diff --git a/server/auth/gatekeeper.go b/server/auth/gatekeeper.go
index 4574717456f9..653629806922 100644
--- a/server/auth/gatekeeper.go
+++ b/server/auth/gatekeeper.go
@@ -307,7 +307,8 @@ func (s *gatekeeper) rbacAuthorization(ctx context.Context, claims *types.Claims
 		namespaceAccount, err := s.getServiceAccount(claims, getNamespace(req))
 		if err != nil {
 			log.WithError(err).Info("Error while SSO Delegation")
-		} else if precedence(namespaceAccount) > precedence(loginAccount) {
+			return nil, err
+		} else {
 			delegatedAccount = namespaceAccount
 			ssoDelegated = true
 		}