diff --git a/src/Umbraco.Cms.Api.Management/DependencyInjection/UmbracoBuilder.BackOfficeIdentity.cs b/src/Umbraco.Cms.Api.Management/DependencyInjection/UmbracoBuilder.BackOfficeIdentity.cs
index 15dd835fa0..cff8182232 100644
--- a/src/Umbraco.Cms.Api.Management/DependencyInjection/UmbracoBuilder.BackOfficeIdentity.cs
+++ b/src/Umbraco.Cms.Api.Management/DependencyInjection/UmbracoBuilder.BackOfficeIdentity.cs
@@ -3,6 +3,7 @@ using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.DependencyInjection.Extensions;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
+using Umbraco.Cms.Api.Management.NotificationHandlers;
 using Umbraco.Cms.Api.Management.Security;
 using Umbraco.Cms.Api.Management.Services;
 using Umbraco.Cms.Api.Management.Telemetry;
@@ -12,6 +13,7 @@ using Umbraco.Cms.Core.DependencyInjection;
 using Umbraco.Cms.Core.Events;
 using Umbraco.Cms.Core.Mapping;
 using Umbraco.Cms.Core.Net;
+using Umbraco.Cms.Core.Notifications;
 using Umbraco.Cms.Core.Persistence.Repositories;
 using Umbraco.Cms.Core.Scoping;
 using Umbraco.Cms.Core.Security;
@@ -74,6 +76,9 @@ public static partial class UmbracoBuilderExtensions
 
         services.AddScoped<IBackOfficeExternalLoginService, BackOfficeExternalLoginService>();
 
+        // Register a notification handler to interrogate the registered external login providers at startup.
+        builder.AddNotificationHandler<UmbracoApplicationStartingNotification, ExternalLoginProviderStartupHandler>();
+
         return builder;
     }
 
diff --git a/src/Umbraco.Cms.Api.Management/NotificationHandlers/ExternalLoginProviderStartupHandler.cs b/src/Umbraco.Cms.Api.Management/NotificationHandlers/ExternalLoginProviderStartupHandler.cs
new file mode 100644
index 0000000000..b538f7a947
--- /dev/null
+++ b/src/Umbraco.Cms.Api.Management/NotificationHandlers/ExternalLoginProviderStartupHandler.cs
@@ -0,0 +1,44 @@
+using Umbraco.Cms.Api.Management.Security;
+using Umbraco.Cms.Core;
+using Umbraco.Cms.Core.Events;
+using Umbraco.Cms.Core.Notifications;
+using Umbraco.Cms.Core.Services;
+using Umbraco.Cms.Core.Sync;
+
+namespace Umbraco.Cms.Api.Management.NotificationHandlers;
+
+/// <summary>
+/// Invalidates backoffice sessions and clears external logins for removed providers if the external login
+/// provider setup has changed.
+/// </summary>
+internal sealed class ExternalLoginProviderStartupHandler : INotificationHandler<UmbracoApplicationStartingNotification>
+{
+    private readonly IBackOfficeExternalLoginProviders _backOfficeExternalLoginProviders;
+    private readonly IRuntimeState _runtimeState;
+    private readonly IServerRoleAccessor _serverRoleAccessor;
+
+    /// <summary>
+    /// Initializes a new instance of the <see cref="ExternalLoginProviderStartupHandler"/> class.
+    /// </summary>
+    public ExternalLoginProviderStartupHandler(
+        IBackOfficeExternalLoginProviders backOfficeExternalLoginProviders,
+        IRuntimeState runtimeState,
+        IServerRoleAccessor serverRoleAccessor)
+    {
+        _backOfficeExternalLoginProviders = backOfficeExternalLoginProviders;
+        _runtimeState = runtimeState;
+        _serverRoleAccessor = serverRoleAccessor;
+    }
+
+    /// <inheritdoc/>
+    public void Handle(UmbracoApplicationStartingNotification notification)
+    {
+        if (_runtimeState.Level != RuntimeLevel.Run ||
+            _serverRoleAccessor.CurrentServerRole == ServerRole.Subscriber)
+        {
+            return;
+        }
+
+        _backOfficeExternalLoginProviders.InvalidateSessionsIfExternalLoginProvidersChanged();
+    }
+}
diff --git a/src/Umbraco.Cms.Api.Management/Security/BackOfficeExternalLoginProviders.cs b/src/Umbraco.Cms.Api.Management/Security/BackOfficeExternalLoginProviders.cs
index 2338dace96..7ecb178db5 100644
--- a/src/Umbraco.Cms.Api.Management/Security/BackOfficeExternalLoginProviders.cs
+++ b/src/Umbraco.Cms.Api.Management/Security/BackOfficeExternalLoginProviders.cs
@@ -1,5 +1,9 @@
 using Microsoft.AspNetCore.Authentication;
 using Umbraco.Cms.Core.Security;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Logging;
+using Umbraco.Cms.Core.DependencyInjection;
+using Umbraco.Cms.Core.Services;
 
