diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index ea08909f7e3..5a662c90e49 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -208,10 +208,13 @@ class ApplicationController < ActionController::Base
   end
 
   def fetch_user_from_params
-    username_lower = params[:username].downcase
-    username_lower.gsub!(/\.json$/, '')
-
-    user = User.find_by(username_lower: username_lower)
+    user = if params[:username]
+      username_lower = params[:username].downcase
+      username_lower.gsub!(/\.json$/, '')
+      User.find_by(username_lower: username_lower)
+    elsif params[:external_id]
+      SingleSignOnRecord.find_by(external_id: params[:external_id]).try(:user)
+    end
     raise Discourse::NotFound.new if user.blank?
 
     guardian.ensure_can_see!(user)
diff --git a/config/routes.rb b/config/routes.rb
index ab2a09911d7..615308be3e4 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -211,6 +211,7 @@ Discourse::Application.routes.draw do
   get "users/:username/activity/:filter" => "users#show", constraints: {username: USERNAME_ROUTE_FORMAT}
   get "users/:username/badges" => "users#show", constraints: {username: USERNAME_ROUTE_FORMAT}
   delete "users/:username" => "users#destroy", constraints: {username: USERNAME_ROUTE_FORMAT}
+  get "users/by-external/:external_id" => "users#show"
 
   post "user_avatar/:username/refresh_gravatar" => "user_avatars#refresh_gravatar"
   get "letter_avatar/:username/:size/:version.png" => "user_avatars#show_letter",
diff --git a/spec/controllers/users_controller_spec.rb b/spec/controllers/users_controller_spec.rb
index b4e1e5e0639..b5cf1dc822b 100644
--- a/spec/controllers/users_controller_spec.rb
+++ b/spec/controllers/users_controller_spec.rb
@@ -25,6 +25,20 @@ describe UsersController do
       xhr :get, :show, username: user.username
       response.should be_forbidden
     end
+
+    context "fetching a user by external_id" do
+      before { user.create_single_sign_on_record(external_id: '997', last_payload: '') }
+
+      it "returns fetch for a matching external_id" do
+        xhr :get, :show, external_id: '997'
+        response.should be_success
+      end
+
+      it "returns not found when external_id doesn't match" do
+        xhr :get, :show, external_id: '99'
+        response.should_not be_success
+      end
+    end
   end
 
   describe '.user_preferences_redirect' do