diff --git a/docs/pages/access-controls/idps/saml-reference.mdx b/docs/pages/access-controls/idps/saml-reference.mdx
index c559612b1caf3..c6a629cf9ce7b 100644
--- a/docs/pages/access-controls/idps/saml-reference.mdx
+++ b/docs/pages/access-controls/idps/saml-reference.mdx
@@ -159,10 +159,22 @@ service provider. You can verify this by looking for a log entry in Teleport's l
 
 If the Teleport server returns a `Not Found`, make sure that none of the roles belonging
 to your user have SAML IdP access explicitly disabled. In the `options` section of each
-of the user roles, look for the `idp` section for the `saml` access to be disabled.
+of the user roles, look for the `idp` section for the `saml` access to be disabled. Also,
+ensure the user's role allows the `list` and `read` action for the `saml_idp_service_provider`
+resource.
 
 ```yaml
 ...
+spec:
+  allow:
+    ...
+    rules:
+    - resources:
+      - saml_idp_service_provider
+      verbs:
+      - list
+      - read
+...
 options:
     ...
     idp: