diff --git a/.github/workflows/deploy-preview.yml b/.github/workflows/deploy-preview.yml
index cef98e7..c399ede 100644
--- a/.github/workflows/deploy-preview.yml
+++ b/.github/workflows/deploy-preview.yml
@@ -27,10 +27,16 @@ jobs:
     timeout-minutes: 5
     permissions:
       pull-requests: read
+      contents: read
     outputs:
       is-fork: ${{ steps.check.outputs.is-fork }}
       is-authorized: ${{ steps.check.outputs.is-authorized }}
     steps:
+      - name: Verify user
+        uses: "deriv-com/shared-actions/.github/actions/verify_user_in_organization@v1"
+        with:
+            username: ${{github.event.pull_request.user.login}}
+            token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
       - name: Check PR source and permissions
         id: check
         uses: actions/github-script@v7
@@ -75,11 +81,6 @@ jobs:
       pull-requests: write
       contents: read
     steps:
-      - name: Verify user
-        uses: "deriv-com/shared-actions/.github/actions/verify_user_in_organization@v1"
-        with:
-            username: ${{github.event.pull_request.user.login}}
-            token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
       - name: Checkout repository
         uses: actions/checkout@v4
         with:
diff --git a/.github/workflows/deploy-production.yml b/.github/workflows/deploy-production.yml
index 9d6385c..7fc84ea 100644
--- a/.github/workflows/deploy-production.yml
+++ b/.github/workflows/deploy-production.yml
@@ -30,7 +30,14 @@ jobs:
     timeout-minutes: 5
     outputs:
       secrets-valid: ${{ steps.check-secrets.outputs.valid }}
+    permissions:
+      contents: read
     steps:
+      - name: Verify user
+        uses: "deriv-com/shared-actions/.github/actions/verify_user_in_organization@v1"
+        with:
+            username: ${{github.event.pull_request.user.login}}
+            token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
       - name: Validate Required Secrets
         id: check-secrets
         run: |
@@ -69,11 +76,6 @@ jobs:
       statuses: write
       contents: read
     steps:
-      - name: Verify user
-        uses: "deriv-com/shared-actions/.github/actions/verify_user_in_organization@v1"
-        with:
-            username: ${{github.event.pull_request.user.login}}
-            token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
       - name: Checkout repository
         uses: actions/checkout@v4
 
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 7b01cb5..ac6696d 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -28,7 +28,14 @@ jobs:
       name: github-pages
       url: ${{ steps.deployment.outputs.page_url }}
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     steps:
+      - name: Verify user
+        uses: "deriv-com/shared-actions/.github/actions/verify_user_in_organization@v1"
+        with:
+            username: ${{github.event.push.sender.login}}
+            token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
       - name: Checkout
         uses: actions/checkout@v4