diff --git a/ee/lib/ee/api/support/git_access_actor.rb b/ee/lib/ee/api/support/git_access_actor.rb
new file mode 100644
index 0000000000000000000000000000000000000000..dd6d1368126963af0b6c8cbc1c92318c52e35c96
--- /dev/null
+++ b/ee/lib/ee/api/support/git_access_actor.rb
@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module EE
+  module API
+    module Support
+      module GitAccessActor
+        extend ActiveSupport::Concern
+
+        class_methods do
+          extend ::Gitlab::Utils::Override
+
+          override :from_params
+          def from_params(params)
+            if params[:krb5principal]
+              new(user: ::User.by_provider_and_extern_uid(:kerberos, params[:krb5principal]).first)
+            else
+              super
+            end
+          end
+        end
+      end
+    end
+  end
+end
diff --git a/ee/spec/lib/ee/api/support/git_access_actor_spec.rb b/ee/spec/lib/ee/api/support/git_access_actor_spec.rb
new file mode 100644
index 0000000000000000000000000000000000000000..3db6cd926b0d6a5eb1e79c93ff5fb4e5aad92d5a
--- /dev/null
+++ b/ee/spec/lib/ee/api/support/git_access_actor_spec.rb
@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe API::Support::GitAccessActor do
+  describe '.from_params' do
+    context 'when passing a Kerberos principal' do
+      it 'finds the user based on a principal' do
+        principal = "test@TEST.TEST"
+        user = create(:omniauth_user, provider: :kerberos, extern_uid: principal)
+
+        expect(described_class.from_params({ krb5principal: principal }).user).to eq(user)
+      end
+    end
+  end
+end
diff --git a/lib/api/support/git_access_actor.rb b/lib/api/support/git_access_actor.rb
index f450630afdd95fd118523cf1c9830ee078509177..16861a146aed1e26f85c84562ec67e334bc9f449 100644
--- a/lib/api/support/git_access_actor.rb
+++ b/lib/api/support/git_access_actor.rb
@@ -57,3 +57,5 @@ def key_details
     end
   end
 end
+
+API::Support::GitAccessActor.prepend_mod_with('API::Support::GitAccessActor')