diff --git a/charts/budibase/templates/app-service-deployment.yaml b/charts/budibase/templates/app-service-deployment.yaml
index ddc725d302..27a4dea654 100644
--- a/charts/budibase/templates/app-service-deployment.yaml
+++ b/charts/budibase/templates/app-service-deployment.yaml
@@ -122,6 +122,10 @@ spec:
           value: {{ .Values.globals.automationMaxIterations | quote }}
         - name: TENANT_FEATURE_FLAGS
           value: {{ .Values.globals.tenantFeatureFlags | quote }}
+        - name: BB_ADMIN_USER_EMAIL
+          value: { { .Values.globals.bbAdminUserEmail | quote } }
+        - name: BB_ADMIN_USER_PASSWORD
+          value: { { .Values.globals.bbAdminUserPassword | quote } }
 
         image: budibase/apps:{{ .Values.globals.appVersion }}
         imagePullPolicy: Always
diff --git a/hosting/.env b/hosting/.env
index 39df76d01e..11dd661bf1 100644
--- a/hosting/.env
+++ b/hosting/.env
@@ -18,4 +18,8 @@ MINIO_PORT=4004
 COUCH_DB_PORT=4005
 REDIS_PORT=6379
 WATCHTOWER_PORT=6161
-BUDIBASE_ENVIRONMENT=PRODUCTION
\ No newline at end of file
+BUDIBASE_ENVIRONMENT=PRODUCTION
+
+# An admin user can be automatically created initially if these are set
+BB_ADMIN_USER_EMAIL=
+BB_ADMIN_USER_PASSWORD=
\ No newline at end of file
diff --git a/hosting/docker-compose.yaml b/hosting/docker-compose.yaml
index f9d9eaf1c5..57cbf33709 100644
--- a/hosting/docker-compose.yaml
+++ b/hosting/docker-compose.yaml
@@ -23,6 +23,8 @@ services:
       ENABLE_ANALYTICS: "true"
       REDIS_URL: redis-service:6379
       REDIS_PASSWORD: ${REDIS_PASSWORD}
+      BB_ADMIN_USER_EMAIL: ${BB_ADMIN_USER_EMAIL}
+      BB_ADMIN_USER_PASSWORD: ${BB_ADMIN_USER_PASSWORD}
     depends_on:
       - worker-service
       - redis-service
diff --git a/hosting/hosting.properties b/hosting/hosting.properties
index c8e2f5c606..11dd661bf1 100644
--- a/hosting/hosting.properties
+++ b/hosting/hosting.properties
@@ -19,3 +19,7 @@ COUCH_DB_PORT=4005
 REDIS_PORT=6379
 WATCHTOWER_PORT=6161
 BUDIBASE_ENVIRONMENT=PRODUCTION
+
+# An admin user can be automatically created initially if these are set
+BB_ADMIN_USER_EMAIL=
+BB_ADMIN_USER_PASSWORD=
\ No newline at end of file
diff --git a/packages/server/scripts/dev/manage.js b/packages/server/scripts/dev/manage.js
index b5cce1c58b..fc9fde0a02 100644
--- a/packages/server/scripts/dev/manage.js
+++ b/packages/server/scripts/dev/manage.js
@@ -56,6 +56,8 @@ async function init() {
       DISABLE_THREADING: 1,
       SERVICE: "app-service",
       DEPLOYMENT_ENVIRONMENT: "development",
+      BB_ADMIN_USER_EMAIL: "",
+      BB_ADMIN_USER_PASSWORD: "",
     }
     let envFile = ""
     Object.keys(envFileJson).forEach(key => {
diff --git a/packages/server/src/app.ts b/packages/server/src/app.ts
index d19ad1625a..66a8e6e048 100644
--- a/packages/server/src/app.ts
+++ b/packages/server/src/app.ts
@@ -18,7 +18,9 @@ const { logAlert } = require("@budibase/backend-core/logging")
 const { Thread } = require("./threads")
 import redis from "./utilities/redis"
 import * as migrations from "./migrations"
-import { events, installation } from "@budibase/backend-core"
+import { events, installation, tenancy } from "@budibase/backend-core"
+import { createAdminUser, getChecklist } from "./utilities/workerRequests"
+import { tenantSucceeded } from "@budibase/backend-core/dist/src/events/publishers/backfill"
 
 const app = new Koa()
 
@@ -110,6 +112,33 @@ module.exports = server.listen(env.PORT || 0, async () => {
     }
   }
 
+  // check and create admin user if required
+  if (
+    env.SELF_HOSTED &&
+    !env.MULTI_TENANCY &&
+    env.BB_ADMIN_USER_EMAIL &&
+    env.BB_ADMIN_USER_PASSWORD
+  ) {
+    const checklist = await getChecklist()
+    if (!checklist?.adminUser?.checked) {
+      try {
+        const tenantId = tenancy.getTenantId()
+        await createAdminUser(
+          env.BB_ADMIN_USER_EMAIL,
+          env.BB_ADMIN_USER_PASSWORD,
+          tenantId
+        )
+        console.log(
+          "Admin account automatically created for",
+          env.BB_ADMIN_USER_EMAIL
+        )
+      } catch (e) {
+        logAlert("Error creating initial admin user. Exiting.", e)
+        shutdown()
+      }
+    }
+  }
+
   // check for version updates
   await installation.checkInstallVersion()
 
diff --git a/packages/server/src/environment.js b/packages/server/src/environment.js
index 534ec8ac27..99d099f8d5 100644
--- a/packages/server/src/environment.js
+++ b/packages/server/src/environment.js
@@ -74,6 +74,8 @@ module.exports = {
   DYNAMO_ENDPOINT: process.env.DYNAMO_ENDPOINT,
   QUERY_THREAD_TIMEOUT: parseIntSafe(process.env.QUERY_THREAD_TIMEOUT),
   SQL_MAX_ROWS: process.env.SQL_MAX_ROWS,
+  BB_ADMIN_USER_EMAIL: process.env.BB_ADMIN_USER_EMAIL,
+  BB_ADMIN_USER_PASSWORD: process.env.BB_ADMIN_USER_PASSWORD,
   // flags
   ALLOW_DEV_AUTOMATIONS: process.env.ALLOW_DEV_AUTOMATIONS,
   DISABLE_THREADING: process.env.DISABLE_THREADING,
diff --git a/packages/server/src/utilities/workerRequests.js b/packages/server/src/utilities/workerRequests.js
index 1ee975f13e..cbecb2c4b5 100644
--- a/packages/server/src/utilities/workerRequests.js
+++ b/packages/server/src/utilities/workerRequests.js
@@ -137,3 +137,19 @@ exports.readGlobalUser = async ctx => {
   )
   return checkResponse(response, "get user", { ctx })
 }
+
+exports.createAdminUser = async (email, password, tenantId) => {
+  const response = await fetch(
+    checkSlashesInUrl(env.WORKER_URL + "/api/global/users/init"),
+    request(null, { method: "POST", body: { email, password, tenantId } })
+  )
+  return checkResponse(response, "create admin user")
+}
+
+exports.getChecklist = async () => {
+  const response = await fetch(
+    checkSlashesInUrl(env.WORKER_URL + "/api/global/configs/checklist"),
+    request(null, { method: "GET" })
+  )
+  return checkResponse(response, "get checklist")
+}