 namespace Umbraco.Cms.Api.Management.Security;
 
@@ -8,13 +12,37 @@ public class BackOfficeExternalLoginProviders : IBackOfficeExternalLoginProvider
 {
     private readonly IAuthenticationSchemeProvider _authenticationSchemeProvider;
     private readonly Dictionary<string, BackOfficeExternalLoginProvider> _externalLogins;
+    private readonly IKeyValueService _keyValueService;
+    private readonly IExternalLoginWithKeyService _externalLoginWithKeyService;
+    private readonly ILogger<BackOfficeExternalLoginProviders> _logger;
 
+    private const string ExternalLoginProvidersKey = "Umbraco.Cms.Web.BackOffice.Security.BackOfficeExternalLoginProviders";
+
+    [Obsolete("Please use the constructor taking all parameters. Scheduled for removal in Umbraco 17.")]
     public BackOfficeExternalLoginProviders(
         IEnumerable<BackOfficeExternalLoginProvider> externalLogins,
         IAuthenticationSchemeProvider authenticationSchemeProvider)
+        : this(
+              externalLogins,
+              authenticationSchemeProvider,
+              StaticServiceProvider.Instance.GetRequiredService<IKeyValueService>(),
+              StaticServiceProvider.Instance.GetRequiredService<IExternalLoginWithKeyService>(),
+              StaticServiceProvider.Instance.GetRequiredService<ILogger<BackOfficeExternalLoginProviders>>())
+    {
+    }
+
+    public BackOfficeExternalLoginProviders(
+        IEnumerable<BackOfficeExternalLoginProvider> externalLogins,
+        IAuthenticationSchemeProvider authenticationSchemeProvider,
+        IKeyValueService keyValueService,
+        IExternalLoginWithKeyService externalLoginWithKeyService,
+        ILogger<BackOfficeExternalLoginProviders> logger)
     {
         _externalLogins = externalLogins.ToDictionary(x => x.AuthenticationType);
         _authenticationSchemeProvider = authenticationSchemeProvider;
+        _keyValueService = keyValueService;
+        _externalLoginWithKeyService = externalLoginWithKeyService;
+        _logger = logger;
     }
 
     /// <inheritdoc />
@@ -60,4 +88,25 @@ public class BackOfficeExternalLoginProviders : IBackOfficeExternalLoginProvider
         var found = _externalLogins.Values.Where(x => x.Options.DenyLocalLogin).ToList();
         return found.Count > 0;
     }
+
+    /// <inheritdoc />
+    public void InvalidateSessionsIfExternalLoginProvidersChanged()
+    {
+        var previousExternalLoginProvidersValue = _keyValueService.GetValue(ExternalLoginProvidersKey);
+        var currentExternalLoginProvidersValue = string.Join("|", _externalLogins.Keys.OrderBy(key => key));
+
+        if ((previousExternalLoginProvidersValue ?? string.Empty) != currentExternalLoginProvidersValue)
+        {
+            _logger.LogWarning(
+                "The configured external login providers have changed. Existing backoffice sessions using the removed providers will be invalidated and external login data removed.");
+
+            _externalLoginWithKeyService.PurgeLoginsForRemovedProviders(_externalLogins.Keys);
+
+            _keyValueService.SetValue(ExternalLoginProvidersKey, currentExternalLoginProvidersValue);
+        }
+        else if (previousExternalLoginProvidersValue is null)
+        {
+            _keyValueService.SetValue(ExternalLoginProvidersKey, string.Empty);
+        }
+    }
 }
diff --git a/src/Umbraco.Cms.Api.Management/Security/IBackOfficeExternalLoginProviders.cs b/src/Umbraco.Cms.Api.Management/Security/IBackOfficeExternalLoginProviders.cs
index 5dba04684c..2ff70a6015 100644
--- a/src/Umbraco.Cms.Api.Management/Security/IBackOfficeExternalLoginProviders.cs
+++ b/src/Umbraco.Cms.Api.Management/Security/IBackOfficeExternalLoginProviders.cs
@@ -23,4 +23,11 @@ public interface IBackOfficeExternalLoginProviders
     /// </summary>
     /// <returns></returns>
     bool HasDenyLocalLogin();
+
+    /// <summary>
+    ///     Used during startup to see if the configured external login providers is different from the persisted information.
+    ///     If they are different, this will invalidate backoffice sessions and clear external logins for removed providers
+    ///     if the external login provider setup has changed.
+    /// </summary>
+    void InvalidateSessionsIfExternalLoginProvidersChanged() { }
 }
diff --git a/src/Umbraco.Core/Configuration/Models/SecuritySettings.cs b/src/Umbraco.Core/Configuration/Models/SecuritySettings.cs
index d359f6d208..bfff570c4f 100644
--- a/src/Umbraco.Core/Configuration/Models/SecuritySettings.cs
+++ b/src/Umbraco.Core/Configuration/Models/SecuritySettings.cs
@@ -28,8 +28,8 @@ public class SecuritySettings
 
