diff --git a/ee/lib/ee/gitlab/scim/base_provisioning_service.rb b/ee/lib/ee/gitlab/scim/base_provisioning_service.rb
index b6552b796a166a660031864ef538046beb5eed4d..d03e7af9a0e27498f13d96b879b91863998cd207 100644
--- a/ee/lib/ee/gitlab/scim/base_provisioning_service.rb
+++ b/ee/lib/ee/gitlab/scim/base_provisioning_service.rb
@@ -41,6 +41,14 @@ def valid_username
         def missing_params
           @missing_params ||= ([:extern_uid, :email, :username] - @parsed_hash.keys)
         end
+
+        def user_params
+          @parsed_hash.tap do |hash|
+            hash[:username] = valid_username
+            hash[:password] = hash[:password_confirmation] = random_password
+            hash[:password_automatically_set] = PASSWORD_AUTOMATICALLY_SET
+          end
+        end
       end
     end
   end
diff --git a/ee/lib/ee/gitlab/scim/group/provisioning_service.rb b/ee/lib/ee/gitlab/scim/group/provisioning_service.rb
index fd827272e41f37c2dc1abe2cb99517cf3928b05b..08ce169ed1ec60645326e148a1ac8ddbc4c32add 100644
--- a/ee/lib/ee/gitlab/scim/group/provisioning_service.rb
+++ b/ee/lib/ee/gitlab/scim/group/provisioning_service.rb
@@ -40,7 +40,7 @@ def user
           strong_memoize_attr :user
 
           def build_user
-            ::Users::AuthorizedBuildService.new(nil, user_params).execute
+            ::Users::AuthorizedBuildService.new(nil, group_user_params).execute
           end
 
           def build_scim_identity
@@ -63,15 +63,11 @@ def default_membership_role
             @group.saml_provider.default_membership_role
           end
 
-          def user_params
-            @parsed_hash.tap do |hash|
-              hash[:skip_confirmation] = SKIP_EMAIL_CONFIRMATION
+          def group_user_params
+            user_params.tap do |hash|
               hash[:saml_provider_id] = @group.saml_provider.id
               hash[:group_id] = @group&.id
               hash[:provider] = ::Users::BuildService::GROUP_SCIM_PROVIDER
-              hash[:username] = valid_username
-              hash[:password] = hash[:password_confirmation] = random_password
-              hash[:password_automatically_set] = PASSWORD_AUTOMATICALLY_SET
             end
           end
 
diff --git a/ee/lib/ee/gitlab/scim/provisioning_service.rb b/ee/lib/ee/gitlab/scim/provisioning_service.rb
index 42a0fdf1f8c6cad2dee8f9ce36dd9555de908f4b..6bdb3e102c6c5754160d5ab687857015ac53f048 100644
--- a/ee/lib/ee/gitlab/scim/provisioning_service.rb
+++ b/ee/lib/ee/gitlab/scim/provisioning_service.rb
@@ -44,15 +44,6 @@ def build_scim_identity
           )
         end
 
-        def user_params
-          @parsed_hash.tap do |hash|
-            hash[:skip_confirmation] = SKIP_EMAIL_CONFIRMATION
-            hash[:username] = valid_username
-            hash[:password] = hash[:password_confirmation] = random_password
-            hash[:password_automatically_set] = PASSWORD_AUTOMATICALLY_SET
-          end
-        end
-
         def existing_identity?
           identity&.persisted?
         end
diff --git a/ee/spec/lib/ee/gitlab/scim/group/provisioning_service_spec.rb b/ee/spec/lib/ee/gitlab/scim/group/provisioning_service_spec.rb
index 92179a6476c1d49d225887213a900ee624d93361..29c0d41372ba40fc7f5032dce64e74dbb32aadea 100644
--- a/ee/spec/lib/ee/gitlab/scim/group/provisioning_service_spec.rb
+++ b/ee/spec/lib/ee/gitlab/scim/group/provisioning_service_spec.rb
@@ -54,6 +54,12 @@
     end
 
     context 'when valid params' do
+      before do
+        # By default SAAS version setting is hard as per docs
+        # https://docs.gitlab.com/ee/user/gitlab_com/#email-confirmation
+        stub_application_setting_enum('email_confirmation_setting', 'hard')
+      end
+
       def user
         User.find_by(email: service_params[:email])
       end
diff --git a/ee/spec/lib/ee/gitlab/scim/provisioning_service_spec.rb b/ee/spec/lib/ee/gitlab/scim/provisioning_service_spec.rb
index a0aa165a33da8f390fa75a54fa14630c87a55b1d..561175775c5c54f82ff43833bf94dd58d11970e5 100644
--- a/ee/spec/lib/ee/gitlab/scim/provisioning_service_spec.rb
+++ b/ee/spec/lib/ee/gitlab/scim/provisioning_service_spec.rb
@@ -60,11 +60,27 @@ def user
         expect(user).to be_a(User)
       end
 
-      it 'user record requires confirmation' do
-        service.execute
+      context 'when email confirmation setting is set' do
+        using RSpec::Parameterized::TableSyntax
+
+        where(:email_confirmation_setting, :confirmed) do
+          'soft' | false
+          'hard' | false
+          'off' | true
+        end
 
-        expect(user).to be_present
-        expect(user).not_to be_confirmed
+        with_them do
+          before do
+            stub_application_setting_enum('email_confirmation_setting', email_confirmation_setting)
+          end
+
+          it "sets user confirmation according to setting" do
+            service.execute
+
+            expect(user).to be_present
+            expect(user.reload.confirmed?).to be(confirmed)
+          end
+        end
       end
 
       context 'when the current minimum password length is different from the default minimum password length' do