How to prevent login of a soft-deleted user?

I am trying to prevent the login of a soft-deleted user by adding the condition: only log the user in when the “Deleted Date” is empty

However, it doesn’t work—the user can still log in to the system.

So, I added a JavaScript check before the login action to display the condition’s result:

When I try to login, this is what I get:

Interestingly, when I enable the debugger in Step-by-Step mode, I get:

In the debugger, the condition result is correct, and it should prevent the login action from executing.

Why does the login action still execute and log the user in?

looks like a privacy rule to me. User fields are hidden from other users until you manually expose them.

Try creating a workflow with the event being User is logged in and then create a single action “Log the user out” with that condition and report back.

When you soft delete a user, it’s always an option to change their email + password so that they cannot login anymore. (Append random basic string)

In your particular case it seems like a privacy rule issue as the deleted date might be not accessible to logged out/other users.