diff --git a/demo/collections/Admin.js b/demo/collections/Admin.js
index 6c3b6b1b8b..68533d26bc 100644
--- a/demo/collections/Admin.js
+++ b/demo/collections/Admin.js
@@ -25,6 +25,7 @@ module.exports = {
     maxLoginAttempts: 5,
     lockTime: 600 * 1000, // lock time in ms
     useAPIKey: true,
+    depth: 0,
     cookies: {
       secure: false,
       sameSite: 'Lax',
diff --git a/src/auth/strategies/apiKey.js b/src/auth/strategies/apiKey.js
index 6cbe6352c6..1f6d48474d 100644
--- a/src/auth/strategies/apiKey.js
+++ b/src/auth/strategies/apiKey.js
@@ -35,6 +35,7 @@ module.exports = ({ operations }, { Model, config }) => {
         },
         req,
         overrideAccess: true,
+        depth: config.auth.depth,
       });
 
       if (userQuery.docs && userQuery.docs.length > 0) {
diff --git a/src/auth/strategies/jwt.js b/src/auth/strategies/jwt.js
index a8725780e8..1591fb72bc 100644
--- a/src/auth/strategies/jwt.js
+++ b/src/auth/strategies/jwt.js
@@ -37,11 +37,13 @@ module.exports = ({ config, collections, operations }) => {
           equals: token.email,
         };
       }
+
       const userQuery = await operations.collections.find({
         where,
         collection,
         req,
         overrideAccess: true,
+        depth: collection.config.auth.depth,
       });
 
       if (userQuery.docs && userQuery.docs.length > 0) {