diff --git a/package.json b/package.json
index 589a9a4258f3cee92541515a383cfd7a1a8378f8..dbd68ea68072197d00f3a449b8b822b8c1b62266 100644
--- a/package.json
+++ b/package.json
@@ -72,4 +72,4 @@
     "ts-node": "^8.5.2",
     "typescript": "^3.7.2"
   }
-}
\ No newline at end of file
+}
diff --git a/src/services/impl/channels/add-member-to-channel.ts b/src/services/impl/channels/add-member-to-channel.ts
index 8fe6dfbe6324479245737c0fc2a4e2a72dd844f1..bf2d1336d8c46e09d1a924f876b220416b661907 100644
--- a/src/services/impl/channels/add-member-to-channel.ts
+++ b/src/services/impl/channels/add-member-to-channel.ts
@@ -37,6 +37,12 @@ export class AddMemberToChannel implements Command {
     }
 
     const userToAdd = await this.usersService.GetOrCreateUserFromUsernameOrEmail(this.membername);
+    //if resolved new user is already a direct member or a group member
+    if (await channel.isMember(userToAdd)) {
+      throw new ForbiddenError(
+        `User ${this.membername} / ${userToAdd.email} is already a member or in a member group.`,
+      );
+    }
 
     channel.addMember(userToAdd);
     //const ret = await transactionManager.save(channel);
diff --git a/src/services/impl/users/get-or-create-user.ts b/src/services/impl/users/get-or-create-user.ts
index 824400f7dda387438ea6da26f13b7cefa94f9244..a211912d7097c832054f6eacf4863738c5409b1e 100644
--- a/src/services/impl/users/get-or-create-user.ts
+++ b/src/services/impl/users/get-or-create-user.ts
@@ -14,10 +14,7 @@ export class GetOrCreateUserFromUsernameOrEmail implements Command {
 
   async execute(transactionManager: EntityManager): Promise<User> {
     let userToAdd = await transactionManager.findOne(User, {
-      where: [
-        { username: this.userIdentifier },
-        { email: this.userIdentifier },
-      ],
+      where: [{ username: this.userIdentifier }, { email: this.userIdentifier }],
     });
 
     // If not found, let's verify if email is like login@cern.ch to reinitiate a search on login
@@ -31,10 +28,12 @@ export class GetOrCreateUserFromUsernameOrEmail implements Command {
     }
 
     if (!userToAdd) {
-      const user = await this.usersService.GetUserFromExternal(
-        this.userIdentifier,
-      );
-      userToAdd = await this.authService.createUserWithDefaults(user);
+      const user = await this.usersService.GetUserFromExternal(this.userIdentifier);
+      // Check again in DB if user already there in case it's a mapped user in Auth systems
+      userToAdd = await transactionManager.findOne(User, {
+        where: [{ username: user.username }, { email: user.email }],
+      });
+      if (!userToAdd) userToAdd = await this.authService.createUserWithDefaults(user);
     }
 
     return userToAdd;