diff --git a/README.md b/README.md
index 4bc88756..feba215d 100644
--- a/README.md
+++ b/README.md
@@ -218,6 +218,8 @@ You need the following permissions to run this module.
   - **VPC Infrastructure** service
     - `Administrator` platform access
     - `Manager` service access
+  - **IAM Identity Service** service
+    - `User API key creator` service access
 
 Optionally, you need the following permissions to attach Access Management tags to resources in this module.
 
diff --git a/ibm_catalog.json b/ibm_catalog.json
index 878b15a6..395c5a0d 100644
--- a/ibm_catalog.json
+++ b/ibm_catalog.json
@@ -56,9 +56,11 @@
           "iam_permissions": [
             {
               "role_crns": [
-                "crn:v1:bluemix:public:iam::::role:Administrator"
+                "crn:v1:bluemix:public:iam::::role:Administrator",
+                "crn:v1:bluemix:public:iam-identity::::serviceRole:UserApiKeyCreator"
               ],
-              "service_name": "iam-identity"
+              "service_name": "iam-identity",
+              "notes": "Allows IBM Cloud OpenShift to create the containers-kubernetes-key required by the service"
             },
             {
               "role_crns": [