diff --git a/packages/twenty-server/src/core/analytics/analytics.resolver.ts b/packages/twenty-server/src/core/analytics/analytics.resolver.ts
index e4564e233..c912dd52c 100644
--- a/packages/twenty-server/src/core/analytics/analytics.resolver.ts
+++ b/packages/twenty-server/src/core/analytics/analytics.resolver.ts
@@ -21,7 +21,7 @@ export class AnalyticsResolver {
   createEvent(
     @Args() createEventInput: CreateAnalyticsInput,
     @AuthWorkspace() workspace: Workspace | undefined,
-    @AuthUser() user: User | undefined,
+    @AuthUser({ allowUndefined: true }) user: User | undefined,
   ) {
     return this.analyticsService.create(createEventInput, user, workspace);
   }
diff --git a/packages/twenty-server/src/decorators/auth-user.decorator.ts b/packages/twenty-server/src/decorators/auth-user.decorator.ts
index b14e69523..77248f4fd 100644
--- a/packages/twenty-server/src/decorators/auth-user.decorator.ts
+++ b/packages/twenty-server/src/decorators/auth-user.decorator.ts
@@ -1,11 +1,23 @@
-import { ExecutionContext, createParamDecorator } from '@nestjs/common';
+import {
+  ExecutionContext,
+  ForbiddenException,
+  createParamDecorator,
+} from '@nestjs/common';
 
 import { getRequest } from 'src/utils/extract-request';
 
+interface DecoratorOptions {
+  allowUndefined?: boolean;
+}
+
 export const AuthUser = createParamDecorator(
-  (_: unknown, ctx: ExecutionContext) => {
+  (options: DecoratorOptions | undefined, ctx: ExecutionContext) => {
     const request = getRequest(ctx);
 
+    if (!options?.allowUndefined && (!request.user || !request.user.user)) {
+      throw new ForbiddenException("You're not authorized to do this");
+    }
+
     return request.user ? request.user.user : undefined;
   },
 );