diff --git a/library/Icinga/Application/Hook/AuthenticationHook.php b/library/Icinga/Application/Hook/AuthenticationHook.php
index 41cc66115..8e8a18f85 100644
--- a/library/Icinga/Application/Hook/AuthenticationHook.php
+++ b/library/Icinga/Application/Hook/AuthenticationHook.php
@@ -5,6 +5,7 @@ namespace Icinga\Application\Hook;
 use Icinga\User;
 use Icinga\Web\Hook;
 use Icinga\Application\Logger;
+use Throwable;
 
 /**
  * Icinga Web Authentication Hook base class
@@ -28,6 +29,15 @@ abstract class AuthenticationHook
     {
     }
 
+    /**
+     * Triggered after Icinga Web authenticates a user with the current session
+     *
+     * @param User $user
+     */
+    public function onAuthFromSession(User $user): void
+    {
+    }
+
     /**
      * Triggered before logout from Icinga Web
      *
@@ -37,6 +47,24 @@ abstract class AuthenticationHook
     {
     }
 
+    /**
+     * Call the onAuthFromSession() method of all registered {@link AuthenticationHook}s
+     *
+     * @param User $user
+     */
+    public static function triggerAuthFromSession(User $user): void
+    {
+        /** @var static $hook */
+        foreach (Hook::all(self::NAME) as $hook) {
+            try {
+                $hook->onAuthFromSession($user);
+            } catch (Throwable $e) {
+                // Avoid error propagation if a hook failed in a third party application
+                Logger::error($e);
+            }
+        }
+    }
+
     /**
      * Call the onLogin() method of all registered AuthHook(s)
      *
diff --git a/library/Icinga/Authentication/Auth.php b/library/Icinga/Authentication/Auth.php
index 7325aae3d..f211b65bf 100644
--- a/library/Icinga/Authentication/Auth.php
+++ b/library/Icinga/Authentication/Auth.php
@@ -230,6 +230,10 @@ class Auth
                 $this->removeAuthorization();
             }
         }
+
+        if ($this->user !== null) {
+            AuthenticationHook::triggerAuthFromSession($this->user);
+        }
     }
 
     /**