diff --git a/app/Http/Controllers/Auth/LoginController.php b/app/Http/Controllers/Auth/LoginController.php
index b5f6c63c1..0802defcc 100644
--- a/app/Http/Controllers/Auth/LoginController.php
+++ b/app/Http/Controllers/Auth/LoginController.php
@@ -75,6 +75,7 @@ class LoginController extends Controller
         }
 
         //If the environment is set to ALWAYS require SAML, go straight to the SAML route.
+        //We don't need to check other settings, as this should override those.
         if((env("REQUIRE_SAML", false)))
         {
             return redirect()->route('saml.login');
@@ -207,6 +208,12 @@ class LoginController extends Controller
      */
     public function login(Request $request)
     {
+        //If the environment is set to ALWAYS require SAML, return access denied
+        if((env("REQUIRE_SAML", false)))
+        {
+            return view('errors.403');
+        }
+
         if (Setting::getSettings()->login_common_disabled == '1') {
             return view('errors.403');
         }