diff --git a/helmchart/single-sign-on/values.yaml b/helmchart/single-sign-on/values.yaml
index 0f2a35f8b23f347edeae3dd22c9c5e06487e4c51..38378ce7054572135be01cb529d77237262bf24d 100644
--- a/helmchart/single-sign-on/values.yaml
+++ b/helmchart/single-sign-on/values.yaml
@@ -67,6 +67,10 @@ kratos:
                     }
                   }
                 },
+                "username": {
+                  "type": "string",
+                  "title": "Preferred username"
+                },
                 "name": {
                   "type": "string",
                   "title": "Full name"
diff --git a/login/app.py b/login/app.py
index 7491b9b63b242f40e26c053d848a6973a0026426..74e8af4971d61dddb1d860d7a4942587ee54a42f 100644
--- a/login/app.py
+++ b/login/app.py
@@ -360,9 +360,9 @@ def login():
     """
 
     # Check if we are logged in:
-    profile = get_auth()
+    identity = get_auth()
 
-    if profile:
+    if identity:
         return render_template(
             'loggedin.html',
             api_url = app.config["KRATOS_PUBLIC_URL"],
@@ -409,7 +409,7 @@ def auth():
 
 
     # Check if we are logged in:
-    profile = get_auth()
+    identity = get_auth()
 
 
     # If the user is not logged in yet, we redirect to the login page
@@ -417,7 +417,7 @@ def auth():
     # so the UI knows it has to redirect after a successful login.
     # The redirect URL is back to this page (auth) with the same challenge
     # so we can pickup the flow where we left off.
-    if not profile:
+    if not identity:
         url = app.config["PUBLIC_URL"] + "/auth?login_challenge=" + challenge
         url = urllib.parse.quote_plus(url)
 
@@ -445,7 +445,7 @@ def auth():
     # Authorize the user
     # False positive: pylint: disable=no-member
     redirect_to = login_request.accept(
-                profile['email'],
+                identity.id,
                 remember=True,
                 # Remember session for 7d
                 remember_for=60*60*24*7)
@@ -479,12 +479,12 @@ def consent():
     # False positive: pylint: disable=no-member
     app_name = consent_request.client.client_name
     # False positive: pylint: disable=no-member
-    username = consent_request.subject
+    kratos_id = consent_request.subject
 
     # Get the related user object
-    user = KratosUser.find_by_email(KRATOS_ADMIN, username)
+    user = KratosUser(KRATOS_ADMIN, kratos_id)
     if not user:
-        app.logger.error(f"User not found in database: {username}")
+        app.logger.error(f"User not found in database: {kratos_id}")
         abort(401, description="User not found. Please try again.")
 
     # Get claims for this user, provided the current app
@@ -493,8 +493,8 @@ def consent():
     # pylint: disable=fixme
     # TODO: Need to implement checking claims here, once the backend for that is
     #       developed
-    app.logger.info(f"Providing consent to {app_name} for {username}")
-    app.logger.info(f"{username} was granted access to {app_name}")
+    app.logger.info(f"Providing consent to {app_name} for {kratos_id}")
+    app.logger.info(f"{kratos_id} was granted access to {app_name}")
 
     # False positive: pylint: disable=no-member
     return redirect(consent_request.accept(
@@ -514,7 +514,7 @@ def status():
     auth_status = get_auth()
 
     if auth_status:
-        return auth_status['email']
+        return auth_status.id
     return "not-auth"
 
 
@@ -540,8 +540,7 @@ def get_auth():
             cookie=cookie)
 
         # Get all traits from ID
-        profile = api_response.identity.traits
-        return profile
+        return api_response.identity
 
     except ory_kratos_client.ApiException as error:
         app.logger.error(f"Exception when calling V0alpha2Api->to_session(): {error}\n")
diff --git a/login/kratos.py b/login/kratos.py
index eb3ea239373f1498f665e9d5d38240a48b10a16f..adea7f27a74bb114b4945fdc14b29c56e591fc3d 100644
--- a/login/kratos.py
+++ b/login/kratos.py
@@ -33,6 +33,7 @@ class KratosUser():
     __uuid = None
     email = None
     name = None
+    username = None
     state = None
     created_at = None
     updated_at = None
@@ -49,6 +50,11 @@ class KratosUser():
                         self.name = obj.traits['name']
                     except KeyError:
                         self.name = ""
+
+                    try:
+                        self.username = obj.traits['username']
+                    except KeyError:
+                        self.username = ""
                     self.email = obj.traits['email']
                     self.state = obj.state
                     self.created_at = obj.created_at
@@ -326,9 +332,22 @@ class KratosUser():
             OpenID Connect token of type dict
         """
 
+        # Name should be set, however, we do not enforce this yet.
+        # if somebody does not set it's name, we use the email address
+        # as name
+        if self.name:
+            name = self.name
+        else:
+            name = self.email
+
+        if self.username:
+            username = self.username
+        else:
+            username = self.email
+
         token = {
-            "name": self.email,
-            "preferred_username": self.email,
+            "name": name,
+            "preferred_username": username,
             "email": self.email,
             "roles": '',
         }