diff --git a/logic/jwts.go b/logic/jwts.go
index 41181fcd6..a70bbbd2d 100644
--- a/logic/jwts.go
+++ b/logic/jwts.go
@@ -56,8 +56,9 @@ func CreateJWT(uuid string, macAddress string, network string) (response string,
 func CreateUserJWT(username string, role models.UserRoleID) (response string, err error) {
 	expirationTime := time.Now().Add(servercfg.GetServerConfig().JwtValidityDuration)
 	claims := &models.UserClaims{
-		UserName: username,
-		Role:     role,
+		UserName:       username,
+		Role:           role,
+		RacAutoDisable: servercfg.GetRacAutoDisable() && (role != models.SuperAdminRole && role != models.AdminRole),
 		RegisteredClaims: jwt.RegisteredClaims{
 			Issuer:    "Netmaker",
 			Subject:   fmt.Sprintf("user|%s", username),
diff --git a/models/user_mgmt.go b/models/user_mgmt.go
index a87a0f4b8..6c8887e9d 100644
--- a/models/user_mgmt.go
+++ b/models/user_mgmt.go
@@ -177,8 +177,9 @@ type UserAuthParams struct {
 
 // UserClaims - user claims struct
 type UserClaims struct {
-	Role     UserRoleID
-	UserName string
+	Role           UserRoleID
+	UserName       string
+	RacAutoDisable bool
 	jwt.RegisteredClaims
 }