diff --git a/authentik/events/middleware.py b/authentik/events/middleware.py
index 9ecae5319..7c655b459 100644
--- a/authentik/events/middleware.py
+++ b/authentik/events/middleware.py
@@ -7,13 +7,14 @@ from django.conf import settings
 from django.contrib.sessions.models import Session
 from django.core.exceptions import SuspiciousOperation
 from django.db.models import Model
-from django.db.models.signals import post_save, pre_delete
+from django.db.models.signals import m2m_changed, post_save, pre_delete
 from django.http import HttpRequest, HttpResponse
 from django_otp.plugins.otp_static.models import StaticToken
 from guardian.models import UserObjectPermission
 
 from authentik.core.models import (
     AuthenticatedSession,
+    Group,
     PropertyMapping,
     Provider,
     Source,
@@ -58,6 +59,13 @@ def should_log_model(model: Model) -> bool:
     return model.__class__ not in IGNORED_MODELS
 
 
+def should_log_m2m(model: Model) -> bool:
+    """Return true if m2m operation should be logged"""
+    if model.__class__ in [User, Group]:
+        return True
+    return False
+
+
 class EventNewThread(Thread):
     """Create Event in background thread"""
 
@@ -96,6 +104,7 @@ class AuditMiddleware:
             return
         post_save_handler = partial(self.post_save_handler, user=request.user, request=request)
         pre_delete_handler = partial(self.pre_delete_handler, user=request.user, request=request)
+        m2m_changed_handler = partial(self.m2m_changed_handler, user=request.user, request=request)
         post_save.connect(
             post_save_handler,
             dispatch_uid=request.request_id,
@@ -106,6 +115,11 @@ class AuditMiddleware:
             dispatch_uid=request.request_id,
             weak=False,
         )
+        m2m_changed.connect(
+            m2m_changed_handler,
+            dispatch_uid=request.request_id,
+            weak=False,
+        )
 
     def disconnect(self, request: HttpRequest):
         """Disconnect signals"""
@@ -113,6 +127,7 @@ class AuditMiddleware:
             return
         post_save.disconnect(dispatch_uid=request.request_id)
         pre_delete.disconnect(dispatch_uid=request.request_id)
+        m2m_changed.disconnect(dispatch_uid=request.request_id)
 
     def __call__(self, request: HttpRequest) -> HttpResponse:
         self.connect(request)
@@ -167,3 +182,20 @@ class AuditMiddleware:
             user=user,
             model=model_to_dict(instance),
         ).run()
+
+    @staticmethod
+    def m2m_changed_handler(
+        user: User, request: HttpRequest, sender, instance: Model, action: str, **_
+    ):
+        """Signal handler for all object's m2m_changed"""
+        if action not in ["pre_add", "pre_remove"]:
+            return
+        if not should_log_m2m(instance):
+            return
+
+        EventNewThread(
+            EventAction.MODEL_UPDATED,
+            request,
+            user=user,
+            model=model_to_dict(instance),
+        ).run()
diff --git a/authentik/providers/oauth2/errors.py b/authentik/providers/oauth2/errors.py
index f82b434bd..2537d5de5 100644
--- a/authentik/providers/oauth2/errors.py
+++ b/authentik/providers/oauth2/errors.py
@@ -141,6 +141,7 @@ class AuthorizeError(OAuth2Error):
         ),
     }
 
+    # pylint: disable=too-many-arguments
     def __init__(
         self,
         redirect_uri: str,
diff --git a/authentik/root/settings.py b/authentik/root/settings.py
index ec742d3f8..22ccbdb9c 100644
--- a/authentik/root/settings.py
+++ b/authentik/root/settings.py
@@ -439,7 +439,6 @@ _LOGGING_HANDLER_MAP = {
     "fsevents": "WARNING",
 }
 for handler_name, level in _LOGGING_HANDLER_MAP.items():
-
     LOGGING["loggers"][handler_name] = {
         "handlers": ["console"],
         "level": level,