diff --git a/website/content/docs/concepts/policies.mdx b/website/content/docs/concepts/policies.mdx
index e58aa4c00..b0b462a53 100644
--- a/website/content/docs/concepts/policies.mdx
+++ b/website/content/docs/concepts/policies.mdx
@@ -451,11 +451,12 @@ constrain requests, using the following options:
     ```ruby
     # This allows the user to update the userpass auth method's user
     # configurations (e.g., "password") but cannot update the "token_policies"
-    # parameter value.
+    # and "policies" parameter values.
     path "auth/userpass/users/*" {
       capabilities = ["update"]
       denied_parameters = {
         "token_policies" = []
+        "policies" = []
       }
     }
     ```
diff --git a/website/content/partials/tokenfields.mdx b/website/content/partials/tokenfields.mdx
index 3629a6c3f..5cc49591a 100644
--- a/website/content/partials/tokenfields.mdx
+++ b/website/content/partials/tokenfields.mdx
@@ -5,6 +5,9 @@
   generated tokens. This current value of this will be referenced at renewal
   time.
 - `token_policies` `(array: [] or comma-delimited string: "")` - List of
+  token policies to encode onto generated tokens. Depending on the auth method, this
+  list may be supplemented by user/group/other values.
+- `policies` `(array: [] or comma-delimited string: "")` - List of token
   policies to encode onto generated tokens. Depending on the auth method, this
   list may be supplemented by user/group/other values.