diff --git a/packages/cli/src/sso/saml/saml.service.ee.ts b/packages/cli/src/sso/saml/saml.service.ee.ts
index cbeb3dee3a..fa63646f9d 100644
--- a/packages/cli/src/sso/saml/saml.service.ee.ts
+++ b/packages/cli/src/sso/saml/saml.service.ee.ts
@@ -145,8 +145,9 @@ export class SamlService {
 	}> {
 		const attributes = await this.getAttributesFromLoginResponse(req, binding);
 		if (attributes.email) {
+			const lowerCasedEmail = attributes.email.toLowerCase();
 			const user = await Db.collections.User.findOne({
-				where: { email: attributes.email },
+				where: { email: lowerCasedEmail },
 				relations: ['globalRole', 'authIdentities'],
 			});
 			if (user) {
diff --git a/packages/cli/src/sso/saml/samlHelpers.ts b/packages/cli/src/sso/saml/samlHelpers.ts
index d2d1c26a14..db2ad210e1 100644
--- a/packages/cli/src/sso/saml/samlHelpers.ts
+++ b/packages/cli/src/sso/saml/samlHelpers.ts
@@ -97,7 +97,8 @@ export function generatePassword(): string {
 export async function createUserFromSamlAttributes(attributes: SamlUserAttributes): Promise<User> {
 	const user = new User();
 	const authIdentity = new AuthIdentity();
-	user.email = attributes.email;
+	const lowerCasedEmail = attributes.email?.toLowerCase() ?? '';
+	user.email = lowerCasedEmail;
 	user.firstName = attributes.firstName;
 	user.lastName = attributes.lastName;
 	user.globalRole = await Container.get(RoleRepository).findGlobalMemberRoleOrFail();