diff --git a/services/web/app/src/Features/PasswordReset/PasswordResetController.mjs b/services/web/app/src/Features/PasswordReset/PasswordResetController.mjs
index b7fc2da9c8..771782c302 100644
--- a/services/web/app/src/Features/PasswordReset/PasswordResetController.mjs
+++ b/services/web/app/src/Features/PasswordReset/PasswordResetController.mjs
@@ -119,7 +119,11 @@ async function requestReset(req, res, next) {
     OError.tag(err, 'failed to generate and email password reset token', {
       email,
     })
-    if (err.message === 'user does not have permission for change-password') {
+
+    if (
+      err.message ===
+      'user does not have one or more permissions within change-password'
+    ) {
       return res.status(403).json({
         message: {
           key: 'no-password-allowed-due-to-sso',