diff --git a/server/auth/TokenManager.js b/server/auth/TokenManager.js
index faa6774a3..5efeb7a64 100644
--- a/server/auth/TokenManager.js
+++ b/server/auth/TokenManager.js
@@ -234,6 +234,13 @@ class TokenManager {
       }
 
       const user = await Database.userModel.getUserById(apiKey.userId)
+
+      if (!user?.isActive) {
+        // deny login
+        done(null, null)
+        return
+      }
+
       done(null, user)
     } else {
       // JWT based authentication