diff --git a/src/main/scala/org/broadinstitute/dsde/workbench/sam/api/StandardSamUserDirectives.scala b/src/main/scala/org/broadinstitute/dsde/workbench/sam/api/StandardSamUserDirectives.scala
index 5c0ef7378..4b0573bea 100644
--- a/src/main/scala/org/broadinstitute/dsde/workbench/sam/api/StandardSamUserDirectives.scala
+++ b/src/main/scala/org/broadinstitute/dsde/workbench/sam/api/StandardSamUserDirectives.scala
@@ -49,11 +49,14 @@ trait StandardSamUserDirectives extends SamUserDirectives with LazyLogging with
   def asAdminServiceUser: Directive0 = requireOidcHeaders.flatMap { oidcHeaders =>
     Directives
       .mapInnerRoute { r =>
-        if (!adminConfig.serviceAccountAdmins.contains(oidcHeaders.email)) {
-          reject(AuthorizationFailedRejection)
-        } else {
+        if (
+          adminConfig.serviceAccountAdmins.contains(oidcHeaders.email) ||
+          isServiceAccountAdminUami(oidcHeaders)
+        ) {
           logger.info(s"Handling request for service admin account: ${oidcHeaders.email}")
           r
+        } else {
+          reject(AuthorizationFailedRejection)
         }
       }
       .tflatMap(_ => logAdminServiceAdminUserRequestResult(oidcHeaders))
@@ -110,6 +113,11 @@ trait StandardSamUserDirectives extends SamUserDirectives with LazyLogging with
     )
   }
 
+  private def isServiceAccountAdminUami(oidcHeaders: OIDCHeaders) = {
+    val maybeUamiEmail = oidcHeaders.externalId.map(b2cId => WorkbenchEmail(s"${b2cId.value}@uami.terra.bio")).toOption
+    oidcHeaders.email.value.isEmpty && maybeUamiEmail.isDefined && adminConfig.serviceAccountAdmins.contains(maybeUamiEmail.get)
+  }
+
   private def logAdminServiceAdminUserRequestResult(oidcHeaders: OIDCHeaders): Directive0 = {
     def logRequest(unusedLogger: LoggingAdapter)(req: HttpRequest)(res: RouteResult): Unit =
       res match {