     internal const int StaticMemberDefaultLockoutTimeInMinutes = 30 * 24 * 60;
     internal const int StaticUserDefaultLockoutTimeInMinutes = 30 * 24 * 60;
-    private const long StaticUserDefaultFailedLoginDurationInMilliseconds = 1000;
-    private const long StaticUserMinimumFailedLoginDurationInMilliseconds = 250;
+    internal const long StaticUserDefaultFailedLoginDurationInMilliseconds = 1000;
+    internal const long StaticUserMinimumFailedLoginDurationInMilliseconds = 250;
     internal const string StaticAuthorizeCallbackPathName = "/umbraco/oauth_complete";
     internal const string StaticAuthorizeCallbackLogoutPathName = "/umbraco/logout";
     internal const string StaticAuthorizeCallbackErrorPathName = "/umbraco/error";
diff --git a/src/Umbraco.Core/Extensions/IntExtensions.cs b/src/Umbraco.Core/Extensions/IntExtensions.cs
index 6bdb3c6435..5b744e26e2 100644
--- a/src/Umbraco.Core/Extensions/IntExtensions.cs
+++ b/src/Umbraco.Core/Extensions/IntExtensions.cs
@@ -1,15 +1,17 @@
 // Copyright (c) Umbraco.
 // See LICENSE for more details.
 
+using System.Diagnostics.CodeAnalysis;
+
 namespace Umbraco.Extensions;
 
 public static class IntExtensions
 {
     /// <summary>
-    ///     Does something 'x' amount of times
+    ///     Does something 'x' amount of times.
     /// </summary>
-    /// <param name="n"></param>
-    /// <param name="action"></param>
+    /// <param name="n">Number of times to execute the action.</param>
+    /// <param name="action">The action to execute.</param>
     public static void Times(this int n, Action<int> action)
     {
         for (var i = 0; i < n; i++)
@@ -19,11 +21,11 @@ public static class IntExtensions
     }
 
     /// <summary>
-    ///     Creates a Guid based on an integer value
+    ///     Creates a Guid based on an integer value.
     /// </summary>
-    /// <param name="value"><see cref="int" /> value to convert</param>
+    /// <param name="value">The <see cref="int" /> value to convert.</param>
     /// <returns>
-    ///     <see cref="Guid" />
+    ///     The converted <see cref="Guid" />.
     /// </returns>
     public static Guid ToGuid(this int value)
     {
@@ -31,4 +33,25 @@ public static class IntExtensions
         BitConverter.GetBytes(value).CopyTo(bytes);
         return new Guid(bytes);
     }
+
+    /// <summary>
+    ///     Restores a GUID previously created from an integer value using <see cref="ToGuid" />.
+    /// </summary>
+    /// <param name="value">The <see cref="Guid" /> value to convert.</param>
+    /// <param name="result">The converted <see cref="int" />.</param>
+    /// <returns>
+    ///     True if the <see cref="int" /> value could be created, otherwise false.
+    /// </returns>
+    public static bool TryParseFromGuid(Guid value, [NotNullWhen(true)] out int? result)
+    {
+        if (value.ToString().EndsWith("-0000-0000-0000-000000000000") is false)
+        {
+            // We have a proper GUID, not one converted from an integer.
+            result = null;
+            return false;
+        }
+
+        result = BitConverter.ToInt32(value.ToByteArray());
+        return true;
+    }
 }
diff --git a/src/Umbraco.Core/Persistence/Repositories/IExternalLoginWithKeyRepository.cs b/src/Umbraco.Core/Persistence/Repositories/IExternalLoginWithKeyRepository.cs
index ec9a79530c..0329ceb33b 100644
--- a/src/Umbraco.Core/Persistence/Repositories/IExternalLoginWithKeyRepository.cs
+++ b/src/Umbraco.Core/Persistence/Repositories/IExternalLoginWithKeyRepository.cs
@@ -3,23 +3,29 @@ using Umbraco.Cms.Core.Security;
 namespace Umbraco.Cms.Core.Persistence.Repositories;
 
