diff --git a/src/Squidex.Core/Identity/SquidexRoles.cs b/src/Squidex.Core/Identity/SquidexRoles.cs
index 0803c0502..d7e530c9c 100644
--- a/src/Squidex.Core/Identity/SquidexRoles.cs
+++ b/src/Squidex.Core/Identity/SquidexRoles.cs
@@ -10,12 +10,12 @@ namespace Squidex.Core.Identity
 {
     public static class SquidexRoles
     {
-        public const string Administrator = "administrator";
+        public const string Administrator = "ADMINISTRATOR";
 
-        public const string AppOwner = "app-owner";
+        public const string AppOwner = "APP-OWNER";
 
-        public const string AppEditor = "app-editor";
+        public const string AppEditor = "APP-EDITOR";
 
-        public const string AppDeveloper = "app-developer";
+        public const string AppDeveloper = "APP-DEVELOPER";
     }
 }
diff --git a/src/Squidex/Config/Identity/IdentityUsage.cs b/src/Squidex/Config/Identity/IdentityUsage.cs
index 65b67d542..8f1dde762 100644
--- a/src/Squidex/Config/Identity/IdentityUsage.cs
+++ b/src/Squidex/Config/Identity/IdentityUsage.cs
@@ -85,6 +85,15 @@ namespace Squidex.Config.Identity
             return app;
         }
 
+        public static IApplicationBuilder UseAdminRole(this IApplicationBuilder app)
+        {
+            var roleManager = app.ApplicationServices.GetRequiredService<RoleManager<IdentityRole>>();
+
+            roleManager.CreateAsync(new IdentityRole { Name = SquidexRoles.Administrator, NormalizedName = SquidexRoles.Administrator }).Wait();
+
+            return app;
+        }
+
         public static IApplicationBuilder UseMyApiProtection(this IApplicationBuilder app)
         {
             const string apiScope = Constants.ApiScope;
diff --git a/src/Squidex/Controllers/UI/Account/AccountController.cs b/src/Squidex/Controllers/UI/Account/AccountController.cs
index 0f92ffc88..b36ce7117 100644
--- a/src/Squidex/Controllers/UI/Account/AccountController.cs
+++ b/src/Squidex/Controllers/UI/Account/AccountController.cs
@@ -208,7 +208,7 @@ namespace Squidex.Controllers.UI.Account
 
         private Task<bool> MakeAdminAsync(IdentityUser user, bool isFirst)
         {
-            if (isFirst)
+            if (!isFirst)
             {
                 return Task.FromResult(true);
             }
diff --git a/src/Squidex/Startup.cs b/src/Squidex/Startup.cs
index fb0d2bfc8..29207c837 100644
--- a/src/Squidex/Startup.cs
+++ b/src/Squidex/Startup.cs
@@ -121,6 +121,7 @@ namespace Squidex
 
                 identityApp.UseMyIdentity();
                 identityApp.UseMyIdentityServer();
+                identityApp.UseAdminRole();
                 identityApp.UseMyApiProtection();
                 identityApp.UseMyGoogleAuthentication();
                 identityApp.UseStaticFiles();
diff --git a/src/Squidex/app/shared/services/auth.service.ts b/src/Squidex/app/shared/services/auth.service.ts
index 48826c28a..694f92d96 100644
--- a/src/Squidex/app/shared/services/auth.service.ts
+++ b/src/Squidex/app/shared/services/auth.service.ts
@@ -32,7 +32,7 @@ export class Profile {
     }
 
     public get isAdmin(): boolean {
-        return this.user.profile['role'] === 'administrator';
+        return this.user.profile['role'].toLowerCase() === 'administrator';
     }
 
     public get token(): string {