diff --git a/app/controllers/api/v1/admin/role_permissions_controller.rb b/app/controllers/api/v1/admin/role_permissions_controller.rb
index 4b15af3767bd0eb435a3d55e8a3e2e5b430fc2e6..b694807ca1ec6b23535b28228d3e32f35403cf85 100644
--- a/app/controllers/api/v1/admin/role_permissions_controller.rb
+++ b/app/controllers/api/v1/admin/role_permissions_controller.rb
@@ -56,7 +56,10 @@ module Api
         def create_default_room
           return unless role_params[:name] == 'CreateRoom' && role_params[:value] == true
 
-          User.includes(:rooms).where(role_id: role_params[:role_id]).where(rooms: { id: nil }).find_in_batches do |group|
+          User.includes(:rooms)
+              .with_provider(current_provider)
+              .where(role_id: role_params[:role_id])
+              .where(rooms: { id: nil }).find_in_batches do |group|
             group.each do |user|
               Room.create(name: t('room.new_room_name', username: user.name, locale: user.language), user_id: user.id)
             end
diff --git a/app/controllers/api/v1/reset_password_controller.rb b/app/controllers/api/v1/reset_password_controller.rb
index feea5ec0f0645c6cb9d7e2ca11ff93460134054e..2384fd832d3a2936fd3014ddcc9298d65a84ee07 100644
--- a/app/controllers/api/v1/reset_password_controller.rb
+++ b/app/controllers/api/v1/reset_password_controller.rb
@@ -30,7 +30,7 @@ module Api
         # TODO: Log events.
         return render_error unless params[:user]
 
-        user = User.find_by email: params[:user][:email].downcase
+        user = User.find_by email: params[:user][:email].downcase, provider: current_provider
 
         # Silently fail for unfound or external users.
         return render_data status: :ok unless user && !user.external_id?
diff --git a/app/controllers/api/v1/shared_accesses_controller.rb b/app/controllers/api/v1/shared_accesses_controller.rb
index 864478dd1cdd6cc1bf4b1f42e74614ca38f7bf40..f8a3340a350da8d5876346e9f65c85bc193c4696 100644
--- a/app/controllers/api/v1/shared_accesses_controller.rb
+++ b/app/controllers/api/v1/shared_accesses_controller.rb
@@ -73,6 +73,7 @@ module Api
 
         # Can't share the room if it's already shared or it's the room owner
         shareable_users = User.with_attached_avatar
+                              .with_provider(current_provider)
                               .where.not(id: [@room.shared_users.pluck(:id) << @room.user_id])
                               .where(role_id: [role_ids])
                               .name_search(params[:search])
diff --git a/app/controllers/api/v1/verify_account_controller.rb b/app/controllers/api/v1/verify_account_controller.rb
index a0e4430ad5448001475a2129eb12b09903ce8665..8e508fc0597c0e4f9821325c2578bd5d9b27b532 100644
--- a/app/controllers/api/v1/verify_account_controller.rb
+++ b/app/controllers/api/v1/verify_account_controller.rb
@@ -61,7 +61,7 @@ module Api
       def find_user_and_authorize
         return render_error status: :bad_request unless params[:user]
 
-        @user = User.find_by id: params[:user][:id]
+        @user = User.find_by id: params[:user][:id], provider: current_provider
         render_data status: :ok unless @user && !@user.verified?
       end
     end