diff --git a/integration/user_api_test.go b/integration/user_api_test.go
index 6ed8f8da..6d18c857 100644
--- a/integration/user_api_test.go
+++ b/integration/user_api_test.go
@@ -182,7 +182,7 @@ func TestGetUser(t *testing.T) {
 			id: "ID-1",
 
 			token:   userBadTokenDisabled,
-			errCode: http.StatusUnauthorized, // TODO test with custom err before merge
+			errCode: http.StatusUnauthorized,
 		}, {
 			id: "ID-1",
 
diff --git a/server/user.go b/server/user.go
index a57ca769..64ce05d0 100644
--- a/server/user.go
+++ b/server/user.go
@@ -200,10 +200,6 @@ func (s *UserMgmtServer) getCreds(r *http.Request) (api.Creds, error) {
 		return api.Creds{}, err
 	}
 
-	if usr.Disabled {
-		return api.Creds{}, api.ErrorUnauthorized
-	}
-
 	isAdmin, err := s.cir.IsDexAdmin(clientID)
 	if err != nil {
 		log.Errorf("userMgmtServer: GetCreds err: %q", err)
diff --git a/user/api/api.go b/user/api/api.go
index cfc94ae3..2c072811 100644
--- a/user/api/api.go
+++ b/user/api/api.go
@@ -197,7 +197,7 @@ func (u *UsersAPI) ListUsers(creds Creds, maxResults int, nextPageToken string)
 }
 
 func (u *UsersAPI) Authorize(creds Creds) bool {
-	return creds.User.Admin
+	return creds.User.Admin && !creds.User.Disabled
 }
 
 func userToSchemaUser(usr user.User) schema.User {