diff --git a/content/docs/administration/access-identity/oidc-client/gitlab-policies.png b/content/docs/administration/access-identity/oidc-client/gitlab-policies.png
new file mode 100644
index 000000000000..2e763abff0aa
Binary files /dev/null and b/content/docs/administration/access-identity/oidc-client/gitlab-policies.png differ
diff --git a/content/docs/administration/access-identity/oidc-client/gitlab.md b/content/docs/administration/access-identity/oidc-client/gitlab.md
index 98a4655241c6..cd935bb146b4 100644
--- a/content/docs/administration/access-identity/oidc-client/gitlab.md
+++ b/content/docs/administration/access-identity/oidc-client/gitlab.md
@@ -46,10 +46,10 @@ Please note that this guide provides step-by-step instructions based on the offi
 <!-- markdownlint-disable no-bare-urls -->
 * **Aud**: urn:pulumi:org:***org-name***
 
-**Sub**: project_path:***namespace***/***project***:ref_type:branch:ref:***branch-name***
-<!-- markdownlint-enable no-bare-urls -->
+* **Sub**: project_path:***namespace***/***project***:ref_type:branch:ref:***branch-name***
 <!-- markdownlint-enable no-bare-urls -->
 For further information about GitLab token claims, refer to the [official GitLab documentation](https://docs.gitlab.com/ci/secrets/id_token_authentication/).
+   ![Gitlab policy example](../gitlab-policies.png)
 5. Click on update
 
 ## Set up GitLab CI to use Pulumi OIDC authentication