diff --git a/.rubocop.yml b/.rubocop.yml
index 5b55c2a7ae1..bdb76b9d536 100644
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -183,6 +183,7 @@ Rails/DynamicFindBy:
     - find_by_plaintext_value
     - find_by_rss_key
     - find_by_unique
+    - find_by_unique!
     - find_by_api_key
 
 # Allow reorder to prevent find each cop triggering
diff --git a/app/contracts/users/base_contract.rb b/app/contracts/users/base_contract.rb
index 2b1580e5808..876de56e4a8 100644
--- a/app/contracts/users/base_contract.rb
+++ b/app/contracts/users/base_contract.rb
@@ -102,13 +102,11 @@ module Users
       errors.add(:identity_url, :error_readonly) if model.user_auth_provider_links.any?(&:changed?)
     end
 
-    # rubocop:disable Rails/DynamicFindBy
     def existing_auth_source
       if ldap_auth_source_id && LdapAuthSource.find_by_unique(ldap_auth_source_id).nil?
         errors.add :auth_source, :error_not_found
       end
     end
-    # rubocop:enable Rails/DynamicFindBy
 
     def can_create_or_manage_users?
       user.allowed_globally?(:manage_user) || user.allowed_globally?(:create_user)
diff --git a/app/controllers/my/sessions_controller.rb b/app/controllers/my/sessions_controller.rb
index b2ac09c4d35..9246776456d 100644
--- a/app/controllers/my/sessions_controller.rb
+++ b/app/controllers/my/sessions_controller.rb
@@ -52,7 +52,7 @@ module My
 
       token = cookies[OpenProject::Configuration["autologin_cookie_name"]]
       if token
-        @current_token = @autologin_tokens.find_by_plaintext_value(token) # rubocop:disable Rails/DynamicFindBy
+        @current_token = @autologin_tokens.find_by_plaintext_value(token)
       end
     end
 
diff --git a/app/services/mcp_resources/user.rb b/app/services/mcp_resources/user.rb
index b9f522f10ea..c7fc64b4e79 100644
--- a/app/services/mcp_resources/user.rb
+++ b/app/services/mcp_resources/user.rb
@@ -37,7 +37,7 @@ module McpResources
     default_description "Access users of this OpenProject instance."
 
     def read(id:)
-      user = ::User.visible(current_user).find_by_unique(id) # rubocop:disable Rails/DynamicFindBy
+      user = ::User.visible(current_user).find_by_unique(id)
       return nil if user.nil?
 
       API::V3::Users::UserRepresenter.create(user, current_user:)
diff --git a/lib/api/v3/users/user_representer.rb b/lib/api/v3/users/user_representer.rb
index 141b1fb9097..56497e0a4b0 100644
--- a/lib/api/v3/users/user_representer.rb
+++ b/lib/api/v3/users/user_representer.rb
@@ -191,7 +191,7 @@ module API
           ldap_auth_source_id = parse_auth_source_id(data, "authSource") || parse_auth_source_id(data, "auth_source")
 
           if ldap_auth_source_id
-            auth_source = LdapAuthSource.find_by_unique(ldap_auth_source_id) # rubocop:disable Rails/DynamicFindBy
+            auth_source = LdapAuthSource.find_by_unique(ldap_auth_source_id)
             id = auth_source ? auth_source.id : 0
 
             # set id to 0 (as opposed to nil) to produce an auth source not found
diff --git a/lib/api/v3/users/users_api.rb b/lib/api/v3/users/users_api.rb
index 0e64cc1876d..1088b3d945c 100644
--- a/lib/api/v3/users/users_api.rb
+++ b/lib/api/v3/users/users_api.rb
@@ -86,7 +86,7 @@ module API
                 if params[:id] == "me"
                   User.current
                 else
-                  User.visible.find_by_unique!(params[:id]) # rubocop:disable Rails/DynamicFindBy
+                  User.visible.find_by_unique!(params[:id])
                 end
             end
 
diff --git a/modules/calendar/app/services/calendar/resolve_ical_token_service.rb b/modules/calendar/app/services/calendar/resolve_ical_token_service.rb
index 5691a9086cf..e8a7b66727a 100644
--- a/modules/calendar/app/services/calendar/resolve_ical_token_service.rb
+++ b/modules/calendar/app/services/calendar/resolve_ical_token_service.rb
@@ -34,9 +34,7 @@ module Calendar
         raise ActiveRecord::RecordNotFound
       end
 
-      # rubocop:disable Rails/DynamicFindBy
       token = Token::ICal.find_by_plaintext_value(ical_token_string)
-      # rubocop:enable Rails/DynamicFindBy
 
       if token.present?
         ServiceResult.success(result: token)
diff --git a/spec/models/token/ical_token_spec.rb b/spec/models/token/ical_token_spec.rb
index 5af4fa17c67..2412766821f 100644
--- a/spec/models/token/ical_token_spec.rb
+++ b/spec/models/token/ical_token_spec.rb
@@ -152,9 +152,7 @@ RSpec.describe Token::ICal do
 
         ical_token1 = described_class.where(user_id: user.id).last
 
-        # rubocop:disable Rails/DynamicFindBy
         expect(described_class.find_by_plaintext_value(ical_token1_value)).to eq ical_token1
-        # rubocop:enable Rails/DynamicFindBy
 
         expect(ical_token1.query).to eq query
         expect(ical_token1.ical_token_query_assignment.name).to eq name
@@ -185,9 +183,7 @@ RSpec.describe Token::ICal do
 
         ical_token1 = described_class.where(user_id: user.id).last
 
-        # rubocop:disable Rails/DynamicFindBy
         expect(described_class.find_by_plaintext_value(ical_token1_value)).to eq ical_token1
-        # rubocop:enable Rails/DynamicFindBy
       end
     end
 
@@ -277,10 +273,8 @@ RSpec.describe Token::ICal do
       end
 
       it "finds using the plaintext value" do
-        # rubocop:disable Rails/DynamicFindBy
         expect(described_class.find_by_plaintext_value(subject.plain_value)).to eq subject
         expect(described_class.find_by_plaintext_value("foobar")).to be_nil
-        # rubocop:enable Rails/DynamicFindBy
       end
     end
   end