diff --git a/backend/app/routers/admin.py b/backend/app/routers/admin.py
index 35e863c..8376cc5 100644
--- a/backend/app/routers/admin.py
+++ b/backend/app/routers/admin.py
@@ -209,6 +209,7 @@ async def create_user(
 
     new_user = User(
         username=data.username,
+        umbral_name=data.username,
         password_hash=hash_password(data.password),
         role=data.role,
         email=email,
diff --git a/backend/app/routers/auth.py b/backend/app/routers/auth.py
index 85a854e..a1dd542 100644
--- a/backend/app/routers/auth.py
+++ b/backend/app/routers/auth.py
@@ -288,6 +288,7 @@ async def setup(
     password_hash = hash_password(data.password)
     new_user = User(
         username=data.username,
+        umbral_name=data.username,
         password_hash=password_hash,
         role="admin",
         last_password_change_at=datetime.now(),
@@ -454,6 +455,7 @@ async def register(
     # SEC-01: Explicit field assignment — never **data.model_dump()
     new_user = User(
         username=data.username,
+        umbral_name=data.username,
         password_hash=password_hash,
         role="standard",
         email=data.email,