diff --git a/app/controllers/form_controller.rb b/app/controllers/form_controller.rb
index 16740d90b..22693a203 100644
--- a/app/controllers/form_controller.rb
+++ b/app/controllers/form_controller.rb
@@ -241,7 +241,7 @@ class FormController < ApplicationController
 
   def enabled?
     return true if params[:test] && current_user && current_user.permissions?('admin.channel_formular')
-    return true if Setting.get('form_ticket_create')
+    return true if Setting.get('form_ticket_create') && Setting.get('customer_ticket_create')
     response_access_deny
     false
   end
diff --git a/test/controllers/form_controller_test.rb b/test/controllers/form_controller_test.rb
index 1eb9a844a..a90844a70 100644
--- a/test/controllers/form_controller_test.rb
+++ b/test/controllers/form_controller_test.rb
@@ -244,4 +244,28 @@ class FormControllerTest < ActionDispatch::IntegrationTest
     assert(result['error'])
   end
 
+  test '06 - customer_ticket_create false disables form' do
+    Setting.set('form_ticket_create', true)
+    Setting.set('customer_ticket_create', false)
+
+    fingerprint = SecureRandom.hex(40)
+
+    post '/api/v1/form_config', params: { fingerprint: fingerprint }.to_json, headers: @headers
+
+    result = JSON.parse(@response.body)
+    token = result['token']
+    params = {
+      fingerprint: fingerprint,
+      token: token,
+      name: 'Bob Smith',
+      email: 'discard@znuny.com',
+      title: 'test',
+      body: 'hello'
+    }
+
+    post '/api/v1/form_submit', params: params.to_json, headers: @headers
+
+    assert_response(401)
+  end
+
 end