diff --git a/app/user/rest.py b/app/user/rest.py
index b6c2c28e0..5b559e606 100644
--- a/app/user/rest.py
+++ b/app/user/rest.py
@@ -91,6 +91,17 @@ def update_user_attribute(user_id):
     return jsonify(data=user_schema.dump(user_to_update).data), 200
 
 
+@user_blueprint.route('/<uuid:user_id>/activate', methods=['POST'])
+def activate_user(user_id):
+    user = get_user_by_id(user_id=user_id)
+    if user.state == 'active':
+        raise InvalidRequest('User already active', status_code=400)
+
+    user.state = 'active'
+    save_model_user(user)
+    return jsonify(data=user_schema.dump(user).data), 200
+
+
 @user_blueprint.route('/<uuid:user_id>/reset-failed-login-count', methods=['POST'])
 def user_reset_failed_login_count(user_id):
     user_to_update = get_user_by_id(user_id=user_id)
diff --git a/tests/app/user/test_rest.py b/tests/app/user/test_rest.py
index 2a36d488e..25fd5fde0 100644
--- a/tests/app/user/test_rest.py
+++ b/tests/app/user/test_rest.py
@@ -558,3 +558,19 @@ def test_update_user_auth_type(admin_request, sample_user):
 
     assert resp['data']['id'] == str(sample_user.id)
     assert resp['data']['auth_type'] == 'email_auth'
+
+
+def test_activate_user(admin_request, sample_user):
+    sample_user.state = 'pending'
+
+    resp = admin_request.post('user.activate_user', user_id=sample_user.id)
+
+    assert resp['data']['id'] == str(sample_user.id)
+    assert resp['data']['state'] == 'active'
+    assert sample_user.state == 'active'
+
+
+def test_activate_user_fails_if_already_active(admin_request, sample_user):
+    resp = admin_request.post('user.activate_user', user_id=sample_user.id, _expected_status=400)
+    assert resp['message'] == 'User already active'
+    assert sample_user.state == 'active'