diff --git a/ee/app/finders/ee/users_finder.rb b/ee/app/finders/ee/users_finder.rb
index c434d792acc6d4e1e755a261cac2504abb74635d..f91966a717284da9e1f310c36e1d090039dc2ae1 100644
--- a/ee/app/finders/ee/users_finder.rb
+++ b/ee/app/finders/ee/users_finder.rb
@@ -6,7 +6,8 @@ module UsersFinder
 
     override :execute
     def execute
-      by_non_ldap(super)
+      users = by_non_ldap(super)
+      by_saml_provider_id(users)
     end
 
     def by_non_ldap(users)
@@ -14,5 +15,12 @@ def by_non_ldap(users)
 
       users.non_ldap
     end
+
+    def by_saml_provider_id(users)
+      saml_provider_id = params[:by_saml_provider_id]
+      return users unless saml_provider_id
+
+      users.limit_to_saml_provider(saml_provider_id)
+    end
   end
 end
diff --git a/ee/spec/finders/users_finder_spec.rb b/ee/spec/finders/users_finder_spec.rb
index b833c2372002f1b2983690c69f0eb40970b29be2..362dba1a209013eaaca46eda2f3f991909ad489d 100644
--- a/ee/spec/finders/users_finder_spec.rb
+++ b/ee/spec/finders/users_finder_spec.rb
@@ -8,7 +8,7 @@
 
     context 'with a normal user' do
       context 'with LDAP users' do
-        let!(:ldap_user) { create(:omniauth_user, provider: 'ldap') }
+        let_it_be(:ldap_user) { create(:omniauth_user, provider: 'ldap') }
 
         it 'returns ldap users by default' do
           users = described_class.new(normal_user).execute
@@ -22,6 +22,29 @@
           expect(users).to contain_exactly(normal_user, blocked_user, omniauth_user, external_user, internal_user, admin_user)
         end
       end
+
+      context 'with SAML users' do
+        let_it_be(:group) { create(:group) }
+        let_it_be(:saml_provider) { create(:saml_provider, group: group, enabled: true, enforced_sso: true) }
+        let_it_be(:saml_user) { create(:user) }
+        let_it_be(:non_saml_user) { create(:user) }
+
+        before do
+          create(:identity, provider: 'group_saml1', saml_provider_id: saml_provider.id, user: saml_user)
+        end
+
+        it 'returns all users by default' do
+          users = described_class.new(normal_user).execute
+
+          expect(users).to contain_exactly(normal_user, blocked_user, omniauth_user, external_user, internal_user, admin_user, saml_user, non_saml_user)
+        end
+
+        it 'returns only saml users from the provided saml_provider_id' do
+          users = described_class.new(normal_user, by_saml_provider_id: saml_provider.id).execute
+
+          expect(users).to contain_exactly(saml_user)
+        end
+      end
     end
   end
 end