diff --git a/vault/policy_store.go b/vault/policy_store.go
index 2e143d4e34e1..1c103cba8fb9 100644
--- a/vault/policy_store.go
+++ b/vault/policy_store.go
@@ -84,6 +84,15 @@ path "sys/capabilities-self" {
     capabilities = ["update"]
 }
 
+# Allow a token to look up its own entity by id or name
+path "identity/entity/id/{{identity.entity.id}}" {
+  capabilities = ["read"]
+}
+path "identity/entity/name/{{identity.entity.name}}" {
+  capabilities = ["read"]
+}
+
+
 # Allow a token to look up its resultant ACL from all policies. This is useful
 # for UIs. It is an internal path because the format may change at any time
 # based on how the internal ACL features and capabilities change.