diff --git a/website/source/api/auth/jwt/index.html.md b/website/source/api/auth/jwt/index.html.md
index 812656cdd5..17b72b0ed1 100644
--- a/website/source/api/auth/jwt/index.html.md
+++ b/website/source/api/auth/jwt/index.html.md
@@ -124,6 +124,7 @@ entities attempting to login. At least one of the bound values must be set.
   source address for login requests. This value is also encoded into any
   resulting token.
 - `bound_claims` `(map: <optional>)` - If set, a map of claims/values to match against.
+  The expected value may be a single string or a list of strings.
 - `groups_claim` `(string: <optional>)` - The claim to use to uniquely identify
   the set of groups to which the user belongs; this will be used as the names
   for the Identity group aliases created due to a successful login. The claim
diff --git a/website/source/docs/auth/jwt.html.md b/website/source/docs/auth/jwt.html.md
index 541e56cefd..a49cb54cd0 100644
--- a/website/source/docs/auth/jwt.html.md
+++ b/website/source/docs/auth/jwt.html.md
@@ -43,6 +43,15 @@ to:
 
 Only JWTs containing both the "division" and "department" claims, and
 respective matching values of "Europe" and "Engineering", would be authorized.
+If the expected value is a list, the claim must match one of the items in the list.
+To limit authorization to a set of email addresses:
+
+```json
+{
+  "email": ["fred@example.com", "julie@example.com"]
+}
+```
+
 
 ### Claims as Metadata