diff --git a/website/source/api/auth/gcp/index.html.md b/website/source/api/auth/gcp/index.html.md
index 2b89c4f47d..a76210b523 100644
--- a/website/source/api/auth/gcp/index.html.md
+++ b/website/source/api/auth/gcp/index.html.md
@@ -41,6 +41,8 @@ to confirm signed JWTs passed in during login.
 
     If this value is empty, Vault will try to use [Application Default
     Credentials][gcp-adc] from the machine on which the Vault server is running.
+    
+    The project must have the `iam.googleapis.com` API [enabled](https://console.cloud.google.com/flows/enableapi?apiid=iam.googleapis.com).
 
 - `google_certs_endpoint` `(string:
   "https://www.googleapis.com/oauth2/v3/certs")`: The Google OAuth2 endpoint