diff --git a/backend/workflows/forms.py b/backend/workflows/forms.py
index 64dc273..0f9f51c 100644
--- a/backend/workflows/forms.py
+++ b/backend/workflows/forms.py
@@ -135,6 +135,8 @@ class AppLoginForm(forms.Form):
             auth_username = login_value
             user_model = get_user_model()
             matched_user = user_model.objects.filter(email__iexact=login_value).first()
+            if matched_user is None:
+                matched_user = user_model.objects.filter(username__iexact=login_value).first()
             if matched_user:
                 auth_username = matched_user.username
             self.user_cache = authenticate(self.request, username=auth_username, password=password)
@@ -494,7 +496,7 @@ class UserManagementCreateForm(forms.Form):
     def clean_username(self):
         username = (self.cleaned_data.get('username') or '').strip()
         user_model = get_user_model()
-        if user_model.objects.filter(username=username).exists():
+        if user_model.objects.filter(username__iexact=username).exists():
             raise forms.ValidationError(_('Dieser Benutzername ist bereits vergeben.'))
         return username
 
diff --git a/backend/workflows/tests/test_account_ui.py b/backend/workflows/tests/test_account_ui.py
index 5fe358c..df107f5 100644
--- a/backend/workflows/tests/test_account_ui.py
+++ b/backend/workflows/tests/test_account_ui.py
@@ -2,6 +2,7 @@ from django.contrib.auth import get_user_model
 from django.test import Client, TestCase
 from django.utils import timezone
 
+from workflows.forms import UserManagementCreateForm
 from workflows.models import UserProfile
 from workflows.roles import ROLE_PLATFORM_OWNER, assign_user_role
 from workflows.totp import generate_totp_token
@@ -194,3 +195,28 @@ class AccountUISmokeTests(TestCase):
         )
 
         self.assertEqual(response.status_code, 302)
+
+    def test_login_accepts_username_case_insensitively(self):
+        client = Client()
+
+        response = client.post(
+            '/accounts/login/',
+            {'username': 'PROFILE-USER', 'password': 'secret-12345'},
+            HTTP_HOST='localhost',
+        )
+
+        self.assertEqual(response.status_code, 302)
+
+    def test_user_management_create_form_rejects_case_insensitive_username_duplicate(self):
+        form = UserManagementCreateForm(
+            data={
+                'first_name': 'Another',
+                'last_name': 'User',
+                'username': 'PROFILE-USER',
+                'email': 'another@example.com',
+                'role_key': 'staff',
+            }
+        )
+
+        self.assertFalse(form.is_valid())
+        self.assertIn('username', form.errors)