diff --git a/authentik/core/models.py b/authentik/core/models.py
index b1f8fc2af..9e0ea3ed5 100644
--- a/authentik/core/models.py
+++ b/authentik/core/models.py
@@ -34,6 +34,7 @@ from authentik.policies.models import PolicyBindingModel
 LOGGER = get_logger()
 USER_ATTRIBUTE_DEBUG = "goauthentik.io/user/debug"
 USER_ATTRIBUTE_SA = "goauthentik.io/user/service-account"
+USER_ATTRIBUTE_SOURCES = "goauthentik.io/user/sources"
 
 GRAVATAR_URL = "https://secure.gravatar.com"
 DEFAULT_AVATAR = static("dist/assets/images/user_default.png")
diff --git a/authentik/core/sources/flow_manager.py b/authentik/core/sources/flow_manager.py
index 177c2ca16..b718fe30a 100644
--- a/authentik/core/sources/flow_manager.py
+++ b/authentik/core/sources/flow_manager.py
@@ -11,6 +11,7 @@ from django.utils.translation import gettext as _
 from structlog.stdlib import get_logger
 
 from authentik.core.models import (
+    USER_ATTRIBUTE_SOURCES,
     Source,
     SourceUserMatchingModes,
     User,
@@ -269,6 +270,11 @@ class SourceFlowManager:
         if not self.source.enrollment_flow:
             self._logger.warning("source has no enrollment flow")
             return HttpResponseBadRequest()
+        if USER_ATTRIBUTE_SOURCES not in self.enroll_info or not isinstance(
+            self.enroll_info[USER_ATTRIBUTE_SOURCES], list
+        ):
+            self.enroll_info[USER_ATTRIBUTE_SOURCES] = []
+        self.enroll_info[USER_ATTRIBUTE_SOURCES].append(self.source.name)
         return self._handle_login_flow(
             self.source.enrollment_flow,
             **{