 /// <summary>
-///     Repository for external logins with Guid as key, so it can be shared for members and users
+///     Repository for external logins with Guid as key, so it can be shared for members and users.
 /// </summary>
 public interface IExternalLoginWithKeyRepository : IReadWriteQueryRepository<int, IIdentityUserLogin>,
     IQueryRepository<IIdentityUserToken>
 {
     /// <summary>
-    ///     Replaces all external login providers for the user/member key
+    ///     Replaces all external login providers for the user/member key.
     /// </summary>
     void Save(Guid userOrMemberKey, IEnumerable<IExternalLogin> logins);
 
     /// <summary>
-    ///     Replaces all external login provider tokens for the providers specified for the user/member key
+    ///     Replaces all external login provider tokens for the providers specified for the user/member key.
     /// </summary>
     void Save(Guid userOrMemberKey, IEnumerable<IExternalLoginToken> tokens);
 
     /// <summary>
-    ///     Deletes all external logins for the specified the user/member key
+    ///     Deletes all external logins for the specified the user/member key.
     /// </summary>
     void DeleteUserLogins(Guid userOrMemberKey);
+
+    /// <summary>
+    ///     Deletes external logins that aren't associated with the current collection of providers.
+    /// </summary>
+    /// <param name="currentLoginProviders">The names of the currently configured providers.</param>
+    void DeleteUserLoginsForRemovedProviders(IEnumerable<string> currentLoginProviders) { }
 }
diff --git a/src/Umbraco.Core/Persistence/Repositories/IUserRepository.cs b/src/Umbraco.Core/Persistence/Repositories/IUserRepository.cs
index 0f9cc14f79..4b006ecb1c 100644
--- a/src/Umbraco.Core/Persistence/Repositories/IUserRepository.cs
+++ b/src/Umbraco.Core/Persistence/Repositories/IUserRepository.cs
@@ -1,4 +1,4 @@
-using System.Linq.Expressions;
+using System.Linq.Expressions;
 using Umbraco.Cms.Core.Models.Membership;
 using Umbraco.Cms.Core.Persistence.Querying;
 
@@ -160,4 +160,10 @@ public interface IUserRepository : IReadWriteQueryRepository<Guid, IUser>
     bool RemoveClientId(int id, string clientId);
 
     IUser? GetByClientId(string clientId);
+
+    /// <summary>
+    ///     Invalidates sessions for users that aren't associated with the current collection of providers.
+    /// </summary>
+    /// <param name="currentLoginProviders">The names of the currently configured providers.</param>
+    void InvalidateSessionsForRemovedProviders(IEnumerable<string> currentLoginProviders) { }
 }
diff --git a/src/Umbraco.Core/Services/ExternalLoginService.cs b/src/Umbraco.Core/Services/ExternalLoginService.cs
index be49927b36..df64e2e355 100644
--- a/src/Umbraco.Core/Services/ExternalLoginService.cs
+++ b/src/Umbraco.Core/Services/ExternalLoginService.cs
@@ -5,21 +5,40 @@ using Umbraco.Cms.Core.Events;
 using Umbraco.Cms.Core.Persistence.Repositories;
 using Umbraco.Cms.Core.Scoping;
 using Umbraco.Cms.Core.Security;
-using Umbraco.Extensions;
 
 namespace Umbraco.Cms.Core.Services;
 
 public class ExternalLoginService : RepositoryService, IExternalLoginWithKeyService
 {
     private readonly IExternalLoginWithKeyRepository _externalLoginRepository;
+    private readonly IUserRepository _userRepository;
 
