diff --git a/src/internal/controller/zitadelcluster_controller.go b/src/internal/controller/zitadelcluster_controller.go
index fbac404..84b0cc7 100644
--- a/src/internal/controller/zitadelcluster_controller.go
+++ b/src/internal/controller/zitadelcluster_controller.go
@@ -514,17 +514,6 @@ func (r *ZitadelClusterReconciler) reconcileInitialHumanUser(ctx context.Context
 		if err != nil {
 			return ctrl.Result{}, fmt.Errorf("Error adding human user: %v", err)
 		}
-		{
-
-			if _, err = managementClient.AddOrgMember(middleware.SetOrgID(ctx, org.Org.Id), &management.AddOrgMemberRequest{
-				UserId: userid,
-				Roles: []string{
-					"IAM_OWNER",
-				},
-			}); err != nil {
-				return ctrl.Result{}, fmt.Errorf("Error adding org member: %v", err)
-			}
-		}
 	}
 
 	{
@@ -536,6 +525,16 @@ func (r *ZitadelClusterReconciler) reconcileInitialHumanUser(ctx context.Context
 			return ctrl.Result{}, fmt.Errorf("Error setting password for member: %v", err)
 		}
 	}
+	{
+		if _, err := managementClient.AddOrgMember(middleware.SetOrgID(ctx, org.Org.Id), &management.AddOrgMemberRequest{
+			UserId: userid,
+			Roles: []string{
+				"ORG_OWNER",
+			},
+		}); err != nil {
+			return ctrl.Result{}, fmt.Errorf("Error adding org member: %v", err)
+		}
+	}
 
 	patch := client.MergeFrom(zitadel.DeepCopy())
 	zitadel.Status.InitialAdminId = userid