diff --git a/src/routes/users.js b/src/routes/users.js
index 0a4c69d6f..2ea7f06f7 100644
--- a/src/routes/users.js
+++ b/src/routes/users.js
@@ -103,12 +103,14 @@ async function list(req, res, next) {
     const page = typeof req.query.page !== 'undefined' ? parseInt(req.query.page) : 1;
     if (!page || page < 0) return next(new HttpError(400, 'page query param has to be a postive number'));
 
-    const perPage = typeof req.query.per_page !== 'undefined'? parseInt(req.query.per_page) : 25;
+    const perPage = typeof req.query.per_page !== 'undefined' ? parseInt(req.query.per_page) : 25;
     if (!perPage || perPage < 0) return next(new HttpError(400, 'per_page query param has to be a postive number'));
 
     if (req.query.search && typeof req.query.search !== 'string') return next(new HttpError(400, 'search must be a string'));
 
-    let [error, results] = await safe(users.listPaged(req.query.search || null, page, perPage));
+    const active = typeof req.query.active !== 'undefined' ? ((req.query.active === '1' || req.query.active === 'true') ? true : false) : null;
+
+    let [error, results] = await safe(users.listPaged(req.query.search || null, active, page, perPage));
     if (error) return next(BoxError.toHttpError(error));
 
     results = results.map(users.removeRestrictedFields);
diff --git a/src/users.js b/src/users.js
index 5d991fa05..742adb397 100644
--- a/src/users.js
+++ b/src/users.js
@@ -428,8 +428,10 @@ async function list() {
     return results;
 }
 
-async function listPaged(search, page, perPage) {
+// if active is null then both active and inactive users are listed
+async function listPaged(search, active, page, perPage) {
     assert(typeof search === 'string' || search === null);
+    assert(typeof active === 'boolean' || active === null);
     assert.strictEqual(typeof page, 'number');
     assert.strictEqual(typeof perPage, 'number');
 
@@ -437,11 +439,20 @@ async function listPaged(search, page, perPage) {
 
     if (search) {
         query += ' WHERE ';
+        query += '(';
         query += '(LOWER(users.username) LIKE ' + mysql.escape(`%${search.toLowerCase()}%`) + ')';
         query += ' OR ';
         query += '(LOWER(users.email) LIKE ' + mysql.escape(`%${search.toLowerCase()}%`) + ')';
         query += ' OR ';
         query += '(LOWER(users.displayName) LIKE ' + mysql.escape(`%${search.toLowerCase()}%`) + ')';
+        query += ')';
+    }
+
+    if (active !== null) {
+        if (search) query += ' AND ';
+        else query += ' WHERE ';
+
+        query += 'users.active' + (!active ? ' IS NOT ' : ' IS ') + 'TRUE';
     }
 
     query += ` GROUP BY users.id ORDER BY users.username ASC LIMIT ${(page-1)*perPage},${perPage} `;