diff --git a/assemblies/assembly-authentication-troubleshooting.adoc b/assemblies/assembly-authentication-troubleshooting.adoc
new file mode 100644
index 0000000000..36a78f9007
--- /dev/null
+++ b/assemblies/assembly-authentication-troubleshooting.adoc
@@ -0,0 +1,9 @@
+:_mod-docs-content-type: ASSEMBLY
+
+[id="authentication-troubleshooting"]
+
+= Troubleshooting authentication issues
+
+Learn how to troubleshoot authentication issues.
+
+include::modules/authentication/proc-reducing-token-size.adoc[leveloffset=+1]
diff --git a/assemblies/assembly-enabling-authentication.adoc b/assemblies/assembly-enabling-authentication.adoc
index be673067c5..4d496a0a0b 100644
--- a/assemblies/assembly-enabling-authentication.adoc
+++ b/assemblies/assembly-enabling-authentication.adoc
@@ -18,3 +18,5 @@ include::modules/authentication/proc-enabling-user-authentication-with-github.ad
 
 include::modules/authentication/proc-enabling-user-authentication-with-microsoft-azure.adoc[leveloffset=+1]
 
+include::assembly-authentication-troubleshooting.adoc[leveloffset=+1]
+
diff --git a/modules/authentication/proc-reducing-token-size.adoc b/modules/authentication/proc-reducing-token-size.adoc
new file mode 100644
index 0000000000..6a0931662e
--- /dev/null
+++ b/modules/authentication/proc-reducing-token-size.adoc
@@ -0,0 +1,20 @@
+:_mod-docs-content-type: PROCEDURE
+
+[id="reducing-token-size"]
+= Reducing the size of issued tokens
+
+By default, the authentication backend issues user identity tokens with ownership references of the user in the `ent` claim of the JSON Web Token (JWT) payload.
+This makes it easier for consumers of the token to resolve ownership of the user.
+However, depending on the structure of your organization and how you resolve ownership claims, the tokens can grow large and cause HTTP errors that prevent you from accessing parts of {product-very-short}.
+Use the `omitIdentityTokenOwnershipClaim` flag to remove the `ent` claim from tokens and reduce their size.
+
+.Procedure
+
+. In the `{my-app-config-file}` file, set `omitIdentityTokenOwnershipClaim` to `true` as follows:
++
+[source,yaml]
+----
+auth:
+  omitIdentityTokenOwnershipClaim: true
+----
+