diff --git a/doc/source/policy_mapping.rst b/doc/source/policy_mapping.rst
index d3368fc929..eed57fde46 100644
--- a/doc/source/policy_mapping.rst
+++ b/doc/source/policy_mapping.rst
@@ -146,7 +146,7 @@ identity:remove_endpoint_group_from_project                DELETE /v3/OS-EP-FILT
 
 identity:create_identity_provider                          PUT /v3/OS-FEDERATION/identity_providers/{idp_id}
 identity:list_identity_providers                           GET /v3/OS-FEDERATION/identity_providers
-identity:get_identity_providers                            GET /v3/OS-FEDERATION/identity_providers/{idp_id}
+identity:get_identity_provider                             GET /v3/OS-FEDERATION/identity_providers/{idp_id}
 identity:update_identity_provider                          PATCH /v3/OS-FEDERATION/identity_providers/{idp_id}
 identity:delete_identity_provider                          DELETE /v3/OS-FEDERATION/identity_providers/{idp_id}
 
diff --git a/etc/policy.json b/etc/policy.json
index ddf2396272..efa84e9a34 100644
--- a/etc/policy.json
+++ b/etc/policy.json
@@ -147,7 +147,7 @@
 
     "identity:create_identity_provider": "rule:admin_required",
     "identity:list_identity_providers": "rule:admin_required",
-    "identity:get_identity_providers": "rule:admin_required",
+    "identity:get_identity_provider": "rule:admin_required",
     "identity:update_identity_provider": "rule:admin_required",
     "identity:delete_identity_provider": "rule:admin_required",
 
diff --git a/etc/policy.v3cloudsample.json b/etc/policy.v3cloudsample.json
index 9ba7173809..6c5bc0b1c0 100644
--- a/etc/policy.v3cloudsample.json
+++ b/etc/policy.v3cloudsample.json
@@ -174,7 +174,7 @@
 
     "identity:create_identity_provider": "rule:cloud_admin",
     "identity:list_identity_providers": "rule:cloud_admin",
-    "identity:get_identity_providers": "rule:cloud_admin",
+    "identity:get_identity_provider": "rule:cloud_admin",
     "identity:update_identity_provider": "rule:cloud_admin",
     "identity:delete_identity_provider": "rule:cloud_admin",
 
diff --git a/releasenotes/notes/bug-1703369-9a901d627a1e0316.yaml b/releasenotes/notes/bug-1703369-9a901d627a1e0316.yaml
new file mode 100644
index 0000000000..2d93d16ec0
--- /dev/null
+++ b/releasenotes/notes/bug-1703369-9a901d627a1e0316.yaml
@@ -0,0 +1,11 @@
+---
+security:
+  - |
+    [`bug 1703369 <https://bugs.launchpad.net/keystone/+bug/1703369>`_]
+    There was a typo for the identity:get_identity_provider rule in the
+    default ``policy.json`` file in previous releases. The default value for
+    that rule was the same as the default value for the default rule
+    (restricted to admin) so this typo was not readily apparent. Anyone
+    customizing this rule should review their settings and confirm that
+    they did not copy that typo. More context regarding the purpose of this
+    backport can be found in the bug report.