+    [Obsolete("Please use the constructor taking all parameters. Scheduled for removal in Umbraco 17.")]
     public ExternalLoginService(
         ICoreScopeProvider provider,
         ILoggerFactory loggerFactory,
         IEventMessagesFactory eventMessagesFactory,
         IExternalLoginWithKeyRepository externalLoginRepository)
-        : base(provider, loggerFactory, eventMessagesFactory) =>
+        : this(
+              provider,
+              loggerFactory,
+              eventMessagesFactory,
+              externalLoginRepository,
+              StaticServiceProvider.Instance.GetRequiredService<IUserRepository>())
+    {
+    }
+
+    public ExternalLoginService(
+        ICoreScopeProvider provider,
+        ILoggerFactory loggerFactory,
+        IEventMessagesFactory eventMessagesFactory,
+        IExternalLoginWithKeyRepository externalLoginRepository,
+        IUserRepository userRepository)
+        : base(provider, loggerFactory, eventMessagesFactory)
+    {
         _externalLoginRepository = externalLoginRepository;
+        _userRepository = userRepository;
+    }
 
     public IEnumerable<IIdentityUserLogin> Find(string loginProvider, string providerKey)
     {
@@ -80,4 +99,15 @@ public class ExternalLoginService : RepositoryService, IExternalLoginWithKeyServ
             scope.Complete();
         }
     }
+
+    /// <inheritdoc />
+    public void PurgeLoginsForRemovedProviders(IEnumerable<string> currentLoginProviders)
+    {
+        using (ICoreScope scope = ScopeProvider.CreateCoreScope())
+        {
+            _userRepository.InvalidateSessionsForRemovedProviders(currentLoginProviders);
+            _externalLoginRepository.DeleteUserLoginsForRemovedProviders(currentLoginProviders);
+            scope.Complete();
+        }
+    }
 }
diff --git a/src/Umbraco.Core/Services/IExternalLoginWithKeyService.cs b/src/Umbraco.Core/Services/IExternalLoginWithKeyService.cs
index 42f0708aaa..deaa135f16 100644
--- a/src/Umbraco.Core/Services/IExternalLoginWithKeyService.cs
+++ b/src/Umbraco.Core/Services/IExternalLoginWithKeyService.cs
@@ -5,47 +5,53 @@ namespace Umbraco.Cms.Core.Services;
 public interface IExternalLoginWithKeyService : IService
 {
     /// <summary>
-    ///     Returns all user logins assigned
+    ///     Returns all user logins assigned.
     /// </summary>
     IEnumerable<IIdentityUserLogin> GetExternalLogins(Guid userOrMemberKey);
 
     /// <summary>
-    ///     Returns all user login tokens assigned
+    ///     Returns all user login tokens assigned.
     /// </summary>
     IEnumerable<IIdentityUserToken> GetExternalLoginTokens(Guid userOrMemberKey);
 
     /// <summary>
     ///     Returns all logins matching the login info - generally there should only be one but in some cases
-    ///     there might be more than one depending on if an administrator has been editing/removing members
+    ///     there might be more than one depending on if an administrator has been editing/removing members.
     /// </summary>
     IEnumerable<IIdentityUserLogin> Find(string loginProvider, string providerKey);
 
     /// <summary>
-    ///     Saves the external logins associated with the user
+    ///     Saves the external logins associated with the user.
     /// </summary>
     /// <param name="userOrMemberKey">
-    ///     The user or member key associated with the logins
+    ///     The user or member key associated with the logins.
     /// </param>
     /// <param name="logins"></param>
     /// <remarks>
-    ///     This will replace all external login provider information for the user
+    ///     This will replace all external login provider information for the user.
     /// </remarks>
     void Save(Guid userOrMemberKey, IEnumerable<IExternalLogin> logins);
 
     /// <summary>
-    ///     Saves the external login tokens associated with the user
+    ///     Saves the external login tokens associated with the user.
     /// </summary>
     /// <param name="userOrMemberKey">
-    ///     The user or member key associated with the logins
+    ///     The user or member key associated with the logins.
     /// </param>
     /// <param name="tokens"></param>
     /// <remarks>
-    ///     This will replace all external login tokens for the user
+    ///     This will replace all external login tokens for the user.
     /// </remarks>
     void Save(Guid userOrMemberKey, IEnumerable<IExternalLoginToken> tokens);
 
