diff --git a/behat.yml b/behat.yml
index bb4d39a6..9c5b9a01 100644
--- a/behat.yml
+++ b/behat.yml
@@ -15,6 +15,8 @@ default:
         - SilverStripe\Framework\Tests\Behaviour\CmsUiContext
         - SilverStripe\BehatExtension\Context\BasicContext
         - SilverStripe\BehatExtension\Context\EmailContext
+        - SilverStripe\BehatExtension\Context\FixtureContext:
+            - '%paths.modules.mfa%/tests/Behat/features/files/'
         - SilverStripe\MFA\Tests\Behat\Context\LoginContext
         - SilverStripe\CMS\Tests\Behaviour\ThemeContext
   extensions:
diff --git a/composer.json b/composer.json
index 42aa7d2d..cb57ce6a 100644
--- a/composer.json
+++ b/composer.json
@@ -36,6 +36,7 @@
         "phpunit/phpunit": "^9.6",
         "squizlabs/php_codesniffer": "^3",
         "silverstripe/documentation-lint": "^1",
+        "silverstripe/frameworktest": "^1",
         "silverstripe/standards": "^1",
         "phpstan/extension-installer": "^1.3"
     },
diff --git a/src/Authenticator/LoginHandler.php b/src/Authenticator/LoginHandler.php
index b05486ec..f5b2e53c 100644
--- a/src/Authenticator/LoginHandler.php
+++ b/src/Authenticator/LoginHandler.php
@@ -491,6 +491,13 @@ public function redirectAfterSuccessfulLogin(): HTTPResponse
         }
         $request->getSession()->clear(static::SESSION_KEY . '.mustLogin');
 
+        // Deactivate sudo mode that was activated in doLogin()
+        $service = $this->getSudoModeService();
+        // Check if the service has a deactivate method, because it is not defined on the interface
+        if (method_exists($service, 'deactivate')) {
+            call_user_func([$service, 'deactivate'], $this->getRequest()->getSession());
+        }
+
         // Delegate to parent logic
         return parent::redirectAfterSuccessfulLogin();
     }
diff --git a/tests/Behat/features/files/blank.txt b/tests/Behat/features/files/blank.txt
new file mode 100644
index 00000000..e69de29b
diff --git a/tests/Behat/features/mfa-enabled.feature b/tests/Behat/features/mfa-enabled.feature
index 1e18da60..dee139f1 100644
--- a/tests/Behat/features/mfa-enabled.feature
+++ b/tests/Behat/features/mfa-enabled.feature
@@ -4,7 +4,8 @@ Feature: MFA is enabled for the site
   So that my site will be more secure
 
   Background:
-    Given I am logged in with "ADMIN" permissions
+    Given I add an extension "SilverStripe\FrameworkTest\SudoMode\ActivateSudoModeServiceExtension" to the "SilverStripe\Security\SudoMode\SudoModeService" class
+    And I am logged in with "ADMIN" permissions
     And I go to "/admin"
     Then I should see the CMS