diff --git a/backend/open_webui/routers/auths.py b/backend/open_webui/routers/auths.py
index 0bf1d65d0c..3d83dcaea6 100644
--- a/backend/open_webui/routers/auths.py
+++ b/backend/open_webui/routers/auths.py
@@ -65,6 +65,7 @@ from open_webui.utils.auth import (
 )
 from open_webui.utils.webhook import post_webhook
 from open_webui.utils.access_control import get_permissions, has_permission
+from open_webui.utils.groups import apply_default_group_assignment
 
 from open_webui.utils.redis import get_redis_client
 from open_webui.utils.rate_limit import RateLimiter
@@ -417,6 +418,11 @@ async def ldap_auth(request: Request, response: Response, form_data: LdapForm):
                             500, detail=ERROR_MESSAGES.CREATE_USER_ERROR
                         )
 
+                    apply_default_group_assignment(
+                        request.app.state.config.DEFAULT_GROUP_ID,
+                        user.id,
+                    )
+
                 except HTTPException:
                     raise
                 except Exception as err:
@@ -465,7 +471,6 @@ async def ldap_auth(request: Request, response: Response, form_data: LdapForm):
                 ):
                     if ENABLE_LDAP_GROUP_CREATION:
                         Groups.create_groups_by_group_names(user.id, user_groups)
-
                     try:
                         Groups.sync_groups_by_group_names(user.id, user_groups)
                         log.info(
@@ -722,9 +727,10 @@ async def signup(request: Request, response: Response, form_data: SignupForm):
                 # Disable signup after the first user is created
                 request.app.state.config.ENABLE_SIGNUP = False
 
-            default_group_id = getattr(request.app.state.config, "DEFAULT_GROUP_ID", "")
-            if default_group_id and default_group_id:
-                Groups.add_users_to_group(default_group_id, [user.id])
+            apply_default_group_assignment(
+                request.app.state.config.DEFAULT_GROUP_ID,
+                user.id,
+            )
 
             return {
                 "token": token,
@@ -829,7 +835,9 @@ async def signout(request: Request, response: Response):
 
 
 @router.post("/add", response_model=SigninResponse)
-async def add_user(form_data: AddUserForm, user=Depends(get_admin_user)):
+async def add_user(
+    request: Request, form_data: AddUserForm, user=Depends(get_admin_user)
+):
     if not validate_email_format(form_data.email.lower()):
         raise HTTPException(
             status.HTTP_400_BAD_REQUEST, detail=ERROR_MESSAGES.INVALID_EMAIL_FORMAT
@@ -854,6 +862,11 @@ async def add_user(form_data: AddUserForm, user=Depends(get_admin_user)):
         )
 
         if user:
+            apply_default_group_assignment(
+                request.app.state.config.DEFAULT_GROUP_ID,
+                user.id,
+            )
+
             token = create_token(data={"id": user.id})
             return {
                 "token": token,
diff --git a/backend/open_webui/utils/groups.py b/backend/open_webui/utils/groups.py
new file mode 100644
index 0000000000..6198aec2e7
--- /dev/null
+++ b/backend/open_webui/utils/groups.py
@@ -0,0 +1,24 @@
+import logging
+from open_webui.models.groups import Groups
+
+log = logging.getLogger(__name__)
+
+
+def apply_default_group_assignment(
+    default_group_id: str,
+    user_id: str,
+) -> None:
+    """
+    Apply default group assignment to a user if default_group_id is provided.
+    
+    Args:
+        default_group_id: ID of the default group to add the user to
+        user_id: ID of the user to add to the default group
+    """
+    if default_group_id:
+        try:
+            Groups.add_users_to_group(default_group_id, [user_id])
+        except Exception as e:
+            log.error(
+                f"Failed to add user {user_id} to default group {default_group_id}: {e}"
+            )
diff --git a/backend/open_webui/utils/oauth.py b/backend/open_webui/utils/oauth.py
index 9cd329a861..61c98ca744 100644
--- a/backend/open_webui/utils/oauth.py
+++ b/backend/open_webui/utils/oauth.py
@@ -72,6 +72,7 @@ from open_webui.env import (
 from open_webui.utils.misc import parse_duration
 from open_webui.utils.auth import get_password_hash, create_token
 from open_webui.utils.webhook import post_webhook
+from open_webui.utils.groups import apply_default_group_assignment
 
 from mcp.shared.auth import (
     OAuthClientMetadata as MCPOAuthClientMetadata,
@@ -1167,7 +1168,6 @@ class OAuthManager:
                 log.debug(
                     f"Removing user from group {group_model.name} as it is no longer in their oauth groups"
                 )
-
                 Groups.remove_users_from_group(group_model.id, [user.id])
 
                 # In case a group is created, but perms are never assigned to the group by hitting "save"
@@ -1478,6 +1478,12 @@ class OAuthManager:
                                 "user": user.model_dump_json(exclude_none=True),
                             },
                         )
+
+                    apply_default_group_assignment(
+                        request.app.state.config.DEFAULT_GROUP_ID,
+                        user.id,
+                    )
+
                 else:
                     raise HTTPException(
                         status.HTTP_403_FORBIDDEN,