     /// <summary>
-    ///     Deletes all user logins - normally used when a member is deleted
+    ///     Deletes all user logins - normally used when a member is deleted.
     /// </summary>
     void DeleteUserLogins(Guid userOrMemberKey);
+
+    /// <summary>
+    ///     Deletes external logins and invalidates sessions for users that aren't associated with the current collection of providers.
+    /// </summary>
+    /// <param name="currentLoginProviders">The names of the currently configured providers.</param>
+    void PurgeLoginsForRemovedProviders(IEnumerable<string> currentLoginProviders) { }
 }
diff --git a/src/Umbraco.Infrastructure/Persistence/Repositories/Implement/ExternalLoginRepository.cs b/src/Umbraco.Infrastructure/Persistence/Repositories/Implement/ExternalLoginRepository.cs
index 2c0f0f8c2d..766d654c08 100644
--- a/src/Umbraco.Infrastructure/Persistence/Repositories/Implement/ExternalLoginRepository.cs
+++ b/src/Umbraco.Infrastructure/Persistence/Repositories/Implement/ExternalLoginRepository.cs
@@ -56,6 +56,12 @@ internal class ExternalLoginRepository : EntityRepositoryBase<int, IIdentityUser
     public void DeleteUserLogins(Guid userOrMemberKey) =>
         Database.Delete<ExternalLoginDto>("WHERE userOrMemberKey=@userOrMemberKey", new { userOrMemberKey });
 
+    /// <inheritdoc />
+    public void DeleteUserLoginsForRemovedProviders(IEnumerable<string> currentLoginProviders) =>
+        Database.Execute(Sql()
+            .Delete<ExternalLoginDto>()
+            .WhereNotIn<ExternalLoginDto>(x => x.LoginProvider, currentLoginProviders));
+
     /// <inheritdoc />
     public void Save(Guid userOrMemberKey, IEnumerable<IExternalLogin> logins)
     {
diff --git a/src/Umbraco.Infrastructure/Persistence/Repositories/Implement/UserRepository.cs b/src/Umbraco.Infrastructure/Persistence/Repositories/Implement/UserRepository.cs
index a1d5a41bea..187d5c5ce2 100644
--- a/src/Umbraco.Infrastructure/Persistence/Repositories/Implement/UserRepository.cs
+++ b/src/Umbraco.Infrastructure/Persistence/Repositories/Implement/UserRepository.cs
@@ -12,7 +12,6 @@ using Umbraco.Cms.Core.Models.Entities;
 using Umbraco.Cms.Core.Models.Membership;
 using Umbraco.Cms.Core.Persistence.Querying;
 using Umbraco.Cms.Core.Persistence.Repositories;
-using Umbraco.Cms.Core.Scoping;
 using Umbraco.Cms.Core.Serialization;
 using Umbraco.Cms.Core.Services;
 using Umbraco.Cms.Infrastructure.Persistence.Dtos;
@@ -21,7 +20,6 @@ using Umbraco.Cms.Infrastructure.Persistence.Mappers;
 using Umbraco.Cms.Infrastructure.Persistence.Querying;
 using Umbraco.Cms.Infrastructure.Scoping;
 using Umbraco.Extensions;
-using IScope = Umbraco.Cms.Infrastructure.Scoping.IScope;
 
 namespace Umbraco.Cms.Infrastructure.Persistence.Repositories.Implement;
 /// <summary>
@@ -1268,5 +1266,32 @@ SELECT 4 AS [Key], COUNT(id) AS [Value] FROM umbracoUser WHERE userDisabled = 0
 
