diff --git a/doc/api/users.md b/doc/api/users.md
index e074bd44c7adb3982ff8c63ba5a36f0dd6d6d878..15fa397823e6d479bad4cdf5c7ace9dcdc6b7002 100644
--- a/doc/api/users.md
+++ b/doc/api/users.md
@@ -109,6 +109,7 @@ GET /users
 | `two_factor`       | string  | no       | Filter users by Two-factor authentication. Filter values are `enabled` or `disabled`. By default it returns all users |
 | `without_projects` | boolean | no       | Filter users without projects. Default is `false`, which means that all users are returned, with and without projects. |
 | `admins`           | boolean | no       | Return only admin users. Default is `false`                                 |
+| `saml_provider_id` **(PREMIUM)** | number | no     | Return only users created by the specified SAML provider ID. If not included, it returns all users. |
 
 ```json
 [
diff --git a/ee/app/finders/ee/users_finder.rb b/ee/app/finders/ee/users_finder.rb
index f91966a717284da9e1f310c36e1d090039dc2ae1..82d9375a519fcff9f73ac37d8021bb6687ce55c9 100644
--- a/ee/app/finders/ee/users_finder.rb
+++ b/ee/app/finders/ee/users_finder.rb
@@ -17,7 +17,7 @@ def by_non_ldap(users)
     end
 
     def by_saml_provider_id(users)
-      saml_provider_id = params[:by_saml_provider_id]
+      saml_provider_id = params[:saml_provider_id]
       return users unless saml_provider_id
 
       users.limit_to_saml_provider(saml_provider_id)
diff --git a/ee/lib/ee/api/helpers/users_helpers.rb b/ee/lib/ee/api/helpers/users_helpers.rb
index ecf2a23aab210b048c51ea7cdd97d189007d8672..80fdacdf24ed2d33364c10419024bc0d51642700 100644
--- a/ee/lib/ee/api/helpers/users_helpers.rb
+++ b/ee/lib/ee/api/helpers/users_helpers.rb
@@ -16,6 +16,7 @@ module UsersHelpers
 
           params :optional_index_params_ee do
             optional :skip_ldap, type: Grape::API::Boolean, default: false, desc: 'Skip LDAP users'
+            optional :saml_provider_id, type: Integer, desc: 'Return only users from the specified SAML provider Id'
           end
         end
       end
diff --git a/ee/spec/finders/users_finder_spec.rb b/ee/spec/finders/users_finder_spec.rb
index 362dba1a209013eaaca46eda2f3f991909ad489d..d8cc0facde31e8eeaa2f9d23f95f3fa4fa403d2b 100644
--- a/ee/spec/finders/users_finder_spec.rb
+++ b/ee/spec/finders/users_finder_spec.rb
@@ -40,7 +40,7 @@
         end
 
         it 'returns only saml users from the provided saml_provider_id' do
-          users = described_class.new(normal_user, by_saml_provider_id: saml_provider.id).execute
+          users = described_class.new(normal_user, saml_provider_id: saml_provider.id).execute
 
           expect(users).to contain_exactly(saml_user)
         end
diff --git a/ee/spec/requests/api/users_spec.rb b/ee/spec/requests/api/users_spec.rb
index 02cfcf9378559ff00d6ab5f88ea6a43a0573d007..454ac305ebd4b2e790fa63add3e081dbad768a1b 100644
--- a/ee/spec/requests/api/users_spec.rb
+++ b/ee/spec/requests/api/users_spec.rb
@@ -182,6 +182,26 @@
     end
   end
 
+  describe 'GET /api/users?saml_provider_id' do
+    context 'querying users by saml provider id' do
+      let(:group) { create(:group) }
+      let(:saml_provider) { create(:saml_provider, group: group, enabled: true, enforced_sso: true) }
+
+      it 'returns only users for the saml_provider_id' do
+        saml_user = create(:user)
+        create(:identity, provider: 'group_saml1', saml_provider_id: saml_provider.id, user: saml_user)
+        non_saml_user = create(:user)
+
+        get api("/users", user), params: { saml_provider_id: saml_provider.id }
+
+        expect(response).to match_response_schema('public_api/v4/user/basics')
+        expect(response).to include_pagination_headers
+        expect(json_response.map { |u| u['id'] }).to include(saml_user.id)
+        expect(json_response.map { |u| u['id'] }).not_to include(non_saml_user.id)
+      end
+    end
+  end
+
   describe 'GET /user/:id' do
     context 'when authenticated' do
       context 'as an admin' do