diff --git a/packages/api/src/auth/authProvider.js b/packages/api/src/auth/authProvider.js
index 342851de1..e114b9d10 100644
--- a/packages/api/src/auth/authProvider.js
+++ b/packages/api/src/auth/authProvider.js
@@ -49,10 +49,6 @@ class AuthProviderBase {
     return {};
   }
 
-  getBasicAuthLogins() {
-    return null;
-  }
-
   shouldAuthorizeApi() {
     return false;
   }
@@ -163,11 +159,11 @@ class ADProvider extends AuthProviderBase {
   }
 
   shouldAuthorizeApi() {
-    return true;
+    return !process.env.BASIC_AUTH;
   }
 
   isLoginForm() {
-    return true;
+    return !process.env.BASIC_AUTH;
   }
 }
 
@@ -186,13 +182,6 @@ class LoginsProvider extends AuthProviderBase {
     return { error: 'Invalid credentials' };
   }
 
-  getBasicAuthLogins() {
-    const logins = getEnvLogins();
-    if (logins && process.env.BASIC_AUTH) {
-      return _.fromPairs(logins.filter(x => x.password).map(x => [x.login, x.password]));
-    }
-  }
-
   shouldAuthorizeApi() {
     return !process.env.BASIC_AUTH;
   }
diff --git a/packages/api/src/main.js b/packages/api/src/main.js
index a95f0d945..3c0fa85fc 100644
--- a/packages/api/src/main.js
+++ b/packages/api/src/main.js
@@ -45,11 +45,23 @@ function start() {
 
   const server = http.createServer(app);
 
-  const basicAuthLogins = createAuthProvider().getBasicAuthLogins();
-  if (basicAuthLogins) {
+  if (process.env.BASIC_AUTH) {
+    async function authorizer(username, password, cb) {
+      try {
+        const resp = await createAuthProvider().login(username, password);
+        if (resp.accessToken) {
+          cb(null, true);
+        } else {
+          cb(null, false);
+        }
+      } catch (err) {
+        cb(err, false);
+      }
+    }
     app.use(
       basicAuth({
-        users: basicAuthLogins,
+        authorizer,
+        authorizeAsync: true,
         challenge: true,
         realm: 'DbGate Web App',
       })