diff --git a/services/identity/src/client_service.rs b/services/identity/src/client_service.rs
--- a/services/identity/src/client_service.rs
+++ b/services/identity/src/client_service.rs
@@ -333,6 +333,17 @@
       ));
     };
 
+    if self
+      .client
+      .get_user_login_flow(&user_id)
+      .await?
+      .is_signed_device_list_flow()
+    {
+      return Err(tonic::Status::failed_precondition(
+        tonic_status_messages::USE_NEW_FLOW,
+      ));
+    }
+
     let flattened_device_key_upload =
       construct_flattened_device_key_upload(&message)?;
     self
@@ -484,6 +495,17 @@
       .get_user_id_from_user_info(wallet_address.clone(), &AuthType::Wallet)
       .await?
     {
+      if self
+        .client
+        .get_user_login_flow(&user_id)
+        .await?
+        .is_signed_device_list_flow()
+      {
+        return Err(tonic::Status::failed_precondition(
+          tonic_status_messages::USE_NEW_FLOW,
+        ));
+      }
+
       self
         .check_device_id_taken(&flattened_device_key_upload, Some(&user_id))
         .await?;
@@ -510,6 +532,17 @@
         ));
       };
 
+      if self
+        .client
+        .get_user_login_flow(&user_id)
+        .await?
+        .is_signed_device_list_flow()
+      {
+        return Err(tonic::Status::failed_precondition(
+          tonic_status_messages::USE_NEW_FLOW,
+        ));
+      }
+
       // It's possible that the user attempting login is already registered
       // on Ashoat's keyserver. If they are, we should try to register them if
       // they're on a mobile device, otherwise we should send back a gRPC status