diff --git a/modules/auth_saml/app/contracts/saml/providers/base_contract.rb b/modules/auth_saml/app/contracts/saml/providers/base_contract.rb
index 3e2a24ac82fe..2375f66cfb1c 100644
--- a/modules/auth_saml/app/contracts/saml/providers/base_contract.rb
+++ b/modules/auth_saml/app/contracts/saml/providers/base_contract.rb
@@ -64,6 +64,8 @@ def self.model
       attribute :authn_requests_signed
       validate :valid_certificate_key_pair
 
+      attribute :limit_self_registration
+
       %i[mapping_mail mapping_login mapping_firstname mapping_lastname].each do |attr|
         attribute attr
         validates_presence_of attr, if: -> { model.public_send(:"#{attr}_changed?") }
diff --git a/modules/auth_saml/app/models/saml/provider/hash_builder.rb b/modules/auth_saml/app/models/saml/provider/hash_builder.rb
index d6bfc89f6b5c..5cbf13df8d5a 100644
--- a/modules/auth_saml/app/models/saml/provider/hash_builder.rb
+++ b/modules/auth_saml/app/models/saml/provider/hash_builder.rb
@@ -72,6 +72,7 @@ def to_h # rubocop:disable Metrics/AbcSize
         name_identifier_format:,
         certificate:,
         private_key:,
+        limit_self_registration:,
         attribute_statements: formatted_attribute_statements,
         request_attributes: formatted_request_attributes,
         uid_attribute: mapping_uid.presence
diff --git a/modules/auth_saml/spec/factories/saml_provider_factory.rb b/modules/auth_saml/spec/factories/saml_provider_factory.rb
index a53c2c6857c6..1862fd4adca5 100644
--- a/modules/auth_saml/spec/factories/saml_provider_factory.rb
+++ b/modules/auth_saml/spec/factories/saml_provider_factory.rb
@@ -43,6 +43,8 @@
     idp_sso_service_url { "https://example.com/sso" }
     idp_slo_service_url { "https://example.com/slo" }
 
+    limit_self_registration { true }
+
     mapping_login { Saml::Defaults::MAIL_MAPPING }
     mapping_mail { Saml::Defaults::MAIL_MAPPING }
     mapping_firstname { Saml::Defaults::FIRSTNAME_MAPPING }
diff --git a/modules/auth_saml/spec/lib/open_project/auth_saml_spec.rb b/modules/auth_saml/spec/lib/open_project/auth_saml_spec.rb
index 263cd698e03d..89b3bdaa3bcd 100644
--- a/modules/auth_saml/spec/lib/open_project/auth_saml_spec.rb
+++ b/modules/auth_saml/spec/lib/open_project/auth_saml_spec.rb
@@ -15,6 +15,7 @@
       expect(subject[:assertion_consumer_service_url]).to eq "http://#{Setting.host_name}/auth/my-saml/callback"
       expect(subject[:idp_sso_service_url]).to eq "https://example.com/sso"
       expect(subject[:idp_slo_service_url]).to eq "https://example.com/slo"
+      expect(subject[:limit_self_registration]).to be true
 
       attributes = subject[:attribute_statements]
       expect(attributes[:email]).to eq Saml::Defaults::MAIL_MAPPING.split("\n")
@@ -30,5 +31,15 @@
       expect(security[:want_assertions_signed]).to be false
       expect(security[:want_assertions_encrypted]).to be false
     end
+
+    context "with limit_self_registration: false" do
+      let!(:provider) do
+        create(:saml_provider, slug: "my-saml", limit_self_registration: false)
+      end
+
+      it "includes the false value in the auth hash" do
+        expect(subject[:limit_self_registration]).to be false
+      end
+    end
   end
 end
diff --git a/modules/auth_saml/spec/requests/saml_provider_callback_spec.rb b/modules/auth_saml/spec/requests/saml_provider_callback_spec.rb
index 4069e63b8226..eabbb252d350 100644
--- a/modules/auth_saml/spec/requests/saml_provider_callback_spec.rb
+++ b/modules/auth_saml/spec/requests/saml_provider_callback_spec.rb
@@ -42,7 +42,8 @@
            digest_method: "http://www.w3.org/2001/04/xmlenc#sha256",
            sp_entity_id: "https://foobar.org",
            idp_cert:,
-           idp_cert_fingerprint:)
+           idp_cert_fingerprint:,
+           limit_self_registration: false)
   end
 
   let(:idp_cert) { nil }