diff --git a/cmd/config-current.go b/cmd/config-current.go
index addde2141..76f114a8d 100644
--- a/cmd/config-current.go
+++ b/cmd/config-current.go
@@ -355,7 +355,9 @@ func validateSubSysConfig(ctx context.Context, s config.Config, subSys string, o
 		}
 	case config.IdentityOpenIDSubSys:
 		if _, err := openid.LookupConfig(s,
-			NewHTTPTransport(), xhttp.DrainBody, globalSite.Region()); err != nil {
+			xhttp.WithUserAgent(NewHTTPTransport(), func() string {
+				return getUserAgent(getMinioMode())
+			}), xhttp.DrainBody, globalSite.Region()); err != nil {
 			return err
 		}
 	case config.IdentityLDAPSubSys:
diff --git a/cmd/iam.go b/cmd/iam.go
index 9b60f025e..07a5041f4 100644
--- a/cmd/iam.go
+++ b/cmd/iam.go
@@ -277,7 +277,9 @@ func (sys *IAMSys) Init(ctx context.Context, objAPI ObjectLayer, etcdClient *etc
 	for {
 		if !openidInit {
 			openidConfig, err := openid.LookupConfig(s,
-				NewHTTPTransport(), xhttp.DrainBody, globalSite.Region())
+				xhttp.WithUserAgent(NewHTTPTransport(), func() string {
+					return getUserAgent(getMinioMode())
+				}), xhttp.DrainBody, globalSite.Region())
 			if err != nil {
 				iamLogIf(ctx, fmt.Errorf("Unable to initialize OpenID: %w", err), logger.WarningKind)
 			} else {
diff --git a/internal/http/transports.go b/internal/http/transports.go
index 55fa9b380..fba86bd32 100644
--- a/internal/http/transports.go
+++ b/internal/http/transports.go
@@ -183,3 +183,23 @@ func (s ConnSettings) NewRemoteTargetHTTPTransport(insecure bool) func() *http.T
 		return tr
 	}
 }
+
+// uaTransport - User-Agent  transport
+type uaTransport struct {
+	ua string
+	rt http.RoundTripper
+}
+
+func (u *uaTransport) RoundTrip(req *http.Request) (*http.Response, error) {
+	req2 := req.Clone(req.Context())
+	req2.Header.Set("User-Agent", u.ua)
+	return u.rt.RoundTrip(req2)
+}
+
+// WithUserAgent wraps an existing transport with custom User-Agent
+func WithUserAgent(rt http.RoundTripper, getUA func() string) http.RoundTripper {
+	return &uaTransport{
+		ua: getUA(),
+		rt: rt,
+	}
+}