diff --git a/server/channels/api4/ldap.go b/server/channels/api4/ldap.go
index 67beb67cce..84e91797db 100644
--- a/server/channels/api4/ldap.go
+++ b/server/channels/api4/ldap.go
@@ -433,7 +433,7 @@ func addUserToGroupSyncables(c *Context, w http.ResponseWriter, r *http.Request)
 		return
 	}
 
-	if user.AuthService != model.UserAuthServiceLdap {
+	if user.AuthService != model.UserAuthServiceLdap && (user.AuthService != model.UserAuthServiceSaml || !*c.App.Config().SamlSettings.EnableSyncWithLdap) {
 		c.Err = model.NewAppError("addUserToGroupSyncables", "api.user.add_user_to_group_syncables.not_ldap_user.app_error", nil, "", http.StatusBadRequest)
 		return
 	}
diff --git a/server/channels/api4/ldap_test.go b/server/channels/api4/ldap_test.go
index 150fe413ac..a35c1c890a 100644
--- a/server/channels/api4/ldap_test.go
+++ b/server/channels/api4/ldap_test.go
@@ -309,4 +309,28 @@ func TestAddUserToGroupSyncables(t *testing.T) {
 	resp, err = th.SystemAdminClient.AddUserToGroupSyncables(context.Background(), user.Id)
 	require.NoError(t, err)
 	CheckOKStatus(t, resp)
+
+	t.Run("should sync SAML users when SamlSettings.EnableSyncWithLdap is true", func(t *testing.T) {
+		id = model.NewId()
+		user = &model.User{
+			Email:       "test123@localhost",
+			Username:    model.NewId(),
+			AuthData:    &id,
+			AuthService: model.UserAuthServiceSaml,
+		}
+		user, err = th.App.Srv().Store().User().Save(th.Context, user)
+		require.NoError(t, err)
+
+		resp, err = th.Client.AddUserToGroupSyncables(context.Background(), user.Id)
+		require.Error(t, err)
+		CheckForbiddenStatus(t, resp)
+
+		th.App.UpdateConfig(func(cfg *model.Config) {
+			*cfg.SamlSettings.EnableSyncWithLdap = true
+		})
+
+		resp, err = th.SystemAdminClient.AddUserToGroupSyncables(context.Background(), user.Id)
+		require.NoError(t, err)
+		CheckOKStatus(t, resp)
+	})
 }
diff --git a/webapp/channels/src/components/admin_console/system_users/system_users_list_actions/index.tsx b/webapp/channels/src/components/admin_console/system_users/system_users_list_actions/index.tsx
index 84fecff353..f9b6bbe682 100644
--- a/webapp/channels/src/components/admin_console/system_users/system_users_list_actions/index.tsx
+++ b/webapp/channels/src/components/admin_console/system_users/system_users_list_actions/index.tsx
@@ -12,7 +12,8 @@ import type {UserProfile} from '@mattermost/types/users';
 import {updateUserActive} from 'mattermost-redux/actions/users';
 import {Permissions} from 'mattermost-redux/constants';
 import General from 'mattermost-redux/constants/general';
-import {getConfig, getLicense} from 'mattermost-redux/selectors/entities/general';
+import {getConfig} from 'mattermost-redux/selectors/entities/admin';
+import {getLicense} from 'mattermost-redux/selectors/entities/general';
 import {isSystemAdmin, isGuest} from 'mattermost-redux/utils/user_utils';
 
 import {adminResetMfa} from 'actions/admin_actions';
@@ -208,7 +209,7 @@ export function SystemUsersListAction({user, currentUser, tableId, rowIndex, onE
                 }}
             />
 
-            {config.EnableUserAccessTokens === 'true' &&
+            {config.ServiceSettings?.EnableUserAccessTokens &&
             <Menu.Item
                 id={`${menuItemIdPrefix}-manageTokens`}
                 labels={
@@ -244,7 +245,7 @@ export function SystemUsersListAction({user, currentUser, tableId, rowIndex, onE
                 }}
             />}
 
-            {user.mfa_active && config.EnableMultifactorAuthentication &&
+            {user.mfa_active && config.ServiceSettings?.EnableMultifactorAuthentication &&
             <Menu.Item
                 id={`${menuItemIdPrefix}-removeMFA`}
                 labels={
@@ -260,7 +261,7 @@ export function SystemUsersListAction({user, currentUser, tableId, rowIndex, onE
                 }}
             />}
 
-            {Boolean(user.auth_service) && config.ExperimentalEnableAuthenticationTransfer === 'true' &&
+            {Boolean(user.auth_service) && config.ServiceSettings?.ExperimentalEnableAuthenticationTransfer &&
             <Menu.Item
                 id={`${menuItemIdPrefix}-switchToEmailPassword`}
                 labels={
@@ -323,7 +324,7 @@ export function SystemUsersListAction({user, currentUser, tableId, rowIndex, onE
                     }));
                 }}
             />}
-            {!isGuest(user.roles) && user.id !== currentUser.id && isLicensed && config.EnableGuestAccounts === 'true' &&
+            {!isGuest(user.roles) && user.id !== currentUser.id && isLicensed && config.GuestAccountsSettings?.Enable &&
             <Menu.Item
                 id={`${menuItemIdPrefix}-demoteToGuest`}
                 labels={
@@ -364,7 +365,7 @@ export function SystemUsersListAction({user, currentUser, tableId, rowIndex, onE
                 />}
             </SystemPermissionGate>
             <SystemPermissionGate permissions={[Permissions.SYSCONSOLE_WRITE_USERMANAGEMENT_GROUPS]}>
-                {user.auth_service === Constants.LDAP_SERVICE &&
+                {(user.auth_service === Constants.LDAP_SERVICE || (user.auth_service === Constants.SAML_SERVICE && config.SamlSettings?.EnableSyncWithLdap)) &&
                 <Menu.Item
                     id={`${menuItemIdPrefix}-resyncUserViaLdapGroups`}
                     labels={