diff --git a/.changeset/cool-actors-sin.md b/.changeset/cool-actors-sin.md
new file mode 100644
index 0000000000..4d5b2589c5
--- /dev/null
+++ b/.changeset/cool-actors-sin.md
@@ -0,0 +1,5 @@
+---
+'@backstage/plugin-auth-backend-module-aws-alb-provider': patch
+---
+
+Throw correct error when email is missing from the claims
diff --git a/plugins/auth-backend-module-aws-alb-provider/src/authenticator.test.ts b/plugins/auth-backend-module-aws-alb-provider/src/authenticator.test.ts
index 61c80c4b3c..73f859df52 100644
--- a/plugins/auth-backend-module-aws-alb-provider/src/authenticator.test.ts
+++ b/plugins/auth-backend-module-aws-alb-provider/src/authenticator.test.ts
@@ -146,6 +146,34 @@ describe('AwsAlbProvider', () => {
       );
     });
 
+    it('Email is missing', async () => {
+      const jwt = await new SignJWT({ ...mockClaims, email: undefined })
+        .setProtectedHeader({ alg: 'HS256', signer: 'SIGNER_ARN' })
+        .sign(signingKey);
+      const req = {
+        header: jest.fn(name => {
+          if (name === ALB_JWT_HEADER) {
+            return jwt;
+          } else if (name === ALB_ACCESS_TOKEN_HEADER) {
+            return mockAccessToken;
+          }
+          return undefined;
+        }),
+      } as unknown as express.Request;
+      await expect(
+        awsAlbAuthenticator.authenticate(
+          { req },
+          {
+            issuer: 'ISSUER_URL',
+            signer: undefined,
+            getKey: jest.fn().mockResolvedValue(signingKey),
+          },
+        ),
+      ).rejects.toThrow(
+        'Exception occurred during JWT processing: AuthenticationError: Missing email in the JWT token',
+      );
+    });
+
     it('issuer is missing', async () => {
       const jwt = await new SignJWT({})
         .setProtectedHeader({ alg: 'HS256' })
diff --git a/plugins/auth-backend-module-aws-alb-provider/src/authenticator.ts b/plugins/auth-backend-module-aws-alb-provider/src/authenticator.ts
index 8a32b05a92..2e7fe1cd26 100644
--- a/plugins/auth-backend-module-aws-alb-provider/src/authenticator.ts
+++ b/plugins/auth-backend-module-aws-alb-provider/src/authenticator.ts
@@ -15,11 +15,11 @@
  */
 
 import { AuthenticationError } from '@backstage/errors';
-import { AwsAlbClaims, AwsAlbResult, AwsAlbProtectedHeader } from './types';
+import { AwsAlbClaims, AwsAlbProtectedHeader, AwsAlbResult } from './types';
 import { jwtVerify } from 'jose';
 import {
-  PassportProfile,
   createProxyAuthenticator,
+  PassportProfile,
 } from '@backstage/plugin-auth-node';
 import NodeCache from 'node-cache';
 import { makeProfileInfo, provisionKeyCache } from './helpers';
@@ -69,6 +69,10 @@ export const awsAlbAuthenticator = createProxyAuthenticator({
         throw new AuthenticationError('Signer mismatch on JWT token');
       }
 
+      if (!claims.email) {
+        throw new AuthenticationError(`Missing email in the JWT token`);
+      }
+
       const fullProfile: PassportProfile = {
         provider: 'unknown',
         id: claims.sub,