diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb
index 820b4b5ee3d..8e8fe437c22 100644
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@@ -49,13 +49,18 @@ class AccountController < ApplicationController
 
     if user.logged?
       redirect_after_login(user)
-    elsif omniauth_direct_login?
+    elsif omniauth_direct_login? && !session[:internal_login]
       direct_login(user)
     elsif request.post?
       authenticate_user
     end
   end
 
+  def internal_login
+    session[:internal_login] = true
+    redirect_to action: :login
+  end
+
   # Log out current user and redirect to welcome page
   def logout
     # Keep attributes from the session
diff --git a/config/routes.rb b/config/routes.rb
index 81ddcaa63a6..5f2b06ff1e1 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -84,6 +84,7 @@ OpenProject::Application.routes.draw do
     get '/account/activate', action: 'activate'
 
     match '/login', action: 'login',  as: 'signin', via: %i[get post]
+    get '/login/internal', action: 'internal_login', as: 'internal_signin'
     get '/logout', action: 'logout', as: 'signout'
 
     get '/sso', action: 'auth_source_sso_failed', as: 'sso_failure'
diff --git a/spec/controllers/account_controller_spec.rb b/spec/controllers/account_controller_spec.rb
index 283433d4d1d..361eb8d426f 100644
--- a/spec/controllers/account_controller_spec.rb
+++ b/spec/controllers/account_controller_spec.rb
@@ -453,14 +453,37 @@ describe AccountController,
 
         expect(response).to redirect_to '/auth/some_provider'
       end
+
+      it 'allows to login internally using a special route' do
+        get :internal_login
+
+        expect(response).to redirect_to '/login'
+        expect(session[:internal_login]).to be true
+      end
+
+      it 'allows to login internally using a session flag' do
+        session[:internal_login] = true
+        get :login
+
+        expect(response).to render_template 'login'
+      end
     end
 
     describe 'POST' do
+      shared_let(:admin) { create(:admin) }
+
       it 'redirects to some_provider' do
         post :login, params: { username: 'foo', password: 'bar' }
 
         expect(response).to redirect_to '/auth/some_provider'
       end
+
+      it 'allows to login internally using a session flag' do
+        session[:internal_login] = true
+        post :login, params: { username: admin.login, password: 'adminADMIN!' }
+
+        expect(response).to redirect_to '/my/page'
+      end
     end
   end