diff --git a/src/phoenix/db/facilitator.py b/src/phoenix/db/facilitator.py
index 954c3b4ba0..d01e4f1560 100644
--- a/src/phoenix/db/facilitator.py
+++ b/src/phoenix/db/facilitator.py
@@ -20,7 +20,6 @@
 )
 from phoenix.db import models
 from phoenix.db.enums import COLUMN_ENUMS, UserRole
-from phoenix.db.models import SYSTEM_USER_EMAIL
 from phoenix.server.types import DbSessionFactory
 
 
@@ -85,7 +84,7 @@ async def _ensure_user_roles(session: AsyncSession) -> None:
     ) is not None:
         system_user = models.User(
             user_role_id=system_role_id,
-            email=SYSTEM_USER_EMAIL,
+            email="system@localhost",
             reset_password=False,
         )
         session.add(system_user)
diff --git a/src/phoenix/db/models.py b/src/phoenix/db/models.py
index a887926c36..27cd868447 100644
--- a/src/phoenix/db/models.py
+++ b/src/phoenix/db/models.py
@@ -20,7 +20,6 @@
     func,
     insert,
     not_,
-    or_,
     select,
     text,
 )
@@ -40,8 +39,6 @@
 from phoenix.config import get_env_database_schema
 from phoenix.datetime_utils import normalize_datetime
 
-SYSTEM_USER_EMAIL = "system@localhost"
-
 
 class AuthMethod(Enum):
     LOCAL = "LOCAL"
@@ -670,24 +667,26 @@ class User(Base):
     api_keys: Mapped[List["ApiKey"]] = relationship("ApiKey", back_populates="user")
 
     @hybrid_property
-    def auth_method(self) -> str:
-        if (self.email == SYSTEM_USER_EMAIL) or self.password_hash is not None:
+    def auth_method(self) -> Optional[str]:
+        if self.password_hash is not None:
             return AuthMethod.LOCAL.value
-        else:
+        elif self.oauth2_client_id is not None:
             return AuthMethod.OAUTH2.value
+        return None
 
     @auth_method.inplace.expression
     @classmethod
-    def _auth_method_expression(cls) -> ColumnElement[str]:
+    def _auth_method_expression(cls) -> ColumnElement[Optional[str]]:
         return case(
             (
-                or_(
-                    cls.email == SYSTEM_USER_EMAIL,
-                    not_(cls.password_hash.is_(None)),
-                ),
+                not_(cls.password_hash.is_(None)),
                 AuthMethod.LOCAL.value,
             ),
-            else_=AuthMethod.OAUTH2.value,
+            (
+                not_(cls.oauth2_client_id.is_(None)),
+                AuthMethod.OAUTH2.value,
+            ),
+            else_=None,
         )
 
     __table_args__ = (
diff --git a/src/phoenix/server/api/types/User.py b/src/phoenix/server/api/types/User.py
index 3a87c03e37..c018d53223 100644
--- a/src/phoenix/server/api/types/User.py
+++ b/src/phoenix/server/api/types/User.py
@@ -46,6 +46,7 @@ def to_gql_user(user: models.User, api_keys: Optional[List[models.ApiKey]] = Non
     """
     Converts an ORM user to a GraphQL user.
     """
+    assert user.auth_method is not None
     return User(
         id_attr=user.id,
         password_needs_reset=user.reset_password,