL:   webClientProfilePath,
+		ChangePwdURL: webChangeClientPwdPath,
+		StaticURL:    webStaticFilesPath,
+		LogoutURL:    webClientLogoutPath,
+		MFAURL:       webClientMFAPath,
+		MFATitle:     pageClient2FATitle,
+		FilesTitle:   pageClientFilesTitle,
+		SharesTitle:  pageClientSharesTitle,
+		ProfileTitle: pageClientProfileTitle,
+		Version:      fmt.Sprintf("%v-%v", v.Version, v.CommitHash),
+		CSRFToken:    csrfToken,
+		LoggedUser:   getUserFromToken(r),
+		Branding:     s.binding.Branding.WebClient,
 	}
 }
 
diff --git a/templates/webclient/base.html b/templates/webclient/base.html
index e4cc6301..79be2cb7 100644
--- a/templates/webclient/base.html
+++ b/templates/webclient/base.html
@@ -80,13 +80,11 @@ along with this program.  If not, see <https://www.gnu.org/licenses/>.
                     <span>{{.SharesTitle}}</span></a>
             </li>
             {{end}}
-            {{if not .HasExternalLogin}}
             <li class="nav-item {{if eq .CurrentURL .ProfileURL}}active{{end}}">
                 <a class="nav-link" href="{{.ProfileURL}}">
                     <i class="fas fa-user"></i>
                     <span>{{.ProfileTitle}}</span></a>
             </li>
-            {{end}}
             {{if .LoggedUser.CanManageMFA}}
             <li class="nav-item {{if eq .CurrentURL .MFAURL}}active{{end}}">
                 <a class="nav-link" href="{{.MFAURL}}">