diff --git a/tests/Jellyfin.Server.Integration.Tests/Controllers/StartupControllerTests.cs b/tests/Jellyfin.Server.Integration.Tests/Controllers/StartupControllerTests.cs
index cf4b9dd712..bb38db1be4 100644
--- a/tests/Jellyfin.Server.Integration.Tests/Controllers/StartupControllerTests.cs
+++ b/tests/Jellyfin.Server.Integration.Tests/Controllers/StartupControllerTests.cs
@@ -1,3 +1,4 @@
+using System;
 using System.Net;
 using System.Net.Http;
 using System.Net.Http.Headers;
@@ -11,6 +12,7 @@ using Xunit.Priority;
 
 namespace Jellyfin.Server.Integration.Tests.Controllers
 {
+    [TestCaseOrderer(PriorityOrderer.Name, PriorityOrderer.Assembly)]
     public sealed class StartupControllerTests : IClassFixture<JellyfinApplicationFactory>
     {
         private readonly JellyfinApplicationFactory _factory;
@@ -23,7 +25,7 @@ namespace Jellyfin.Server.Integration.Tests.Controllers
 
         [Fact]
         [Priority(0)]
-        public async Task GetStartupConfiguration_EditConfig_Success()
+        public async Task Configuration_EditConfig_Success()
         {
             var client = _factory.CreateClient();
 
@@ -57,5 +59,58 @@ namespace Jellyfin.Server.Integration.Tests.Controllers
             Assert.Equal(newConfig.MetadataCountryCode, config2.MetadataCountryCode);
             Assert.Equal(newConfig.PreferredMetadataLanguage, config2.PreferredMetadataLanguage);
         }
+
+        [Fact]
+        [Priority(0)]
+        public async Task User_EditUser_Success()
+        {
+            var client = _factory.CreateClient();
+
+            using var res0 = await client.GetAsync("/Startup/User").ConfigureAwait(false);
+            Assert.Equal(HttpStatusCode.OK, res0.StatusCode);
+            Assert.Equal(MediaTypeNames.Application.Json, res0.Content.Headers.ContentType?.MediaType);
+
+            var content0 = await res0.Content.ReadAsStreamAsync().ConfigureAwait(false);
+            var user = await JsonSerializer.DeserializeAsync<StartupUserDto>(content0, _jsonOpions).ConfigureAwait(false);
+
+            user!.Name = "NewName";
+            user.Password = "NewPassword";
+
+            var req1 = JsonSerializer.SerializeToUtf8Bytes(user, _jsonOpions);
+            using var reqContent1 = new ByteArrayContent(req1);
+            reqContent1.Headers.ContentType = MediaTypeHeaderValue.Parse(MediaTypeNames.Application.Json);
+            var res1 = await client.PostAsync("/Startup/User", reqContent1).ConfigureAwait(false);
+            Assert.Equal(HttpStatusCode.NoContent, res1.StatusCode);
+
+            var res2 = await client.GetAsync("/Startup/User").ConfigureAwait(false);
+            Assert.Equal(HttpStatusCode.OK, res2.StatusCode);
+            Assert.Equal(MediaTypeNames.Application.Json, res2.Content.Headers.ContentType?.MediaType);
+
+            var content2 = await res2.Content.ReadAsStreamAsync().ConfigureAwait(false);
+            var user2 = await JsonSerializer.DeserializeAsync<StartupUserDto>(content2, _jsonOpions).ConfigureAwait(false);
+            Assert.Equal(user.Name, user2!.Name);
+            Assert.NotEmpty(user2.Password);
+            Assert.NotEqual(user.Password, user2.Password);
+        }
+
+        [Fact]
+        [Priority(1)]
+        public async Task CompleteWizard_Success()
+        {
+            var client = _factory.CreateClient();
+
+            var res = await client.PostAsync("/Startup/Complete", new ByteArrayContent(Array.Empty<byte>())).ConfigureAwait(false);
+            Assert.Equal(HttpStatusCode.NoContent, res.StatusCode);
+        }
+
+        [Fact]
+        [Priority(2)]
+        public async Task GetFirstUser_CompleteWizard_Unauthorized()
+        {
+            var client = _factory.CreateClient();
+
+            using var res0 = await client.GetAsync("/Startup/User").ConfigureAwait(false);
+            Assert.Equal(HttpStatusCode.Unauthorized, res0.StatusCode);
+        }
     }
 }