diff --git a/awx/main/models/organization.py b/awx/main/models/organization.py
index d92d0d2075..fbffc73315 100644
--- a/awx/main/models/organization.py
+++ b/awx/main/models/organization.py
@@ -236,7 +236,9 @@ class AuthToken(BaseModel):
         valid_n_tokens_qs = self.user.auth_tokens.filter(
             expires__gt=now,
             reason='',
-        ).order_by('-created')[0:settings.AUTH_TOKEN_PER_USER]
+        ).order_by('-created')
+        if settings.AUTH_TOKEN_PER_USER != -1:
+            valid_n_tokens_qs = valid_n_tokens_qs[0:settings.AUTH_TOKEN_PER_USER]
         valid_n_tokens = valid_n_tokens_qs.values_list('key', flat=True)
 
         return bool(self.key in valid_n_tokens)
diff --git a/awx/sso/backends.py b/awx/sso/backends.py
index 3fe730231a..3e2410daa2 100644
--- a/awx/sso/backends.py
+++ b/awx/sso/backends.py
@@ -136,8 +136,9 @@ class LDAPBackend(BaseLDAPBackend):
 def _decorate_enterprise_user(user, provider):
     user.set_unusable_password()
     user.save()
-    enterprise_auth = UserEnterpriseAuth(user=user, provider=provider)
-    enterprise_auth.save()
+    enterprise_auth, created = UserEnterpriseAuth.objects.get_or_create(user=user, provider=provider)
+    if created:
+        enterprise_auth.save()
     return enterprise_auth