diff --git a/app/models/user.rb b/app/models/user.rb
index 6b4808b84..2ff46ea61 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -142,4 +142,8 @@ class User < ApplicationRecord
   def can_toggle_active?(user)
     self != user && (support? || data_coordinator?)
   end
+
+  def valid_for_authentication?
+    super && active?
+  end
 end
diff --git a/spec/features/user_spec.rb b/spec/features/user_spec.rb
index a1cfb93e4..d5445c386 100644
--- a/spec/features/user_spec.rb
+++ b/spec/features/user_spec.rb
@@ -172,6 +172,22 @@ RSpec.describe "User Features" do
     end
   end
 
+  context "when the user is trying to log in with deactivated user" do
+    before do
+      user.update!(active: false)
+    end
+
+    it "shows a gov uk error summary and no flash message" do
+      visit("/logs")
+      fill_in("user[email]", with: user.email)
+      fill_in("user[password]", with: "pAssword1")
+      click_button("Sign in")
+      expect(page).to have_selector("#error-summary-title")
+      expect(page).to have_no_css(".govuk-notification-banner.govuk-notification-banner--success")
+      expect(page).to have_title("Error")
+    end
+  end
+
   context "when signed in as a data provider" do
     context "when viewing your account" do
       before do