diff --git a/backend/src/auth/auth.service.ts b/backend/src/auth/auth.service.ts
index 07b3476..03ef762 100644
--- a/backend/src/auth/auth.service.ts
+++ b/backend/src/auth/auth.service.ts
@@ -26,25 +26,26 @@ export class AuthService {
 
     if (!user) {
       // Check if this is the first user (auto-approve as admin)
-      const userCount = await this.prisma.user.count();
-      const isFirstUser = userCount === 0;
-
-      // Auto-approve test users for Playwright tests
-      const isTestUser = email === 'test@test.com';
+      const approvedUserCount = await this.prisma.user.count({
+        where: { isApproved: true, deletedAt: null },
+      });
+      const isFirstUser = approvedUserCount === 0;
 
       this.logger.log(
-        `Creating new user: ${email} (isFirstUser: ${isFirstUser}, isTestUser: ${isTestUser})`,
+        `Creating new user: ${email} (approvedUserCount: ${approvedUserCount}, isFirstUser: ${isFirstUser})`,
       );
 
       // Create new user
+      // First user is auto-approved as ADMINISTRATOR
+      // Subsequent users default to DRIVER and require approval
       user = await this.prisma.user.create({
         data: {
           auth0Id,
           email,
           name,
           picture,
-          role: isFirstUser || isTestUser ? Role.ADMINISTRATOR : Role.DRIVER,
-          isApproved: isFirstUser || isTestUser, // Auto-approve first user and test users
+          role: isFirstUser ? Role.ADMINISTRATOR : Role.DRIVER,
+          isApproved: isFirstUser, // Auto-approve first user only
         },
         include: { driver: true },
       });