diff --git a/src/auth/AuthManager.ts b/src/auth/AuthManager.ts
index c8adef9..21a7299 100644
--- a/src/auth/AuthManager.ts
+++ b/src/auth/AuthManager.ts
@@ -78,7 +78,16 @@ export class AuthManager {
 
     if (isLoggedIn) {
       if (this.serverType === ServerType.Sas9) {
-        await this.performCASSecurityCheck()
+        const casSecurityCheckResponse = await this.performCASSecurityCheck()
+
+        if (isPublicAccessDenied(casSecurityCheckResponse.result)) {
+          return {
+            isLoggedIn: false,
+            userName: this.userName || '',
+            userLongName: this.userLongName || '',
+            errorMessage: 'Public access has been denied.'
+          }
+        }
       }
 
       const { userName, userLongName } = await this.fetchUserName()
@@ -150,7 +159,6 @@ export class AuthManager {
     if (isLoggedIn) {
       if (this.serverType === ServerType.Sas9) {
         const casSecurityCheckResponse = await this.performCASSecurityCheck()
-
         if (isPublicAccessDenied(casSecurityCheckResponse.result)) {
           isLoggedIn = false
 
diff --git a/src/auth/spec/AuthManager.spec.ts b/src/auth/spec/AuthManager.spec.ts
index 1eb7392..521a24f 100644
--- a/src/auth/spec/AuthManager.spec.ts
+++ b/src/auth/spec/AuthManager.spec.ts
@@ -5,6 +5,7 @@ import axios from 'axios'
 import {
   mockedCurrentUserApi,
   mockLoginAuthoriseRequiredResponse,
+  mockLoginPublicAccessDeniedResponse,
   mockLoginSuccessResponse
 } from './mockResponses'
 import { serialize } from '../../utils'
@@ -213,6 +214,61 @@ describe('AuthManager', () => {
       expect(authCallback).toHaveBeenCalledTimes(1)
     })
 
+    it('should post a login & a cas_security request to the SAS9 server when not logged in & get rejected due to public access denied', async () => {
+      const serverType = ServerType.Sas9
+      const authManager = new AuthManager(
+        serverUrl,
+        serverType,
+        requestClient,
+        authCallback
+      )
+      jest.spyOn(authManager, 'checkSession').mockImplementation(() =>
+        Promise.resolve({
+          isLoggedIn: false,
+          userName: '',
+          userLongName: '',
+          loginForm: { name: 'test' }
+        })
+      )
+      mockedAxios.post.mockImplementation(() =>
+        Promise.resolve({ data: mockLoginSuccessResponse })
+      )
+      mockedAxios.get.mockImplementation(() =>
+        Promise.resolve({ data: mockLoginPublicAccessDeniedResponse })
+      )
+
+      const loginResponse = await authManager.logIn(userName, password)
+
+      expect(loginResponse.isLoggedIn).toBeFalse()
+      expect(loginResponse.userName).toEqual('')
+      expect(loginResponse.errorMessage).toEqual(
+        'Public access has been denied.'
+      )
+
+      const loginParams = serialize({
+        _service: 'default',
+        username: userName,
+        password,
+        name: 'test'
+      })
+      expect(mockedAxios.post).toHaveBeenCalledWith(
+        `/SASLogon/login`,
+        loginParams,
+        {
+          withCredentials: true,
+          headers: {
+            'Content-Type': 'application/x-www-form-urlencoded',
+            Accept: '*/*'
+          }
+        }
+      )
+      const casAuthenticationUrl = `${serverUrl}/SASStoredProcess/j_spring_cas_security_check`
+      expect(mockedAxios.get).toHaveBeenCalledWith(
+        `/SASLogon/login?service=${casAuthenticationUrl}`,
+        getHeadersJson
+      )
+    })
+
     it('should return empty username if unable to logged in', async () => {
       const authManager = new AuthManager(
         serverUrl,
@@ -422,6 +478,53 @@ describe('AuthManager', () => {
       expect(authCallback).toHaveBeenCalledTimes(1)
     })
 
+    it('should return error if public account access is denied', async () => {
+      const serverType = ServerType.Sas9
+      const authManager = new AuthManager(
+        serverUrl,
+        serverType,
+        requestClient,
+        authCallback
+      )
+      jest
+        .spyOn<any, any>(authManager, 'fetchUserName')
+        .mockImplementationOnce(() =>
+          Promise.resolve({
+            isLoggedIn: false,
+            userName: ''
+          })
+        )
+        .mockImplementationOnce(() =>
+          Promise.resolve({
+            isLoggedIn: true,
+            userName
+          })
+        )
+      mockedAxios.get.mockImplementation(() =>
+        Promise.resolve({ data: mockLoginPublicAccessDeniedResponse })
+      )
+
+      const loginResponse = await authManager.redirectedLogIn({})
+
+      expect(loginResponse.isLoggedIn).toBeFalse()
+      expect(loginResponse.userName).toEqual('')
+      expect(loginResponse.errorMessage).toEqual(
+        'Public access has been denied.'
+      )
+
+      expect(openWebPageModule.openWebPage).toHaveBeenCalledWith(
+        `/SASLogon`,
+        'SASLogon',
+        {
+          width: 500,
+          height: 600
+        },
+        undefined
+      )
+      expect(authManager['fetchUserName']).toHaveBeenCalledTimes(1)
+      expect(verifySas9LoginModule.verifySas9Login).toHaveBeenCalledTimes(1)
+    })
+
     it('should return empty username if user unable to re-login via pop up', async () => {
       const authManager = new AuthManager(
         serverUrl,
diff --git a/src/auth/spec/mockResponses.ts b/src/auth/spec/mockResponses.ts
index 4aaad1d..c032f9b 100644
--- a/src/auth/spec/mockResponses.ts
+++ b/src/auth/spec/mockResponses.ts
@@ -2,6 +2,7 @@ import { SasAuthResponse } from '@sasjs/utils/types'
 
 export const mockLoginAuthoriseRequiredResponse = `<form id="application_authorization" action="/SASLogon/oauth/authorize" method="POST"><input type="hidden" name="X-Uaa-Csrf" value="2nfuxIn6WaOURWL7tzTXCe"/>`
 export const mockLoginSuccessResponse = `You have signed in`
+export const mockLoginPublicAccessDeniedResponse = `Public access has been denied`
 
 export const mockAuthResponse: SasAuthResponse = {
   access_token: 'acc355',