diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 80583ad79b..2c0ca62876 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -477,7 +477,7 @@ class UsersController < ApplicationController
 
     authentication = UserAuthenticator.new(user, session)
 
-    if !authentication.has_authenticator? && !SiteSetting.enable_local_logins
+    if !authentication.has_authenticator? && !SiteSetting.enable_local_logins && !(current_user&.admin? && is_api?)
       return render body: nil, status: :forbidden
     end
 
diff --git a/spec/requests/users_controller_spec.rb b/spec/requests/users_controller_spec.rb
index 9bb8992c70..5d09c1031f 100644
--- a/spec/requests/users_controller_spec.rb
+++ b/spec/requests/users_controller_spec.rb
@@ -654,6 +654,30 @@ describe UsersController do
           expect(User.find_by(username: @user.username).user_option.timezone).to eq("Australia/Brisbane")
         end
       end
+
+      context "with local logins disabled" do
+        before do
+          SiteSetting.enable_local_logins = false
+          SiteSetting.enable_google_oauth2_logins = true
+        end
+
+        it "blocks registration without authenticator information" do
+          post_user
+          expect(response.status).to eq(403)
+        end
+
+        it "blocks with a regular api key" do
+          api_key = Fabricate(:api_key, user: user)
+          post "/u.json", params: post_user_params, headers: { HTTP_API_KEY: api_key.key }
+          expect(response.status).to eq(403)
+        end
+
+        it "works with an admin api key" do
+          api_key = Fabricate(:api_key, user: Fabricate(:admin))
+          post "/u.json", params: post_user_params, headers: { HTTP_API_KEY: api_key.key }
+          expect(response.status).to eq(200)
+        end
+      end
     end
 
     context 'when creating a non active user (unconfirmed email)' do