diff --git a/auth/internal/transport/cert/secureconnect_cert.go b/auth/internal/transport/cert/secureconnect_cert.go
index 3227aba280c8..821e12b956d5 100644
--- a/auth/internal/transport/cert/secureconnect_cert.go
+++ b/auth/internal/transport/cert/secureconnect_cert.go
@@ -25,6 +25,7 @@ import (
 	"os/user"
 	"path/filepath"
 	"sync"
+	"syscall"
 	"time"
 )
 
@@ -62,7 +63,7 @@ func NewSecureConnectProvider(configFilePath string) (Provider, error) {
 
 	file, err := os.ReadFile(configFilePath)
 	if err != nil {
-		if errors.Is(err, os.ErrNotExist) {
+		if errors.Is(err, os.ErrNotExist) || errors.Is(err, syscall.ENOTDIR) {
 			// Config file missing means Secure Connect is not supported.
 			return nil, errSourceUnavailable
 		}
diff --git a/auth/internal/transport/cert/secureconnect_cert_test.go b/auth/internal/transport/cert/secureconnect_cert_test.go
index 994d355d8775..67ebc31b21d8 100644
--- a/auth/internal/transport/cert/secureconnect_cert_test.go
+++ b/auth/internal/transport/cert/secureconnect_cert_test.go
@@ -30,6 +30,16 @@ func TestSecureConnectSource_ConfigMissing(t *testing.T) {
 	}
 }
 
+func TestSecureConnectSource_ConfigNotDirMissing(t *testing.T) {
+	source, err := NewSecureConnectProvider("/dev/null/missing.json")
+	if got, want := err, errSourceUnavailable; !errors.Is(err, errSourceUnavailable) {
+		t.Fatalf("got %v, want %v", got, want)
+	}
+	if source != nil {
+		t.Errorf("got %v, want nil source", source)
+	}
+}
+
 func TestSecureConnectSource_GetClientCertificateSuccess(t *testing.T) {
 	source, err := NewSecureConnectProvider("testdata/context_aware_metadata.json")
 	if err != nil {