diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/UserCacheSession.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/UserCacheSession.java
index 3f0dd1d7bb..f9180a5fe9 100755
--- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/UserCacheSession.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/UserCacheSession.java
@@ -338,15 +338,13 @@ public class UserCacheSession implements UserCache, OnCreateComponent, OnUpdateC
     protected UserModel cacheUser(RealmModel realm, UserModel delegate, Long revision) {
         int notBefore = getDelegate().getNotBeforeOfUser(realm, delegate);
 
-        if (Profile.isFeatureEnabled(Profile.Feature.ORGANIZATION)) {
-            if (isOrganizationDisabled(session, delegate)) {
-                return new ReadOnlyUserModelDelegate(delegate) {
-                    @Override
-                    public boolean isEnabled() {
-                        return false;
-                    }
-                };
-            }
+        if (isReadOnlyOrganizationMember(delegate)) {
+            return new ReadOnlyUserModelDelegate(delegate) {
+                @Override
+                public boolean isEnabled() {
+                    return false;
+                }
+            };
         }
 
         CachedUser cached;
@@ -978,10 +976,22 @@ public class UserCacheSession implements UserCache, OnCreateComponent, OnUpdateC
         return List.of();
     }
 
-    private boolean isOrganizationDisabled(KeycloakSession session, UserModel delegate) {
-        // check if provider is enabled and user is managed member of a disabled organization OR provider is disabled and user is managed member
+    private boolean isReadOnlyOrganizationMember(UserModel delegate) {
+        if (delegate == null) {
+            return false;
+        }
+
+        if (!Profile.isFeatureEnabled(Profile.Feature.ORGANIZATION)) {
+            return false;
+        }
+
         OrganizationProvider organizationProvider = session.getProvider(OrganizationProvider.class);
 
+        if (organizationProvider.count() == 0) {
+            return false;
+        }
+
+        // check if provider is enabled and user is managed member of a disabled organization OR provider is disabled and user is managed member
         return organizationProvider.getByMember(delegate)
                 .anyMatch((org) -> (organizationProvider.isEnabled() && org.isManaged(delegate) && !org.isEnabled()) ||
                         (!organizationProvider.isEnabled() && org.isManaged(delegate)));
diff --git a/model/storage-private/src/main/java/org/keycloak/storage/UserStorageManager.java b/model/storage-private/src/main/java/org/keycloak/storage/UserStorageManager.java
index 894b16a444..6cfacbbfa7 100755
--- a/model/storage-private/src/main/java/org/keycloak/storage/UserStorageManager.java
+++ b/model/storage-private/src/main/java/org/keycloak/storage/UserStorageManager.java
@@ -114,16 +114,13 @@ public class UserStorageManager extends AbstractStorageManager<UserStorageProvid
      */
     protected UserModel importValidation(RealmModel realm, UserModel user) {
 
-        if (Profile.isFeatureEnabled(Profile.Feature.ORGANIZATION) && user != null) {
-            // check if provider is enabled and user is managed member of a disabled organization OR provider is disabled and user is managed member
-            if (isOrganizationDisabled(session, user)) {
-                return new ReadOnlyUserModelDelegate(user) {
-                    @Override
-                    public boolean isEnabled() {
-                        return false;
-                    }
-                };
-            }
+        if (isReadOnlyOrganizationMember(user)) {
+            return new ReadOnlyUserModelDelegate(user) {
+                @Override
+                public boolean isEnabled() {
+                    return false;
+                }
+            };
         }
 
         if (user == null || user.getFederationLink() == null) return user;
@@ -932,10 +929,22 @@ public class UserStorageManager extends AbstractStorageManager<UserStorageProvid
         return Collections.emptyList();
     }
 
-    private boolean isOrganizationDisabled(KeycloakSession session, UserModel delegate) {
-        // check if provider is enabled and user is managed member of a disabled organization OR provider is disabled and user is managed member
+    private boolean isReadOnlyOrganizationMember(UserModel delegate) {
+        if (delegate == null) {
+            return false;
+        }
+
+        if (!Profile.isFeatureEnabled(Profile.Feature.ORGANIZATION)) {
+            return false;
+        }
+
         OrganizationProvider organizationProvider = session.getProvider(OrganizationProvider.class);
 
+        if (organizationProvider.count() == 0) {
+            return false;
+        }
+
+        // check if provider is enabled and user is managed member of a disabled organization OR provider is disabled and user is managed member
         return organizationProvider.getByMember(delegate)
                 .anyMatch((org) -> (organizationProvider.isEnabled() && org.isManaged(delegate) && !org.isEnabled()) ||
                         (!organizationProvider.isEnabled() && org.isManaged(delegate)));
diff --git a/services/src/main/java/org/keycloak/organization/utils/Organizations.java b/services/src/main/java/org/keycloak/organization/utils/Organizations.java
index 418e4690e3..cf41db90aa 100644
--- a/services/src/main/java/org/keycloak/organization/utils/Organizations.java
+++ b/services/src/main/java/org/keycloak/organization/utils/Organizations.java
@@ -191,6 +191,11 @@ public class Organizations {
         }
 
         OrganizationProvider provider = getProvider(session);
+
+        if (provider.count() == 0) {
+            return null;
+        }
+
         AuthenticationSessionModel authSession = session.getContext().getAuthenticationSession();
 
         if (authSession != null) {