diff --git a/shibpolicy.json b/shibpolicy.json
index bf9162b..ee04b35 100644
--- a/shibpolicy.json
+++ b/shibpolicy.json
@@ -3,7 +3,10 @@
   "Statement": [
     {
       "Effect": "Allow",
-      "Action": "sts:AssumeRoleWithSAML",
+      "Action": [
+                "sts:AssumeRoleWithSAML",
+                "sts:TagSession"
+            ],
       "Principal": {
         "Federated": "arn:aws:iam::135656781587:saml-provider/SATOSA"
       },