diff --git a/ssoauth/auth_utils.py b/ssoauth/auth_utils.py
index 8a87d061b1252c04469f9d2f0c58fb961f8e3bf9..2ed213ebe6f36593c2bb0512d7388fb257fe0825 100644
--- a/ssoauth/auth_utils.py
+++ b/ssoauth/auth_utils.py
@@ -83,10 +83,7 @@ def get_or_create_user(uuid, username):
     if not user:
         user = create_user(uuid, username)  # create if not present
     # sanity check
-    if user and user.user_permissions.all().count():
-        logger.error("Who assigned permissions directly to user {user}?! Removing: {perms}".format(
-            user=user, perms=", ".join(str(p) for p in user.user_permissions)))
-        user.user_permissions.clear()
+    cleanup_direct_permissions(user)
     return user
 
 
@@ -124,6 +121,12 @@ def set_user_groups(user, group_dn_list):
         user=user, g_n=len(groups), g_names=", ".join(str(g) for g in groups), dn_n=len(group_dn_list)))
 
 
+def cleanup_direct_permissions(user):
+    if user.user_permissions.exists():
+        logger.critical("Who attached permissions directly to {user} ?!?!".format(**locals()))
+        user.user_permissions.clear()
+
+
 def set_user_compat_flags(user):
     is_active = True
     user.is_staff = False
diff --git a/ssoauth/checks.py b/ssoauth/checks.py
index 2b18c7edc82f331112e7f2086e4a4efb81cc2e6a..615b31a692ecb3b6635eeaebad9f74f9775e34b0 100644
--- a/ssoauth/checks.py
+++ b/ssoauth/checks.py
@@ -49,20 +49,6 @@ def compatible_user_model(app_configs, **kwargs):
     return errors
 
 
-@register(Tags.security)
-@_ignore_db_errors
-def no_direct_user_permissions(app_configs, **kwargs):
-    errors = list()
-    qs_bad_users = get_user_model().objects.filter(user_permissions__isnull=False)
-    if qs_bad_users.count() is not 0:
-        errors.append(Error(
-            "Detected directly assigned permissions. Truncate the User<->Permission table. Investigate the reason. " +
-            "Bad users: {0}".format(", ".join(u.username for u in qs_bad_users)),
-            obj=get_user_model(),
-        ))
-    return errors
-
-
 @register(Tags.urls)
 def auth_urls_configured(app_configs, **kwargs):
     errors = list()
diff --git a/ssoauth/views.py b/ssoauth/views.py
index 1ee0733d73aa8f26080f6e2b71f4138f511ab5d7..8ab9f42f63509e267667d37d5b0c90afa8ddee6f 100644
--- a/ssoauth/views.py
+++ b/ssoauth/views.py
@@ -118,6 +118,7 @@ class ACSAuthNView(SAMLMixin, View):
             user=user,
             group_dn_list=get_attr("idm_groups", nullable=True, multivalued=True) or list()
         )
+        auth_utils.cleanup_direct_permissions(user=user)
         auth_utils.set_user_compat_flags(user=user)
         request.user = user
         contrib_auth.login(request, user)