diff --git a/doc/api/openapi/openapi_v2.yaml b/doc/api/openapi/openapi_v2.yaml
index 84b92a63a3dea2e2484170a1bba299789c478c3d..dd254b724072ef576e066de8aad4cea19c927f80 100644
--- a/doc/api/openapi/openapi_v2.yaml
+++ b/doc/api/openapi/openapi_v2.yaml
@@ -52075,12 +52075,12 @@ definitions:
         type: integer
         format: int32
         enum:
+        - 5
         - 10
         - 15
         - 20
         - 30
         - 40
-        - 5
         example: 40
       admin_merge_request:
         type: boolean
diff --git a/ee/lib/api/saml_group_links.rb b/ee/lib/api/saml_group_links.rb
index 95fcff7d9bc12ffdc8cd96f2ce26a0e5772adcc0..78da51cf00db40964813717a750815e8333a28f9 100644
--- a/ee/lib/api/saml_group_links.rb
+++ b/ee/lib/api/saml_group_links.rb
@@ -60,7 +60,7 @@ def find_saml_group_link_with_provider(group, saml_group_name, provider_param)
       end
       params do
         requires 'saml_group_name', type: String, desc: 'The name of a SAML group'
-        requires 'access_level', type: Integer, values: Gitlab::Access.all_values,
+        requires 'access_level', type: Integer, values: Gitlab::Access.values_with_minimal_access,
           desc: 'Level of permissions for the linked SA group'
         optional 'member_role_id', type: Integer, desc: 'The ID of the Member Role for the linked SA group'
         optional 'provider', type: String,
diff --git a/ee/lib/ee/gitlab/access.rb b/ee/lib/ee/gitlab/access.rb
index 9d9cb0bac85ea128f6bfe7bf66816aec4376e9a9..ce9563acbc19e8c005f9dd3347c93fdd670ba771 100644
--- a/ee/lib/ee/gitlab/access.rb
+++ b/ee/lib/ee/gitlab/access.rb
@@ -21,7 +21,7 @@ def vulnerability_access_levels
         end
 
         def options_with_minimal_access
-          options_with_owner.merge(MINIMAL_ACCESS_HASH)
+          MINIMAL_ACCESS_HASH.merge(options_with_owner)
         end
 
         def options_for_custom_roles
diff --git a/ee/spec/requests/api/saml_group_links_spec.rb b/ee/spec/requests/api/saml_group_links_spec.rb
index c9563a7a36c50409161b100c98dd7690c9377985..18fd502051e8d4cbd5439381311f07c7279a1dd6 100644
--- a/ee/spec/requests/api/saml_group_links_spec.rb
+++ b/ee/spec/requests/api/saml_group_links_spec.rb
@@ -198,6 +198,28 @@
           end
         end
 
+        context 'with minimal access level' do
+          let_it_be(:params) { { saml_group_name: "Test group", access_level: ::Gitlab::Access::MINIMAL_ACCESS } }
+
+          it 'creates a saml group link with minimal access level' do
+            expect { subject }.not_to change { group_with_saml_group_links.saml_group_links.count }
+            expect(response).to have_gitlab_http_status(:bad_request)
+            expect(json_response['message']).to include('Access level is invalid')
+          end
+
+          context 'with minimal access role licensed feature enabled' do
+            before do
+              stub_licensed_features(minimal_access_role: true, saml_group_sync: true)
+            end
+
+            it 'creates a saml group link with minimal access level' do
+              expect { subject }.to change { group_with_saml_group_links.saml_group_links.count }.by(1)
+
+              expect(json_response['access_level']).to eq(::Gitlab::Access::MINIMAL_ACCESS)
+            end
+          end
+        end
+
         context 'when providing a provider parameter' do
           let(:params) { super().merge(provider: 'saml_provider_1') }
 
diff --git a/spec/models/user_highest_role_spec.rb b/spec/models/user_highest_role_spec.rb
index 56a7e22871ab71d9a9ea86e4aff7acca50f8adaa..0894c3b20276361bd507a72f2100ba584fe9cce5 100644
--- a/spec/models/user_highest_role_spec.rb
+++ b/spec/models/user_highest_role_spec.rb
@@ -40,7 +40,7 @@
     end
 
     it 'returns all access values' do
-      expected_allowed_values << Gitlab::Access::MINIMAL_ACCESS if Gitlab.ee?
+      expected_allowed_values.unshift(Gitlab::Access::MINIMAL_ACCESS) if Gitlab.ee?
 
       expect(::UserHighestRole.allowed_values).to eq(expected_allowed_values)
     end