diff --git a/src/users.js b/src/users.js
index 6c65438af..04b63888e 100644
--- a/src/users.js
+++ b/src/users.js
@@ -159,7 +159,12 @@ function validatePassword(password) {
 
 // remove all fields that should never be sent out via REST API
 function removePrivateFields(user) {
-    return _.pick(user, 'id', 'username', 'email', 'fallbackEmail', 'displayName', 'groupIds', 'active', 'source', 'role', 'createdAt', 'twoFactorAuthenticationEnabled');
+    const result = _.pick(user, 'id', 'username', 'email', 'fallbackEmail', 'displayName', 'groupIds', 'active', 'source', 'role', 'createdAt', 'twoFactorAuthenticationEnabled');
+
+    // invite status indicator
+    result.inviteAccepted = !user.inviteToken;
+
+    return result;
 }
 
 // remove all fields that Non-privileged users must not see