         return sql;
     }
+
+    /// <inheritdoc />
+    public void InvalidateSessionsForRemovedProviders(IEnumerable<string> currentLoginProviders)
+    {
+        // Get all the user or member keys associated with the removed providers.
+        Sql<ISqlContext> idsQuery = SqlContext.Sql()
+            .Select<ExternalLoginDto>(x => x.UserOrMemberKey)
+            .From<ExternalLoginDto>()
+            .WhereNotIn<ExternalLoginDto>(x => x.LoginProvider, currentLoginProviders);
+        List<Guid> userAndMemberKeysAssociatedWithRemovedProviders = Database.Fetch<Guid>(idsQuery);
+        if (userAndMemberKeysAssociatedWithRemovedProviders.Count == 0)
+        {
+            return;
+        }
+
+        // Invalidate the security stamps on the users associated with the removed providers.
+        Sql<ISqlContext> updateSecurityStampsQuery = Sql()
+            .Update<UserDto>(u => u.Set(x => x.SecurityStampToken, "0".PadLeft(32, '0')))
+            .WhereIn<UserDto>(x => x.Key, userAndMemberKeysAssociatedWithRemovedProviders);
+        Database.Execute(updateSecurityStampsQuery);
+
+        // Delete the OpenIddict tokens for the users associated with the removed providers.
+        // The following is safe from SQL injection as we are dealing with GUIDs, not strings.
+        var userKeysForInClause = string.Join("','", userAndMemberKeysAssociatedWithRemovedProviders.Select(x => x.ToString()));
+        Database.Execute("DELETE FROM umbracoOpenIddictTokens WHERE Subject IN ('" + userKeysForInClause + "')");
+    }
+
     #endregion
 }
diff --git a/src/Umbraco.Web.Common/Security/ConfigureSecurityStampOptions.cs b/src/Umbraco.Web.Common/Security/ConfigureSecurityStampOptions.cs
index e214ba1c23..01f7d7cfb9 100644
--- a/src/Umbraco.Web.Common/Security/ConfigureSecurityStampOptions.cs
+++ b/src/Umbraco.Web.Common/Security/ConfigureSecurityStampOptions.cs
@@ -31,7 +31,7 @@ public class ConfigureSecurityStampOptions : IConfigureOptions<SecurityStampVali
         // Adjust the security stamp validation interval to a shorter duration
         // when concurrent logins are not allowed and the duration has the default interval value
         // (currently defaults to 30 minutes), ensuring quicker re-validation.
-        if (securitySettings.AllowConcurrentLogins is false && options.ValidationInterval == TimeSpan.FromMinutes(30))
+        if (securitySettings.AllowConcurrentLogins is false && options.ValidationInterval == new SecurityStampValidatorOptions().ValidationInterval)
         {
             options.ValidationInterval = TimeSpan.FromSeconds(30);
         }
diff --git a/tests/Umbraco.Tests.UnitTests/Umbraco.Core/Extensions/IntExtensionsTests.cs b/tests/Umbraco.Tests.UnitTests/Umbraco.Core/Extensions/IntExtensionsTests.cs
new file mode 100644
index 0000000000..46cab0df54
--- /dev/null
+++ b/tests/Umbraco.Tests.UnitTests/Umbraco.Core/Extensions/IntExtensionsTests.cs
@@ -0,0 +1,41 @@
+// Copyright (c) Umbraco.
+// See LICENSE for more details.
+
+using NUnit.Framework;
+using Umbraco.Extensions;
+
+namespace Umbraco.Cms.Tests.UnitTests.Umbraco.Core.Extensions;
+
+[TestFixture]
+public class IntExtensionsTests
+{
+    [TestCase(20, "00000014-0000-0000-0000-000000000000")]
+    [TestCase(106, "0000006a-0000-0000-0000-000000000000")]
+    [TestCase(999999, "000f423f-0000-0000-0000-000000000000")]
+    [TestCase(555555555, "211d1ae3-0000-0000-0000-000000000000")]
+    public void ToGuid_Creates_Expected_Guid(int input, string expected)
+    {
+        var result = input.ToGuid();
+        Assert.AreEqual(expected, result.ToString());
+    }
+
+    [TestCase("00000014-0000-0000-0000-000000000000", 20)]
+    [TestCase("0000006a-0000-0000-0000-000000000000", 106)]
+    [TestCase("000f423f-0000-0000-0000-000000000000", 999999)]
+    [TestCase("211d1ae3-0000-0000-0000-000000000000", 555555555)]
+    [TestCase("0d93047e-558d-4311-8a9d-b89e6fca0337", null)]
+    public void TryParseFromGuid_Parses_Expected_Integer(string input, int? expected)
+    {
+        var result = IntExtensions.TryParseFromGuid(Guid.Parse(input), out int? intValue);
+        if (expected is null)
+        {
+            Assert.IsFalse(result);
+            Assert.IsFalse(intValue.HasValue);
+        }
+        else
+        {
+            Assert.IsTrue(result);
+            Assert.AreEqual(expected, intValue.Value);
+        }
+    }
+}