diff --git a/server/router/api/v1/user_service.go b/server/router/api/v1/user_service.go
index a836a8c53..43adcd518 100644
--- a/server/router/api/v1/user_service.go
+++ b/server/router/api/v1/user_service.go
@@ -169,6 +169,17 @@ func (s *APIV1Service) CreateUser(ctx context.Context, request *v1pb.CreateUserR
 			// Unauthenticated or non-HOST users can only create normal users
 			roleToAssign = store.RoleUser
 		}
+
+		// Only allow user registration if it is enabled in the settings or user is superuser
+		if currentUser == nil || !isSuperUser(currentUser) {
+			workspaceGeneralSetting, err := s.Store.GetWorkspaceGeneralSetting(ctx)
+			if err != nil {
+				return nil, status.Errorf(codes.Internal, "failed to get workspace general setting, error: %v", err)
+			}
+			if workspaceGeneralSetting.DisallowUserRegistration {
+				return nil, status.Errorf(codes.PermissionDenied, "user registration is not allowed")
+			}
+		}
 	}
 
 	if !base.UIDMatcher.MatchString(strings.ToLower(request.User.Username)) {