diff --git a/authentik/stages/user_login/stage.py b/authentik/stages/user_login/stage.py
index d545d8559..4d4e184fd 100644
--- a/authentik/stages/user_login/stage.py
+++ b/authentik/stages/user_login/stage.py
@@ -5,6 +5,7 @@ from django.http import HttpRequest, HttpResponse
 from django.utils.translation import gettext as _
 from structlog.stdlib import get_logger
 
+from authentik.core.models import User
 from authentik.flows.planner import PLAN_CONTEXT_PENDING_USER
 from authentik.flows.stage import StageView
 from authentik.lib.utils.time import timedelta_from_string
@@ -32,9 +33,12 @@ class UserLoginStageView(StageView):
         backend = self.executor.plan.context.get(
             PLAN_CONTEXT_AUTHENTICATION_BACKEND, BACKEND_INBUILT
         )
+        user: User = self.executor.plan.context[PLAN_CONTEXT_PENDING_USER]
+        if not user.is_active:
+            LOGGER.warning("User is not active, login will not work.")
         login(
             self.request,
-            self.executor.plan.context[PLAN_CONTEXT_PENDING_USER],
+            user,
             backend=backend,
         )
         delta = timedelta_from_string(self.executor.current_stage.session_duration)
@@ -45,7 +49,7 @@ class UserLoginStageView(StageView):
         LOGGER.debug(
             "Logged in",
             backend=backend,
-            user=self.executor.plan.context[PLAN_CONTEXT_PENDING_USER],
+            user=user,
             flow_slug=self.executor.flow.slug,
             session_duration=self.executor.current_stage.session_duration,
         )
diff --git a/authentik/stages/user_login/tests.py b/authentik/stages/user_login/tests.py
index 0940324a6..9a43daa3b 100644
--- a/authentik/stages/user_login/tests.py
+++ b/authentik/stages/user_login/tests.py
@@ -109,3 +109,29 @@ class TestUserLoginStage(APITestCase):
                 },
             },
         )
+
+    def test_inactive_account(self):
+        """Test with a valid pending user and backend"""
+        self.user.is_active = False
+        self.user.save()
+        plan = FlowPlan(flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()])
+        plan.context[PLAN_CONTEXT_PENDING_USER] = self.user
+        session = self.client.session
+        session[SESSION_KEY_PLAN] = plan
+        session.save()
+
+        response = self.client.get(
+            reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug})
+        )
+
+        self.assertEqual(response.status_code, 200)
+        self.assertJSONEqual(
+            force_str(response.content),
+            {
+                "component": "xak-flow-redirect",
+                "to": reverse("authentik_core:root-redirect"),
+                "type": ChallengeTypes.REDIRECT.value,
+            },
+        )
+        response = self.client.get(reverse("authentik_api:application-list"))
+        self.assertEqual(response.status_code, 403)