diff --git a/packages/core/admin/ee/server/services/passport.js b/packages/core/admin/ee/server/services/passport.js
index d98ecdbba1..41fb940f99 100644
--- a/packages/core/admin/ee/server/services/passport.js
+++ b/packages/core/admin/ee/server/services/passport.js
@@ -9,7 +9,8 @@ const sso = require('./passport/sso');
 const { isSsoLocked } = require('../utils/sso-lock');
 
 const localStrategyMiddleware = async ([error, user, message], done) => {
-  if (await isSsoLocked(user)) {
+  // if we got a user, we need to check that it's not sso locked
+  if (user && !error && (await isSsoLocked(user))) {
     throw new UnauthorizedError('Login not allowed, please contact your administrator', {
       code: 'LOGIN_NOT_ALLOWED',
     });